Job
Title: Risk
Analyst
Title: Risk
Analyst
Organisation:
National Information Technology Authority-Uganda (NITA-U)
National Information Technology Authority-Uganda (NITA-U)
Duty
Station: Kampala, Uganda
Station: Kampala, Uganda
Reports
to:
Information Security Compliance Manager
to:
Information Security Compliance Manager
About
US:
US:
The
National Information Technology Authority-Uganda (NITA-U) was established as a
statutory body under the National Information Technology Authority, Uganda Act,
2009 as one of the key players in the Information and Communications Technology
Sector. Its mandated is to coordinate, promote and monitor IT
National Information Technology Authority-Uganda (NITA-U) was established as a
statutory body under the National Information Technology Authority, Uganda Act,
2009 as one of the key players in the Information and Communications Technology
Sector. Its mandated is to coordinate, promote and monitor IT
development
within the context of national social and economic development, with a vision
as “a facilitator of a knowledge-based, globally competitive Uganda where
social transformation and economic development is supported through IT enabled
services.”
Job
Summary: The Risk Analyst will guide organizations
in performing security analysis and evaluating their risk exposure enabling
them improve their information security practices and posture as well as to
provide information assurance to their stakeholders.
Summary: The Risk Analyst will guide organizations
in performing security analysis and evaluating their risk exposure enabling
them improve their information security practices and posture as well as to
provide information assurance to their stakeholders.
Key
Duties and Responsibilities:
Duties and Responsibilities:
·
Carry out information security risk assessments to ensure appropriate
information security and business continuity controls exist in organizations
including describing and estimating the risks
Carry out information security risk assessments to ensure appropriate
information security and business continuity controls exist in organizations
including describing and estimating the risks
·
Identify and evaluate technology risks, mitigating controls, and opportunities
for control improvement
Identify and evaluate technology risks, mitigating controls, and opportunities
for control improvement
·
Evaluate organizations criteria for previous handling of risks
Evaluate organizations criteria for previous handling of risks
·
Offer technical support for organizational risk reporting in an appropriate
manner across strategic, tactical and operational levels
Offer technical support for organizational risk reporting in an appropriate
manner across strategic, tactical and operational levels
·
Providing support, education and training to staff to build capacity in risk
awareness, analysis and management within organizations
Providing support, education and training to staff to build capacity in risk
awareness, analysis and management within organizations
·
Regularly monitor systems and identify and report violations of risk limits.
Regularly monitor systems and identify and report violations of risk limits.
·
Evaluate the effectiveness of organizational controls, perform risk analysis
and management activities and develop appropriate mitigation plans.
Evaluate the effectiveness of organizational controls, perform risk analysis
and management activities and develop appropriate mitigation plans.
·
Suggest enhancements to organisational processes and policies to avoid
operational risks.
Suggest enhancements to organisational processes and policies to avoid
operational risks.
·
Undertake audits of organizational policies and compliance to National
standards, legislations and frameworks.
Undertake audits of organizational policies and compliance to National
standards, legislations and frameworks.
·
Analyse audit findings and assist in implementing audit recommendations.
Analyse audit findings and assist in implementing audit recommendations.
·
Support organizations develop effective risk registers.
Support organizations develop effective risk registers.
·
Review and recommend improvements to existing risk modelling techniques.
Review and recommend improvements to existing risk modelling techniques.
·
Perform procedures and assessments necessary to ensure the safety of
information assets.
Perform procedures and assessments necessary to ensure the safety of
information assets.
·
Support in the development of policies/Standards/Guidelines/ Best Practices.
Support in the development of policies/Standards/Guidelines/ Best Practices.
·
Keenly review business contracts, terms and scope to identify any risks.
Keenly review business contracts, terms and scope to identify any risks.
·
Propose new techniques and technologies for risk analysis and management.
Propose new techniques and technologies for risk analysis and management.
·
Perform any other duties as may be assigned.
Perform any other duties as may be assigned.
Qualifications,
Skills and Experience:
Skills and Experience:
·
The ideal candidate for the Risk Analyst job vacancy should hold a Bachelor’s
degree in Computer Science, Information Technology, Information Science,
Information Systems, Information Security or a related field from a recognized university
The ideal candidate for the Risk Analyst job vacancy should hold a Bachelor’s
degree in Computer Science, Information Technology, Information Science,
Information Systems, Information Security or a related field from a recognized university
·
Industry Certifications such as CRISC, CISA, ISO 27001 and ISO 31000, COBIT
will be of an advantage
Industry Certifications such as CRISC, CISA, ISO 27001 and ISO 31000, COBIT
will be of an advantage
·
A minimum of three years’ experience in Risk Management or Information Security
Management or ICT Audit consulting or in a related field.
A minimum of three years’ experience in Risk Management or Information Security
Management or ICT Audit consulting or in a related field.
·
Previous experience with Governance Risk and Compliance tools as well as
mechanisms
Previous experience with Governance Risk and Compliance tools as well as
mechanisms
·
Working knowledge of National information risk management frameworks and
standards
Working knowledge of National information risk management frameworks and
standards
·
Broad knowledge and understanding of Information Security
Broad knowledge and understanding of Information Security
·
IT background (infrastructure & application)
IT background (infrastructure & application)
·
Knowledge of Risk Management
Knowledge of Risk Management
·
Basic Knowledge of Project Methodology
Basic Knowledge of Project Methodology
·
Computer literacy i.e. proficiency in the use of Microsoft Word, Excel and
Power Point (Visio is a plus)
Computer literacy i.e. proficiency in the use of Microsoft Word, Excel and
Power Point (Visio is a plus)
·
Excellent analytical and problem –solving skills
Excellent analytical and problem –solving skills
·
Good Communication & interpersonal skill across strategic, tactical and
operational levels
Good Communication & interpersonal skill across strategic, tactical and
operational levels
·
Stakeholder Management skills
Stakeholder Management skills
·
Flexibility, persistence and willingness to work on a variety of
activities/tasks
Flexibility, persistence and willingness to work on a variety of
activities/tasks
·
Excellent organizational skills
Excellent organizational skills
Clearance:
The successful applicant will be subject to National Security Vetting in line
with the National Information Security Framework (NISF).
The successful applicant will be subject to National Security Vetting in line
with the National Information Security Framework (NISF).
How
to Apply:
to Apply:
All
candidates who meet the job requirements/specifications and with the right
personal attributes are invited to complete and submit their application form, download here, with a cover letter, supported
by curriculum vitae, copies of certificates and testimonials, and must specify
day time telephone contact, postal and email addresses of both the applicant
and three referees, to the address below.
candidates who meet the job requirements/specifications and with the right
personal attributes are invited to complete and submit their application form, download here, with a cover letter, supported
by curriculum vitae, copies of certificates and testimonials, and must specify
day time telephone contact, postal and email addresses of both the applicant
and three referees, to the address below.
The
Executive Director,
Executive Director,
National
Information Technology
Information Technology
Authority
– UGANDA (NITA-U),
– UGANDA (NITA-U),
Palm
Courts, Plot 7A, Rotary Avenue (former Lugogo bypass)
Courts, Plot 7A, Rotary Avenue (former Lugogo bypass)
P.O.
Box 33151, Kampala-Uganda
Box 33151, Kampala-Uganda
Tel:
0417 801 038
0417 801 038
Or
via email: hr@nita.go.ug (application must not
exceed 10MBs)
via email: hr@nita.go.ug (application must not
exceed 10MBs)
Applicants
must also submit with their application verifiable evidence supporting previous
relevant appointments such as appointment letters and employment contracts.
must also submit with their application verifiable evidence supporting previous
relevant appointments such as appointment letters and employment contracts.
Deadline:
21st October, 2016 by 17.00 hrs
21st October, 2016 by 17.00 hrs