Job Title: Assistant Manager – Cybersecurity Operations Specialist

Department: Information Technology

Reporting to: Manager – Information Security & Controls Assurance

Region: Dares Salaam

PURPOSE OF JOB

To plan, organize and deliver cost effective and efficient IT security controls to protect and defend systems and information assets (business and customer data) against any internal and external threats.

PRINCIPAL RESPONSIBILITIES:

Identify and communicate recommended security control deficiencies for the bank.

• Implement information security governance by defining, developing, implementing, and maintaining required policies, procedures, standards, and guidelines.
• Provide ownership of security of all systems and applications developed and acquired by the bank.

• Provide security assurance of all applications implemented by validating the implementation of security designs, conducting applications code reviews and security assessments to eliminate security vulnerabilities.
• Conduct periodic security assessments and review of implemented systems to ensure their continued compliance with security standards.

• Establish, maintain, and implement optimal security configurations of all servers OS, workstations OS, virtual environments, databases, middleware, and applications.
• Conduct research and make recommendations on systems security solutions, services, protocols, standards, and best practices in support of systems security continuous improvements.
• Maintain an inventory of security systems, hardware, and software used by the bank.
• Support continuous security monitoring efforts of all systems within the bank to detect and resolve security incidents and violations.

• Prepare and maintain systems security documentation including security architecture and designs of systems and applications.
• Implement security improvements by continuously assessing the implemented controls, evaluating security risks and anticipating requirements. Enforce ISO 27001 standards and procedures and ensure that a secure by design culture is maintained.

• Ensure sensitive data is protected and is effectively managed and policed.
• Review and monitor security across all systems (Including Penetration Testing) and implement uniform security principles.

• Perform change management risk reviews and post implementation reviews for all change requests.

QUALIFICATION AND EXPERIENCE

• A graduate in IT, IS, Computer Science/Engineering or related field is desirable.
• Minimum three years working experience in cybersecurity operations.

• The successful candidate must have a technical background and experience of information security.

COMPETENCIES, KNOWLEDGE, AND SKILLS

• Basic understanding of banking environment and banking systems.
• Preferred Security professional certification IS027001. CISSP, CISM, CEH; Other IT professional certifications such as ITIL, CISA, PMP will be an added advantai
• Good understanding of IT controls and service standards such as ITIL, COBIT, ISO 27000 etc