PRIME JOBS
DFCU logo

Manager - Applications Security

DFCU

Category
Technology
Deadline
2nd December 2025
Location
Kampala

About DFCU

For over 60 years, we have been delivering innovative and trusted banking solutions, empowering individuals and businesses with financial services tailored to their needs. A subsidiary of dfcu Limited, dfcu Bank is a leading banking and financial services company domiciled in Uganda. It came into existence in May 2000 following dfcu’s acquisition of Gold Trust Bank to extend universal banking services alongside the pre-existing equity finance; long-term development finance; leasing and working capital finance. dfcu Limited was started by the Commonwealth Development Corporation (CDC) of the United Kingdom and the Government of Uganda through the Uganda Development Corporation (UDC) under the name of Development Finance Company of Uganda Limited. Subsequent restructuring saw the International Finance Corporation (IFC) and the German Development Corporation (DEG) invest resulting in an equal stake of 25% for the shareholders. Its objective was to support long-term development projects whose financing needs and risk did not appeal to the then-existing financial commercial lending institutions. dfcu Limited was incorporated under the Laws of Uganda on the 14th of May 1964, as a Private Limited Liability Company. In 1999, dfcu acquired Uganda Leasing Company which became dfcu Leasing, to provide direct asset-based finance. On 18th March 2004, dfcu Limited went public subsequently being listed on the Uganda Securities Exchange on the 14th of October 2004.

Job Description

Reporting to the Senior Manager- Cyber Security Assurance, the Manager- Applications Security is responsible for providing governance and oversight for application security across the enterprise by establishing standards, embedding standards within the development process, prioritizing assessments, reviewing results, and ensuring timely remediation and reporting of security risks to senior management.

Responsibilities

  • Implement and enforce application security baseline standards across all systems.

  • Define and maintain application security assessment priorities based on business criticality, risk exposure, and compliance needs.

  • Integrate security into the software development lifecycle and product design.

  • Establish secure coding practices and ensure continuous security testing within CI/CD pipelines.

  • Oversee execution of application security assessments, including static (SAST), dynamic (DAST), interactive (IAST), and manual reviews.

  • Review assessment outputs, validate findings, and ensure risk-based remediation recommendations are tracked to closure.

  • Oversee vulnerability assessments, penetration testing, and red team simulations.

  • Ensure timely remediation of identified risks and communicate critical findings to stakeholders.

  • Support internal and external audits by providing evidence of control effectiveness related to application security.

  • Ensure compliance with applicable standards and frameworks (e.g., OWASP ASVS, ISO 27001, PCI DSS, NIST).

  • Serve as the primary liaison between security, development, and business units to ensure security is embedded into development processes.

  • Facilitate risk discussions with application owners, architects, and product managers to balance security and delivery objectives.

  • Provide security advisory support during project design, development, and change management stages.

  • Lead vulnerability identification, prioritization, and recommendation on resolution.

  • Report on key metrics and ensure compliance with risk appetite thresholds.

  • Ensure no overdue findings , no failed validations and no repeat findings.

  • Lead and mentor a high-performing cybersecurity team.

  • Foster a culture of accountability, continuous improvement, and innovation.

Requirements

  • Bachelor’s Degree in Information Technology, Computer Science, or related field (Master’s preferred).

  • Professional certifications such as CISSP, CISM, CEH, CASE,

  • 5+ years of experience in cybersecurity, with at least 2 years in a leadership role.

  • Strong knowledge of ISO27001 ISMS, PCI DSS, and regulatory compliance requirements.

  • Experience in DevSecOps, vulnerability management, and penetration testing.

  • Strong leadership and people management skills.

  • Excellent understanding of cybersecurity frameworks and risk management.

  • Exceptional communication and executive reporting skills.

  • Ability to balance strategic planning with hands-on technical oversight.

How to Apply

Apply Now

Share This Job

Other Jobs at DFCU

2 Credit Analysts

DFCU

Senior Internal Auditor - IT

DFCU

Other Technology Jobs

Information Security Manager

FINCA Uganda

Server Administrator

SYBYL

IT Graduate Trainee

Uganda Airlines

Technical Instructor (Information Technology)

Watoto Church