CRDB Bank Plc is an African bank and a leading Financial Services Provider in Tanzania with current presence in Tanzania and Burundi, East Africa. The Bank was established in 1996 and was listed on The Dar Es Salaam Stock exchange (DSE) in June 2009.
Specialist; Cyber Security
CRDB Bank Plc
The Bank that Listens
Reporting line- Manager; CyberSecurity
Responsible for daily monitoring of the IT Infrastructure using security technical expertise and looking for patterns and potential issues, this includes working in close connection with Senior ICT Management. Focal point for the provision of information security expertise, ensuring all aspects of IT security controls policies and procedures are implemented and audited. Accountable as the prime contact for technical Security Issues.
- To design, implement, enforce, and monitor IT security strategy, IT Security Policies, cybersecurity framework to ensure alignment with related corporate policies, and compliance by both internal (employees) and external (vendors, third parties).
- To be responsible for the technical advice, proposing and implementing solutions and processes to continuously reduce the ICT security risks. This involves working with different units in the department to reduce cyber security risk. From technical controls to policies (and everything in between).
- To be responsible for forensic investigation of IT security incidents/breaches, providing regular reporting using the appropriate assurance framework.
- To coordinate regular security testing with high quality reporting. Responsible for the subsequent hardening of IT systems based on results of regular tests.
- Hardening (this includes patching) of all IT assets before promoted to production environment. Formal checklist will be used for installation/changes of any configuration in the banks environment this is for a new/existing setup, this includes but not limited to servers, workstations, databases, audio visuals and network devices, as per current hardening standards of the bank.
- Reviewing configuration API and PKI of the bank to ensure its compliance to the established standard on regular basis.
- Implement technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
- To administrate and monitor using specific IT Network Security applications including [but not limited to] the company -wide antivirus, email encryption, Data Loss prevention, file screening, server audit, and host protection systems. This requires continuous re-assessment of suitability for purpose and making or recommending any required changes.
- Provide remediation consultation to global teams to support enterprise risk reduction efforts
- Responsible for information security awareness and training program that informs and motivates workers on cyber-security matters as per the SAT program.
- Implement new technology on the network security and ensure security hardening and effectiveness of the control.
- Participate in the incident response program, ensuring that the program is tested throughout the organization and that every high-level manager knows his or her duties during such an incident.
- Provide & manage remote (VPN), DC access to users and real time monitoring of network user activities.
- Responsible for Vulnerability and penetration testing activities VAPT.
- The SMIS, HISG, DICT, and Executive Management may assign other assignment as needed.
Experience, Knowledge and Skills Requirements
- Bachelor’s degree in Information Technology, Computer Science, Computer Engineering or any other equivalent and relevant qualification from an accredited institution.
- Minimum of 3 years of ICT Security experience in banking environment.
- At least 1 ICT Security professional certifications, CISA, CISSP, CEH etc.
- Expert knowledge of current IT cyber security issues.
- Management of a complex IT Infrastructure within large enterprise level organization.
- Contingency and Disaster Recovery Planning.
- Ability to think ahead and anticipate problems, issues and solutions.
- Experience providing IT focused Enterprise Architecture and strategy.
- Windows Operating systems and Active Directory Management.
- Anti-Virus domain infrastructure.
- Knowledge of the laws as it applies to IT Security and recommended standards as applied by appropriate bodies.
- Technical handling interaction with vendors, contractors, and other stakeholders.