JOB PURPOSE.

The Information Security Assurance Officer is responsible for providing independent assurance that the organization’s security controls, policies, and procedures are operating effectively and comply with regulatory requirements, internal standards, and industry’s best practices. The role supports continuous monitoring, testing control, and security governance to ensure the organization maintains a strong security posture.

KEY RESPONSIBILITIES.

• Conduct regular assessments and testing of information security controls across systems, applications, infrastructure, and processes.


• Validate the effectiveness of implemented security controls aligned with regulatory and internal requirements.


• Perform control reviews against frameworks such as ISO 27001, NIST CSF, CIS Controls, COBIT, and regulatory guidelines.


• Identify control gaps and recommend remediation actions.


• Monitor compliance with internal information security policies, standards, and procedures.


• Support compliance with regulatory requirements including central bank guidelines, data protection laws, and other industry regulations.


• Maintain security compliance evidence for regulatory inspections and internal Support periodic information security risk assessments.


• Evaluate risks associated with new systems, technologies, and business initiatives.


• Review risk treatment plans and monitor remediation progress.


• Conduct periodic security assurance reviews across departments.


• Review privileged access management, identity management, system hardening, and security configurations.


• Validate implementation of security baselines.


• Act as a liaison between Information Security and Internal/External Auditors.


• Support internal and external security audits.


• Track and monitor closure of audit findings related to information security.


• Develop and maintain security assurance dashboards and reports.


• Provide regular updates to management on security control effectiveness.


• Track remediation status for identified security gaps.


• Review third-party security assessments and vendor compliance with security requirements.


• Validate implementation of contractual security controls.


• Recommend improvements to security governance frameworks, policies, and standards.


• Contribute to the enhancement of the organization’s cybersecurity maturity.

KEY ATTRIBUTES

• Analytical & Detail-Oriented: Skilled at dissecting processes and configurations to identify control gaps.


• Communication: Able to translate technical gaps into clear, business-focused recommendations.


• Ethical Judgment: Maintains confidentiality and objectivity.


• Project Management: Organized in coordinating multiple assessment engagements and follow-ups.


• Collaboration: Works effectively with IT, risk, and business units to drive remediation.

REQUIREMENTS

• Bachelor’s degree in information technology, Computer Science, or related field.


• 3–5 years’ experience in security control assessments, compliance reviews, or related assurance activities ideally in banking or financial services.


• Strong knowledge of ISO 27001, NIST, COBIT, and Bank of Uganda Cyber Guidelines.


• Familiarity with data-protection regulations (e.g., Uganda Data Protection & Privacy Act).


• Certificates such as Information Systems Auditor (CISA), ISO/IEC 27001 Lead Implementer or Lead Auditor, Risk and Information Systems Control (CRISC) will be considered as an added advantage.

• Conduct regular assessments and testing of information security controls across systems, applications, infrastructure, and processes.


• Validate the effectiveness of implemented security controls aligned with regulatory and internal requirements.


• Perform control reviews against frameworks such as ISO 27001, NIST CSF, CIS Controls, COBIT, and regulatory guidelines.


• Identify control gaps and recommend remediation actions.


• Monitor compliance with internal information security policies, standards, and procedures.


• Support compliance with regulatory requirements including central bank guidelines, data protection laws, and other industry regulations.


• Maintain security compliance evidence for regulatory inspections and internal Support periodic information security risk assessments.


• Evaluate risks associated with new systems, technologies, and business initiatives.


• Review risk treatment plans and monitor remediation progress.


• Conduct periodic security assurance reviews across departments.


• Review privileged access management, identity management, system hardening, and security configurations.


• Validate implementation of security baselines.


• Act as a liaison between Information Security and Internal/External Auditors.


• Support internal and external security audits.


• Track and monitor closure of audit findings related to information security.


• Develop and maintain security assurance dashboards and reports.


• Provide regular updates to management on security control effectiveness.


• Track remediation status for identified security gaps.


• Review third-party security assessments and vendor compliance with security requirements.


• Validate implementation of contractual security controls.


• Recommend improvements to security governance frameworks, policies, and standards.


• Contribute to the enhancement of the organization’s cybersecurity maturity.

• Analytical & Detail-Oriented


• Communication


• Ethical Judgment


• Project Management


• Collaboration

• Bachelor’s degree in information technology, Computer Science, or related field.


• Strong knowledge of ISO 27001, NIST, COBIT, and Bank of Uganda Cyber Guidelines.


• Familiarity with data-protection regulations (e.g., Uganda Data Protection & Privacy Act).


• Certificates such as Information Systems Auditor (CISA), ISO/IEC 27001 Lead Implementer or Lead Auditor, Risk and Information Systems Control (CRISC) will be considered as an added advantage.