Reporting to: Manager – Information Security & Controls Assurance
Hours of Work: 8am – 5pm Monday to Friday.
Additional hours as required by workload
Region: Dar es Salaam
Identify and communicate recommended security control deficiencies for the bank.
Implement information security governance by defining, developing, implementing, and maintaining required policies, procedures, standards, and guidelines.
Provide ownership of security of all systems and applications developed and acquired by the bank
Provide security assurance of all applications implemented by validating the implementation of security designs, conducting applications code reviews and security assessments to eliminate security vulnerabilities.
Conduct periodic security assessments and review of implemented systems to ensure their continued compliance with security standards.
Establish, maintain, and implement optimal security configurations of all servers OS, workstations 05, virtual environments, databases, middleware, and applications.
Conduct research and make recommendations on systems security solutions, services, protocols, standards, and best practices in support of systems security continuous improvements.
Maintain an inventory of security systems, hardware, and software used by the bank
Support continuous security monitoring efforts of all systems within the bank to detect and resolve security incidents and violations.
Prepare and maintain systems security documentation including security architecture and designs of systems and applications.
Implement security improvements by continuously assessing the implemented controls, evaluating security risks and anticipating requirements
Enforce IS0 27001 standards and procedures and ensure that a secure by design culture is maintained
Ensure sensitive data is protected and is effectively managed and policed.
Review and monitor security across all systems (Including Penetration Testing) an implement uniform security principles.
Perform change management risk reviews and post implementation reviews for all change requests.