Oversees the development, implementation and enforcement of Cyber and technology policy programs at UGAFODE.
Ensuring that information systems meet the needs of the institution, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the institution.
Ensures that UGAFODE maintains an up-to date enterprise-wide knowledge base of its users, devices, applications, software licenses and their relationships including but not limited to: Software and hardware asset inventory, Network maps (including boundaries, traffic and data flow) and network utilization & performance data.
Designs cybersecurity controls with the consideration of users at all levels of the institution, including internal (management & staff), external users (contractors/consultants, business partners and service providers).
Organizing professional cyber related trainings to improve technical proficiency of staff.
Ensures that regular and comprehensive cyber risk assessments are conducted within the institution.
Ensures adequate processes & tools are in place for monitoring IT systems to detect cyber and technology events and incidents in a timely manner.
Conducts reviews associated with exceptions/deviations to the approved cyber and technology policies and procedures and gain senior management approval for risk assessments.
Assessment of the confidentiality, integrity and availability of the information systems in the institution.
Reporting as agreed on the assessment of the effectiveness of the approved cybersecurity program, all material cyber and technology events that affected the institution, e.t.c.
Timely detection and action to identify compromises to the IT systems and controls and speedy rectification to avoid financial and operational losses.
Ensuring that the institution’s cyber security controls and procedures are up-to-date to prevent breaches of the Institution’s systems by internal and external actors.
Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.