Overview
CRDB Bank Plc is an African bank and a leading Financial Services Provider in Tanzania with current presence in Tanzania and Burundi, East Africa. The Bank was established in 1996 and was listed on the Dar Es Salaam Stock exchange (DSE) in June 2009. Over the years, CRDB Bank has grown to become the most innovative and preferred financial services partner in the region. Supported by a robust portfolio and uniquely tailored products, CRDB Bank remains the most responsive bank in the region. CRDB Bank offers a comprehensive range of Corporate, Retail, Business, Treasury, Premier, and wholesale Microfinance services through a network of 260 branches, 551 ATMs, 18 Depository ATMs, 12 Mobile branches and 1184 Point of Sales (POS) terminals. Similarly, the bank has scores of Microfinance partners and institutions through which pertinent services are rendered to all customers. We currently have 450 Microfinance partner institutions. CRDB Bank was the first to offer Agency Banking services in Tanzania at the beginning of 2013 and we now have 3286 FahariHuduma agents across the country. The Bank also operates through Internet and mobile banking services.
Reporting Line : Manager IAM
Location : Tanzania Head Office
Department : Cybersecurity Unit
Number of openings : 1
Job Purpose
The CBS Security Specialist is responsible for ensuring the confidentiality, integrity, and availability of the bank’s Core Banking System (CBS) and its supporting environments. The role safeguards the Core Banking System (CBS) and connected ecosystems (payments, channels, integrations) by designing, implementing, and monitoring robust security controls across the application, data, integration, and infrastructure layers. It also drives secure SDLC, threat modeling, vulnerability management, compliance, and incident response specifically for core banking platforms.
Principle Responsibilities
- Own CBS Security Architecture – define and maintain security patterns for CBS, ESB/API gateways, batch jobs, and downstream systems.
- Secure SDLC for CBS – embed security requirements for all the CBS changes.
- Threat Modeling & Risk Assessments – conduct modeling for CBS modules, interfaces, and new products; track respective risks to closure.
- Hardening & Configuration Baselines – implement hardening for OS, DB, app servers, and CBS modules.
- Database & Data Security – enforce encryption, key management, masking, auditing, and least privilege for all the CBS modules and schemas.
- Identity & Access Controls – enforce RBAC, SoD for CBS roles, privileged access management (PAM), and periodic access attestation and recertification.
- Vulnerability Management – coordinate scanning/patching for CBS stack, triage findings, and drive SLA-based remediation by criticality and business impact.
- Security Monitoring & Use Cases – develop CBS-specific SIEM detections.
- Incident Response (IR) – lead CBS-related Incident Response playbooks, including forensics and lessons learned.
- Change/Risk Governance – review CRs affecting CBS; sign-off on go-live security readiness.
- Compliance & Audit Readiness – ensure alignment with applicable standards and regulatory directives.
- Business Continuity – validate DR/BCP for CBS (RPO/RTO, backups, logs, failover, key recovery, reconciliation controls, etc.).
- Third-Party Risk – assess vendors, SLAs, secure configurations, and data processing agreements.
- Security Awareness (Targeted) – train CBS operations, developers, and product owners on secure change, access hygiene, and fraud-aware controls.
- Serve as the primary security expert to Core Banking Environment.
Qualifications Required
- Bachelor’s degree in Cybersecurity, computer science, Information Security, Engineering, or related field.
- Industry Certifications: CISA, CCSP, CISM, CRISC or CEH will be a plus.
- Experience with secure integration patterns (APIs, ESB, microservices), including authentication, authorization, tokenization, and TLS best practices.
- Adequate understanding of Core Banking Systems (CBS) architecture, including modules, integration points, and typical attack vectors in financial systems.
- Strong knowledge of database security (e.g., Oracle, MSSQL), including encryption, access control, auditing, and secure configurations.
- Familiarity with payment systems security such as SWIFT, ISO, card systems, digital channels, and related fraud-prevention controls.
- Understanding threat modeling and vulnerability assessment for banking applications, including secure SDLC, code review practices, and security testing tools.
- Risk-based decisioning, balancing security with availability in high-stakes banking operations.
- Core Banking Systems architecture, EOD/BOD, GL posting flows, batch jobs, and common attack vectors.
- Application Security: OWASP Top 10, secure coding patterns, code review, dependency & secret scanning.
- Infrastructure Security: OS hardening, virtualization, Oracle/MSSQL hardening, database encryption, data masking, fine-grained auditing (FGA), least privilege.
- Integration & API Security, Monitoring & Incidents Response.
- 4+ years in application or platform security within banking/financial services, with 3+ years hands-on securing CBS or equivalent mission-critical systems.
CRDB Commitment
CRDB Bank is dedicated to upholding Sustainability and ESG practices and encourage applicants who share this commitment. The Bank also promotes an inclusive workplace, hence applications from women and individual with disabilities are encouraged.
It is important to note that CRDB Bank does not charge any fees for the application or recruitment process, and any requests for payment should be disregarded as they do not represent the bank’s practices.
Only Shortlisted Candidates will be Contacted.
Deadline
2026-02-12
Employment Terms
PERMANENT
How to Apply: CLICK HERE TO APPLY