Job Title: Manager – InfoSec & Controls Assurance

Department: Information Technology

Reporting to: Senior Manager – Technology

Responsible for: InfoSec and Controls Assurance Team

Region: Dar es Salaam

PURPOSE OF JOB

To plan, organize and effectively lead InfoSec and Controls Assurance team to detect and defend systems and information assets (business and customer data) against any internal and external threats.

PRINCIPLE ACOUNTABILITIES

PRINCIPAL RESPONSIBILITIES:

• Review and implement security monitoring and incidents response strategy and roadmap for the bank.
• Drive cybersecurity monitoring and incident response initiatives within the bank to improve security monitoring capabilities.
• Establish real-time proactive monitoring and detection of security incidents and provide relevant notifications.
• Implement automated response to cybersecurity incidents by integrating and building various security tools.
• Overseeing the investigation of reported security breaches including fraud cases in collaboration with the bank’s fraud management unit.
• Develop and provide actionable dashboards that show clear visibility of security attacks to the bank.
• Provide ‘ownership” of security incidents and problems to the final resolution for all the servers, workstations, Virtual environments, Databases, Middleware, and Applications.
• Implement security governance by defining, developing, implementing, and maintaining required security policies, procedures, standards, and guidelines. Conduct research, evaluate, and make recommendations on security monitoring and incident response tools, services, protocols, standards, and associated best practices.
• Prepare and maintain security monitoring documentations including architectures, designs and governance documents.
• Communicate critical cybersecurity incidents to technology and business leaders.
• Oversee internal and external security assessment activities including vulnerability assessments and penetration tests.
• Support Exim Subsidiaries (Exim Djibouti, Comoros and Uganda) on technology standards compliance and aligning with group standards and best practices while considering local regulatory directives.
• Vulnerability management across Exim group (coordination of VAPT and continuous identification of vulnerabilities towards closure).

QUALIFICATION AND EXPERIENCE

• At least a bachelor’s degree in Computer Science, Engineering, or related academic field.
• Preferred professional certifications such as CEH, CISM, CISA, CISSP or any other relevant security certifications.
• At least 5 years of relevant work experience in Cybersecurity.
• Solid hands-on experience in enterprise security tools including security monitoring technologies such as SIEM and SOAR tools.

COMPETENCIES, KNOWLEDGE, AND SKILLS

• Knowledge of common information Security Management Frameworks/Standards such as ISO/IEC 27001, NIST CSF, and PCI.
• Solid hands-on experience in enterprise security tools including security monitoring technologies such as SIEM and SOAR tools.