Head of Cyber and Technology Risk

Full-time

UGAFODE Microfinance Limited is hiring a Head of Cyber and Technology Risk reporting to the Chief Executive Officer and is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected within compliance and risk perspectives of the business/institution. This position is critical to UGAFODE’s mission, ensuring our digital infrastructure supports our clients—ranging from small-scale entrepreneurs to growing businesses—while staying ahead of cyber risks in Uganda’s evolving financial landscape.

Location: Kampala, Uganda (assumed based on UGAFODE’s operations)

Key Accountabilities

Oversees the development, implementation and enforcement of Cyber and technology policy programs at UGAFODE.
Ensuring that information systems meet the needs of the institution, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the institution.
Ensures that UGAFODE maintains an up-to date enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships including but not limited to: Software and hardware asset inventory, Network maps (including boundaries, traffic and data flow) and network utilization & performance data.
Designs cybersecurity controls with the consideration of users at all levels of the institution, including internal (management & staff), external users (contractors/consultants, business partners and service providers).
Organizing professional cyber related trainings to improve technical proficiency of staff.
Ensures that regular and comprehensive cyber risk assessments are conducted within the institution.
Ensures adequate processes & tools are in place for monitoring IT systems to detect cyber and technology events and incidents in a timely manner.
Conducts reviews associated with exceptions/deviations to the approved cyber and technology policies and procedures and gain senior management approval for risk assessments.
Assessment of the confidentiality, integrity and availability of the information systems in the institution.
Reporting as agreed on the assessment of the effectiveness of the approved cybersecurity program, all material cyber and technology events that affected the institution, e.t.c.
Timely detection and action to identify compromises to the IT systems and controls and speedy rectification to avoid financial and operational losses.
Ensuring that the institution’s cyber security controls and procedures are up-to-date to prevent breaches of the Institution’s systems by internal and external actors.
Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.

Knowledge, Skills, and Experience Required

Minimum of Bachelor’s degree in Computer Science, MIS or equivalent, and any IT certification (e.g. CISCO Certified Network Associate (CCNA) etc.
At least 6 years’ experience with extensive knowledge of Information security within Banking environment including related statutory IT compliance regulations, IT and MIS banking policies & procedures, etc.
Specialist security certifications such as GSEC (GIAC Security Essentials), CISSP (Certified Information Systems Security Professional) or related field is an added advantage
Experience in leading teams.
Analytical mind with the ability to quickly get to the root cause of issues.
An overall understanding of relevant scripting and source code programming languages, such as C#, C++, .NET, Java, Perl, PHP, Python and others that are in use.
Excellent report writing skills.
Must have high degree of integrity and professionalism.

How to Apply

If you believe you meet the requirements as stated above, submit an application letter together with an up-to-date CV to our email: recruitment@ugafode.co.ug (mailto:recruitment@ugafode.co.ug). Save the Documents as Your Full Name & indicate the job title you are applying for in the Email Subject Line. Your applications should be addressed to the Head of Human Resources and the closing date for receiving all applications is 01st April 2025.

Note: UGAFODE provides equal opportunity in employment to all people and therefore, women are encouraged to apply.

About UGAFODE Microfinance Limited

Industry: Finance

Location: Uganda

UGAFODE Microfinance Limited, a leading financial institution in Uganda, is committed to safeguarding its digital assets and ensuring robust cybersecurity as it serves clients across the country. We’re seeking a Head of Cyber and Technology Risk to join our leadership team, protecting our systems in an era where technology drives banking innovation and cyber threats loom large. If you’re a seasoned IT professional ready to shape our security strategy, this is your chance to make an impact.