IT RISK OFFICER

I&M Bank Uganda Is a Commercial Bank Headquartered At Kingdom Kampala With a Growing Regional Presence. The Bank Offers a Wide Range Of Commercial Banking And Financial Products And Services, And Prides Itself On Introducing Innovative Products And Services Based On The Needs Of Its Customers. We Are Seeking To Recruit a Competent And Highly Motivated Individual With Extensive Experience And Abilities To Support Business Growth In The Following PositionJOB TITLE: IT RISK OFFICERLOCATION: HEAD OFFICEREPORTS TO:

HEAD OF RISKJob PurposeThe role is responsible for overseeing the embedding and implementation of risk management process in the ICT and digital transformation initiatives, conduct control testing, collaborating the above functions to develop and implement risk management actions plans and to support in conducting incidents investigations to identify root cause and mitigation to manage any risks arising from such incidents. Key ResponsibilitiesGovernance Participate in the periodic review of ICT, Projects and Digital Business policies and procedures in liaison with the Business units to identify areas of potential improvement or weakness in risk management controls.

Review of policies and procedures includes other stakeholders as required. Participate in the periodic review of Risk Policies and Procedures in liaison with the other units in Risk & Compliance. Monitor implementation of ICT, Projects and Digital Business policies and procedures. Independent analysis and reporting of top ICT risks and their mitigation therein. Manage immediate reports to ensure IT & Digital Risk Management objectives and KPIs are met in a timely manner.

Risk Identification, Assessment, and MitigationImplementation of appropriate Enterprise Risk Management methodologies, Tools & TechniquesSupport and participate in the Unit Operational Risk and Compliance Committees for Business units across the bank with the respective Risk champions. Coordinating the implementation of the Risk & Control Self-Assessment (RCSA) framework across the various Business and Support unitsParticipate in the embedment of all new and emerging Technology and Digital risks into the business units’ registers. Review and follow up on the unit’s quarterly RCSAs to identify top risks, control gaps, issues raised and track for closure.

Providing day-to-day support and guidance to ICT, Digital and Projects functions and other stakeholders across the Bank on the identification, assessment, measurement and reporting of enterprise and process risk. Independent Digital and ICT third party risk assessments and technical due diligence. IT Risk assurance - Actively engaging in end-to-end risk remediation planning, resolution, and monitoring activities. i. e. (Patching, hardening, baseline controls for different OS and applications, application whitelisting etc.

)Support and participate in designing the Bank’s Key Risk Indicators framework (KRIs)Review the KRI reports from the ICT, Projects and Digital Business units and any other as assigned and report any outside approved tolerance limits i. e.

exceptions for follow up and action planningParticipate and support the risk owners to define key risk metrics for IT & Digital risks within the Business and Support functionsSupport the Implementation of the Incident management and loss data reporting frameworkEnsure that Change and Incident management procedures are implemented and report on gaps noted for remediationFollow up, track and analyze system incidences and other incidences to ensure proper identification of root cause and follow up on implementation of comprehensive action plans/measures to close loopholes by respective business units.

Support and participate in developing Control testing checklists in the Business units as per the Control Testing procedureActively participate in carrying out independent Control Testing at Business units, to ensure that policies and procedures are effectively implemented, discuss the test results with the business teams and follow up on closures of the action plans within the agreed timelinesFollow up with business units to update the risk registers accordingly after control testing findings to reflect the units control environment.

Support the preparation of reports for Management and BoardProject Risk managementSupport and participate in the control testing for all new and existing initiatives and projects being delivered and facilitate the reporting of potential risk exposures, the risk mitigations and tracking and reporting of risk remediation efforts. Participate in carrying out Risk assessments for project initiatives and process reviewsTraining and AwarenessAssist in raising awareness and providing training for bank employees on Risk policies and proceduresAuditFollow up and ensure that all open issues identified by auditors are adequately closed within the agreed time frame.

Educational RequirementsBachelor’s degree in computer science, Information Technology or related fieldA Relevant professional requirement such as CRISC (Certified in Risk and Information Systems Control (CRISC) CISA. Work ExperienceMinimum of 2 to 4 years progressive experience in a similar role preferably in financial institutions. Key Required Competencies & SkillsUnderstanding of financial/banking business operation. Excellent analytical, interpretive and problem-solving, communication and relationship skill. Strong understanding of systems security governance, compliance, and risk management principles. Strong Project Management skills.

Working knowledge of control and risk management concepts with the ability to evaluate digital and IT risk and control environment in liaison with business functions. Understanding of IT & Digital risk management/ measurement techniques. Demonstrable experience with developing/ IT and digital risk management framework, including compliance and monitoring program or related field. Proven ability to work across different areas of IT risk managementHaving experience in reviewing DPIAs and Data Risks would be an added advantage. A proactive self-starter. Behavioral CompetenciesHigh ethical standards and integrity. Resilience under pressure and ability to navigate crises effectively.

Adaptability to changing regulatory landscapes and evolving risk environments. Note: Deadline for this job posting is 31 August 2025 at 5: 00pm and only shortlisted candidates will be contacted.