Overview
CRDB Bank Plc is an African bank and a leading Financial Services Provider in Tanzania with current presence in Tanzania and Burundi, East Africa. The Bank was established in 1996 and was listed on the Dar Es Salaam Stock exchange (DSE) in June 2009. Over the years, CRDB Bank has grown to become the most innovative and preferred financial services partner in the region. Supported by a robust portfolio and uniquely tailored products, CRDB Bank remains the most responsive bank in the region. CRDB Bank offers a comprehensive range of Corporate, Retail, Business, Treasury, Premier, and wholesale Microfinance services through a network of 260 branches, 551 ATMs, 18 Depository ATMs, 12 Mobile branches and 1184 Point of Sales (POS) terminals. Similarly, the bank has scores of Microfinance partners and institutions through which pertinent services are rendered to all customers. We currently have 450 Microfinance partner institutions. CRDB Bank was the first to offer Agency Banking services in Tanzania at the beginning of 2013 and we now have 3286 FahariHuduma agents across the country. The Bank also operates through Internet and mobile banking services.
Reporting Line : Manager IAM
Location : Tanzania Head Office
Department : Cybersecurity Unit
Number of openings : 1
Job Purpose
Driving the governance backbone of the cybersecurity program, maintaining the policies, standards, procedures & processes, running security awareness & trainings, managing the department risk registers and tracking vendor security & contracts. This role also ensures BCM/DRP alignment with business & security objectives and produce high-quality reports for executive committees, audit, and regulators.
Principle Responsibilities
- Own and maintain the cybersecurity policy framework (policies, standards, procedures, baselines).
- Lead the security awareness & training program (annual plan, phishing simulations, targeted training for high-risk roles).
- Maintain the enterprise cyber risk register (methodology, scoring, KRIs, treatment tracking, dashboards).
- Coordinate GRC documentation lifecycle (versioning, approval workflow, repository hygiene, periodic reviews).
- Drive third-party risk management (security due diligence, contract clauses, SLAs, compensating controls, payments).
- Ensure BCM/DRP integration with cybersecurity (RPO/RTO security dependencies, backup & restore testing, tabletop exercises).
- Prepare governance reports & packs for management meetings.
- Track audit findings and regulatory commitments to timely closure.
- Support policy exceptions process (risk-based approvals, expiry, compensating controls).
- Facilitate security meetings and committees—agenda, minutes, action logs, and follow-ups.
- Maintain compliance mappings and compliance (e.g., NIST CSF, ISO/IEC 27001, PCI DSS, SWIFT CSP, regulatory matrix).
- Partner with Procurement to ensure security clauses and payment gates for non-compliant vendors.
- Manage Cybersecurity budget planning, proposals, changes, resourcing, procurement, and utilization.
- Champion people’s agenda within the department, including but not limited to allocation/relocation, performance, productivity, training needs, developments and recruitments facilitation.
- Coordinate with auditors and cross-functional team members to establish security audit scope and schedules, maintain excellent relationships with audit, risk, regulator teams and provide a consistent perspective.
- Provide guidance, evaluation and advocacy on audit findings and recommendations and ensure appropriate mitigation actions are developed and implemented in a timely manner.
- Monitor execution of Cybersecurity strategy in alignment with the overall corporate and ICT strategy.
Qualifications Required
- Bachelor’s degree in Cybersecurity, computer science, Computer Information Systems, Management Information Systems or related fields.
- At least one of the related professional certifications (COBIT, ITIL, CGEIT, CRISC, CISA, ISO27001 LA/LI, PCI DSS).
- At least 3 years of experience in Cyber governance and supplier management in banking or similar environment.
- Experience of working in a deadline-oriented environment, managing multiple issues simultaneously.
- Technical handling interaction with employees, auditors, vendors, contractors, and other stakeholders.
- Cybersecurity governance frameworks (NIST CSF, ISO/IEC 27001, PCI DSS) and their linkage to Tanzania Banking Industry.
- Risk management principles, Audit & compliance lifecycle.
- BCM/DRP concepts.
- Third-party risk management and security contract clauses.
- Analytical, organized, detail focused, Technical knowledge of ICT and Information Security.
- Policy framework design & control mapping.
- Risk register management & tooling familiarity.
- Vendor security assessments & contract review.
- BCM/DRP integration with security requirements.
- Reporting best practices (board-quality metrics), Data visualization for executive reporting (dashboards).
CRDB Commitment
CRDB Bank is dedicated to upholding Sustainability and ESG practices and encourage applicants who share this commitment. The Bank also promotes an inclusive workplace, hence applications from women and individual with disabilities are encouraged.
It is important to note that CRDB Bank does not charge any fees for the application or recruitment process, and any requests for payment should be disregarded as they do not represent the bank’s practices.
Only Shortlisted Candidates will be Contacted.
Deadline : 2026-02-12
Employment Terms : PERMANENT
How to Apply: CLICK HERE TO APPLY