New Opportunities at NBC


Manager Technology Governance at NBC

NBC is the oldest serving bank in Tanzania with over five decades of experience. We offer a range of retail, business, corporate and investment banking, wealth management products and services.

Job Summary

Responsible for ensuring the alignment of technology initiatives with the banks goals and objectives, as well as the development and implementation of technology governance policies and processes.


The incumbent is required to have a strong understanding of technology trends, IT operations and project management methodologies, and will work closely with the senior leadership team, stakeholders, and technical teams to ensure technology investments support the organization’s mission and deliver desired business outcomes.

Job Description​

Technology Governance Operations

  • Develop frameworks and processes to support the banks technology and risk governance.
  • Develop, implement, and monitor reporting mechanisms for governance, security, and risk practices to support compliance and highlight areas of exposure.
  • Provide guidance to other IT and business units in the conducting and updating of risk assessment for IT projects and systems.
  • Review to identify security risks and breaches to ensure the bank’s assets and information are appropriately secured at all times.
  • Communicate security basics to the general user population including formulating Security Awareness programs to raise user awareness and understanding of basic security concepts. This includes awareness to both internal, external third parties and customers.
  • Develop, maintain and continuous updating of the IT Business Continuity Plan.
  • Work collaboratively with other team members (in country or group) oversight functions to identify and implement consistent and effective approaches to risk governance and control-based activities.
  • Work with internal units to coordinate and conduct regular reviews and audit of IT systems and applications to ensure statutory compliance.
  • Liaise and support internal and external auditors to facilitate IT audits, reviews, along with tracking and timely closure of audit outcomes.
  • Lead in the investigation of cyber security incidents by working with the internal Cyber security team and other government agencies.

Read Also:

Manage Risk and Compliance

  • Provide insights and recommendations on technology risk management to the bank’s leadership team.
  • Review current and proposed information systems for alignment and compliance with the bank’s business strategy.
  • Together with Tech Risk and Compliance team review the key risk and compliance challenges identified in the area and the key areas of concern/surveillance.
  • Together with the Risk and Compliance team implement measures to address notable risks and regulatory challenges.
  • Ensure that processes, control requirements and risk management frameworks that impact the area are documented and understood by all members of the team.
  • Own and agree corrective action items with Internal Audit and Management Assurance for findings related to the functional area under management.
  • Arrange issue assurance for closed audit findings.
  • Contribute and deliver to the improvement of the risk profile by delivering improved governance, risk management, controls and compliance requirements.

Drive Service Levels

  • Oversight of banks regulations and standards, such as data privacy and security laws, to avoid legal and financial consequences.
  • Implement effective governance controls to mitigate data breaches, security vulnerabilities, and operational failures.
  • Continuously monitor service levels and implement tactical measures to improve customer satisfaction.

IT Strategy support

  • Manages and coordinates the development of Technology Services strategies in collaboration with Technology Leads.
  • Work directly with the Senior Executive team to design, develop and assist in the implementation of IT strategies, ensuring alignment to corporate vision/goals.
  • Create clear and concise communications/recommendations for senior leadership review related to strategic business plans and initiatives.

Third Party Risk Management

  • Develop and manage a third-party IT vendor risk management monitoring and reporting process that tracks third party risks.
  • Conduct third party risk assessments in alignment with company security policies and industry standards.
  • Perform on site assessments of vendors to identify opportunities for improvement.
  • Provide input and aid in the development of policies focused on the security of third-party business processes.
  • Foster relationships and influence the behaviour of internal teams and external parties.
  • Develop and maintain supplier risk and control monitoring plans, performing monitor activities and analysis of evidence to determine controls are operating effectively.

Qualifications and Experience 

  • Bachelor’s degree in Information Technology, or a related field.
  • A Postgraduate in Information systems or business administration is of added advantage.
  • At least 5 years of prior relevant experience in IT Security and Risk management, Vulnerability management and penetration testing and Identity and Access Management
  • Working experience with Microsoft software, Linux, Database (Oracle, MS SQL),
  • At least two applicable IT Management certifications – ITIL, Cobit
  • Familiarity with operational risk and compliance is advantageous 

Read Also:


  • Proficiency in Security and Risk management
  • Vulnerability management and penetration testing
  • Identity and Access Management
  • Communications and Network Security.
  • Application Security
  • Asset Security
  • System Resilience and Data Recovery Capabilities


Bachelor’s Degree – Information Technology, Digital familiarity (Meets some of the requirements and would need further development), Experience in a similar environment, IT Security (Meets some of the requirements and would need further development), Openness to change (Meets some of the requirements and would need further development), Process optimisation (Meets some of the requirements and would need further development), Reasoning (Meets all of the requirements)