Head of Information Security at NBC Bank | April 2024

Apply Now

Job Description

NBC is the oldest serving bank in Tanzania with over five decades of experience. We offer a range of retail, business, corporate and investment banking, wealth management products and services.

Job Summary

Responsible for developing and executing comprehensive information security strategies, policies, standards, and initiatives that align with the bank’s goals and regulatory requirements. This role is pivotal in ensuring the continued resilience of bank’s assets including digital infrastructure against evolving cyber threats while fostering a culture of security awareness across the organization.
The Head of Information Security will ensure NBC information systems and data are at optimum level, and that they comply with the NBC IT Risk and Cyber Security policies and standards, and consequently meets the businesses requirement and safeguards the Bank’s computing environment, business operations and reputation.

Job Description

  • Define, develop, and maintain a business-aligned Information and Cyber Security strategy and operating model; 

  • Define and embed an Information and Cyber Security Policy Framework across the bank that addresses the needs of the bank, its staff, customers, and other external stakeholders in line with relevant regulatory and industry standards;

  • Provide advice and direction to the bank’s senior leadership team on the integration of cyber security practices into the bank’s strategic and operational processes;

  • Drive and deliver change to the bank’s Information and Cyber Security systems, processes, and procedures by continuously analysing and reviewing new security technologies and practices as informed by industry best practice;

  • Report to the bank’s committees and management groups on Information and Cyber Security matters;

  • Develop frameworks and processes to support banks cybersecurity governance;

  • Conduct controls snap checks around cyber security operations and critical processes;

  • Perform regular cyber security assessments on systems configurations, application security, databases, networks, and data centers to determine security violations and inefficiencies;

  • Be involved in projects implementation providing security guidance from the initial stages of systems/ software development up to the end;

  • Assist on threat intelligence and attack monitoring activities identifying abnormalities, reporting violations and recommend essential control measures;

  • Monitor identity and access management, including monitoring for abuse of permissions by authorized system users;

  • Monitor organization’s networks for security breaches and incidents to identify the root cause and investigate a violation when one occurs;

  • Regular monitoring, measuring, and reporting of cyber security thresholds and the cyber related key indicators, identify and define reasons for out of threshold indicators;

  • Undertaking third-party security assessment for critical IT Vendors and Service Providers to ensure they meet security requirements;

  • Assist with internal and external audits engagements relating to information security;

  • Oversee internal and external security assessment activities (Vulnerability Assessment and Penetration Test- VAPT);

  • Respond to security incidents including ‘phishing’ emails and ‘pharming’ activity, breaches etc. and mitigate the consequences of a cyber-incident;

  • Analyze security events and incidents, identify root cause and impacted control objectives. Ensure risk events are booked for all critical security incidents;

  • Develop and maintain plans for addressing cyber-attacks. Ensure the plans are updated and tested annually;

  • Design and implement a robust cyber security architecture that includes firewalls, intrusion detection/prevention systems, encryption protocols, and other security measures;

  • Oversee the installation and configuration of security applications such as antivirus software, anti-malware programs, and endpoint security solutions to protect against cyber threats;

  • Conduct regular vulnerability assessments and penetration tests to identify and remediate security weaknesses in the organization’s infrastructure and applications;

  • Develop and deliver cyber security awareness training programs to educate employees about potential threats and best practices for safeguarding sensitive information;

  • Monitor the performance of cyber security applications and tools, evaluate their effectiveness in protecting against cyber threats, and make adjustments as necessary to improve overall security posture.

Qualifications and Experience

  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity or a related field.

  • Strong understanding of IT and cybersecurity operations will be added advantage.

  • At least 5 years of prior relevant experience in IT Security and Risk management, Vulnerability management and penetration testing and Identity and Access Management.

  • Working experience with Microsoft software, Linux, Database (Oracle, MS SQL),

  • Preferable cyber security related certifications – CISSP, CISA, CISM, CRISC, CGEIT, CEH, CCNA Security.

  • Familiarity with security frameworks (e.g. NIST Cybersecurity framework) and risk management methodologies.

  • Good understanding of Infrastructure (servers and network) designs and architecture. 

  • Familiarity with operational risk and compliance is advantageous. 


  • Proficiency in Security and Risk management

  • Vulnerability management and penetration testing

  • Identity and Access Management

  • Communications and Network Security

  • Application Security

  • Asset Security

  • System Resilience and Data Recovery Capabilities


Bachelor`s Degrees and Advanced Diplomas – Information Technology, Digital familiarity (Meets some of the requirements and would need further development), Experience in a similar environment at management level, IT Security (Meets all of the requirements), Openness to change (Meets some of the requirements and would need further development), Process optimisation (Meets some of the requirements and would need further development), Reasoning (Meets all of the requirements)