JOB OPPORTUNITY

JOB ADVERT FOR INFORMATION & CYBERSECURITY OFFICER

JOB SUMMARY/PUPORSE

The Information and Cyber Security Officer is tasked with leading the information security function within the organization. This role involves overseeing the development, implementation, and management of the organization's cybersecurity strategy, policies, and procedures. The Information& Cyber Security Officer will make sure that all information systems are protected against cybersecurity threats and that the organization complies with relevant regulations and industry standards. The role reports administratively to the Chief Executive Officer (CEO) and functionally to the IT Board Committee.

MAIN RESPONSIBILITIES

Christ-centered character, and passion to serve underserved communities of Rwanda.

1. Cybersecurity Strategy

• Design and execute a robust cybersecurity strategy that aligns with organizational goals and regulatory requirements.
• Ensure the effective execution of the cybersecurity program across the organization.

2. Program Oversight and Enforcement

• Oversee the implementation of the cybersecurity program, ensuring compliance with regulatory standards.
• Recommend actions to address program shortfalls and enforce the organization’s cybersecurity policies.

3. Threat Modeling and Management

• Establish and keep threat modeling capabilities to detect, assess, and mitigate potential cybersecurity risks.
• create and keep threat profiles for identified threats to the organization.

4. Penetration Testing and Internal Assessments

• perform comprehensive penetration tests to detect vulnerabilities in the organization's systems.
• Perform regular internal security assessments and audits to ensure compliance with security standards and policies.

5. Incident Detection and Monitoring

• Detect cybersecurity incidents and track regularly for abnormal or unauthorized access to the organization's information systems.
• execute preventive and detective infrastructure to protect against unauthorized access and other malicious acts.

6. Incident Response and Recovery

• Incident Mitigation and Recovery: Respond to detected cybersecurity incidents to mitigate negative effects, recover from cyber-attacks, and promptly restore normal operations and services
• Incident Management and Coordination: create and keep an incident response plan, and organize with relevant stakeholders to effectively contain, investigate, and remediate security incidents.

7. Security Policies and Procedures Implementation

• execute preventive and detective infrastructure, policies, and procedures to protect the organization’s information systems and financial data from unauthorized access or malicious acts.
• Create and keep comprehensive security policies, standards, and guidelines that align with industry best practices and regulatory requirements.

8. Risk Identification and Assessment

• detect and assess internal and external cybersecurity risks that may threaten the security or integrity of non-public data on the organization’s information systems.
• perform regular risk and vulnerability assessments to detect weaknesses and recommend remediation measures.

9. Security Awareness and Training

• create and deliver training programs to educate employees on information security best practices, policies, and procedures.
• Foster a culture of security awareness and compliance within the organization.

10. Third-Party Relationship Management

• Evaluate the security posture of third-party vendors and service providers.
• make sure that appropriate security controls are in place and that contracts include relevant security clauses.

11. Industry Trends and Compliance

• Continuously track industry trends, emerging technologies, and new threats to ensure the organization’s security controls remain effective.
• keep knowledge of relevant laws, regulations, and compliance requirements.

12. Reporting and Communication

• deliver regular reports to the CEO and the IT Board Committee on the status of information security initiatives, risks, incidents, and compliance.
• Effectively communicate cybersecurity risks and strategies to non-technical stakeholders.

REQUIREMENTS OF THE ROLE

1. Bachelor’s degree in computer science, Information Technology, or a related field.
2. Professional certifications in information security, such as CEH, CISSP, CISM, or CISA, are highly desirable. 
3. 2- 3 years of full-time work experience in Information Security or related field preferably in banking or financial services, Telecom or any related field. 
4. Good knowledge of information security management or related functions (such as IT audit or IT Risk Management) will be an added advantage. 
5. A good understanding of technical IT roles such as IT architecture, development, or operations, with a clear and abiding interest in information security and system controls. 
6. Ability to work independently, meet deadlines and motivate others to do the same. 
7. Strong understanding of information security principles, standards, and best practices. 
8. Familiarity with regulatory requirements related to cybersecurity, data protection, privacy, and financial services. 
9. Knowledge of network and systems administration, including firewalls, intrusion detection systems, and vulnerability scanning tools. 
10. Experience in developing and implementing security policies, procedures, and standards. 
11. Ability to perform risk assessments, vulnerability assessments, and security audits. 
12. Excellent communication and interpersonal skills to effectively train and educate staff members on security best practices. 
13. Strong problem-solving and analytical skills to detect and address security issues. 
14. Knowledge of financial sector and understanding of Christian organizational values is a plus. 

How to apply

All interested candidates fulfilling the above job requirements are requested to submit the following documents to urwegohr@urwegobank.com not later than 3rd July 2026 before 5PM. Please send documents as one folder with the position you are applying for as the subject.

Application letter explaining your suitability for The Information & Cybersecurity Officer

• Curriculum vitae (CV)
• Notarized copies of academic documents.
• 3 referees that are not blood relatives with their full address/contact.
• Church Recommendation.
• Statement of Faith.
• Copy of your National ID.
• Valid Criminal Record 

Done at Kigali: Wednesday 17th June 2026

Only shortlisted Candidates shall be contacted for the test and interview.

Best of Luck!

Human Resources Department 

Urwego Finance