Head Technology Risk & Cyber Security
NBC is the oldest serving bank in Tanzania with over five decades of experience. We offer a range of retail, business, corporate and investment banking, wealth management products and services.
Responsible for building, maintaining and managing NBC Technology Risk profile & Cyber Security controls, as well as driving the bank’s cyber security strategy and IT Governance. In addition, the role is responsible to ensure compliance to the relevant regulatory requirements.
- Driving the development and implementation of a cyber-security strategy across the enterprise to minimize the risk of cyber-attacks.
- Managing and reporting for all IT Governance, Technology Risk, and Cyber Security initiatives for the bank.
- Develop and implement an ongoing risk assessment program targeting information security and business systems. Recommend methods for vulnerability detection and remediation.
- Overall responsible for managing continuous technology and cyber security risk assessments, identifying areas for improvement and providing the bank’s management an impartial and independent view of both technology and cyber security risk profiles in the enterprise.
- Fronting and managing all IT and Cyber Security Audits end-to-end.
- Manage version control of all IT documentation, ensuring that all versions are current/ up to date and version history maintained.
- Drive enterprise security review including Application Security, Infrastructure Configurations, Network Security, Identity and Access Management, Authentication Controls etc…
- Monitor and ensuring compliance to all relevant regulatory requirements (BOT, TCRA, TRA…Etc.) as well as internal technology and cyber security policies and standards, referring exceptions to Head of Information Technology.
- Provide oversight and challenge to DevOps strategy, tooling, processes and requirements
- Establish Key Risk Indicators (KRIs) to accurately measure and track in house developer compliance and risk
- Manage control self-assessment (CSA) exercise and validate the evidence if all the controls are audit proof and evidenced.
- Manage vulnerability assessment/Pen-test end– to-end for the entire bank’s technology environment.
- Drive implementation and review of technology risk and cyber security policies, standards, and processes across the enterprise.
- Establish and implement periodic control reviews and assessment schedules, and perform the reviews including spot test and snap checks of all controls as per defined Technology and Cyber Security policies, standards and guidelines.
- Oversee all third party and vendor security and risk management, ensuring alignment to the bank’s security control requirements.
- Liaises with contractors and service providers to ensure that all activities are in line with the bank’s security control requirements.
- Be involved in projects implementation providing security guidance from the initial stages of systems/ software development up to the end.
- Oversee IT security projects implementation
- Build and maintain threat intelligence and attack monitoring capabilities
- Develop and implement an incident reporting system to address security incidents, respond to alleged policy violations from staff, contractors and external parties
- Implement security incident management and response strategies alleged policy violations and security breaches from staff, contractors and external parties.
- Overseeing the investigation of reported policy violations and security breaches
- Managing daily security operations activities of the bank.
- Provides guidance and direction for the physical and logical protection of Information Technology resources to other business functions
- Developing and implementing technology recovery plans to ensure minimal service disruptions in the event of a security breach that the disaster recovery plan needs to be triggered.
- Provides direct Information Security Awareness training and oversight to all employees, and other third parties, ensuring proper information security clearance in accordance with established bank information security policies and procedures
- Develop a high performing team by embedding formal performance development and informal coaching, giving leadership to the team.
- Build effective working relationship/ information flow with key stakeholders as well as holding regular communication sessions with relevant stakeholders
- Keep abreast of the latest technology &b security threats and development.
- Perform other job-related duties as assigned
Qualifications and Experience
- Bachelor’s degree in Information Technology, or a related field. A post graduate in Information systems or business administration is of added advantage.
- At least 5 years of prior relevant experience in IT Security and Risk management, Vulnerability management and penetration testing and Identity and Access Management
- Working experience with Microsoft software, Linux, Database (Oracle, MS SQL), least two applicable cyber security related certifications – CISSP, CISA, CISM, CRISC, CGEIT, CEH, CCNA Security Security).
- Familiarity with security frameworks (e.g. NIST Cybersecurity framework) and risk management methodologies
- Good understanding of Infrastructure (servers and network) designs and architecture.
- Familiarity with operational risk and compliance is advantageous
- Proficiency in Security and Risk management
- Vulnerability management and penetration testing
- Identity and Access Management
- Communications and Network Security.
- Application Security
- Asset Security
- System Resilience and Data Recovery Capabilities
Bachelor`s Degrees and Advanced Diplomas – Physical, Mathematical, Computer and Life Sciences, Digital familiarity (Meets some of the requirements and would need further development), Experience in a similar environment at junior specialist level, IT Security (Meets all of the requirements), Openness to change (Meets some of the requirements and would need further development), Process optimisation (Meets some of the requirements and would need further development), Reasoning (Meets all of the requirements)