NMB Bank Plc is seeking a highly analytical and experienced Specialist; Technology Risk to support the effective management of technology infrastructure risks and third-party technology risks across the bank. The role is responsible for ensuring that technology-related risks are proactively identified, assessed, monitored, and mitigated to support sound decision-making and protect the bank’s overall risk profile.

The successful candidate will work closely with technology, operations, risk management, and third-party stakeholders to strengthen risk governance, improve control effectiveness, and enhance oversight of technology infrastructure, vendor relationships, and emerging technology risks. This position requires strong technical knowledge, risk management expertise, and the ability to translate complex risk information into meaningful insights for management and governance committees.

Responsibilities

• Support the identification, assessment, and management of technology infrastructure and third-party risks across the bank.
• Oversee technology vendor and third-party risk management activities, including governance, risk mitigation, and contractual compliance.
• Ensure key technology and third-party risks are documented together with appropriate controls and risk indicators.
• Facilitate and monitor Risk and Control Self-Assessments (RCSAs) in accordance with operational risk guidelines.
• Identify control gaps and weaknesses within technology infrastructure and third-party environments.
• Support the development and maintenance of Risk Appetite Statements related to technology infrastructure and third-party risks.
• Train and guide first-line staff on risk controls and risk management requirements.
• Assist in developing and implementing controls to mitigate technology and vendor-related risks.
• Document and monitor risk mitigation strategies and ensure adequate implementation.
• Ensure compliance with new policies, standards, and regulatory requirements across the organization.
• Track remediation of risk issues, audit findings, regulatory observations, and control deficiencies.
• Escalate overdue remediation actions and unresolved risk issues to management.
• Maintain a comprehensive database of third-party service providers and related compliance requirements.
• Monitor vendor performance, contractual obligations, and service level agreement (SLA) compliance.
• Assess capacity, lifecycle, obsolescence, and performance risks across technology infrastructure.
• Monitor emerging technology risks, including artificial intelligence, cloud computing, and robotic process automation.
• Develop second-line oversight reporting on technology and third-party risk exposures.
• Prepare monthly, quarterly, and ad hoc risk reports for management and governance committees.
• Build and maintain executive dashboards covering technology risk indicators, control effectiveness, SLA breaches, and risk trends.
• Conduct advanced analysis of technology risk data to identify trends, root causes, and emerging threats.
• Automate monitoring and reporting of recurring technology risk indicators where feasible.
• Consolidate risk assurance information across technology risk domains.
• Support continuous improvement of technology risk management frameworks and processes.
• Perform any other duties assigned by management.

Qualifications

• Bachelor’s Degree in Computer Science, Information Systems, Information Technology, Cybersecurity, or a related field.
• Active professional certification in Technology Risk such as CRISC, CISM, or equivalent.
• Third-Party or Outsourcing Risk certification such as CTPRP, CSCRP, CVA, VRMP, VCP, or equivalent is preferred.
• Master’s Degree in Business Administration, Risk Management, Information Systems, or a related field is an added advantage.
• Professional banking certifications are an added advantage.
• Minimum of three years of combined experience in Information Technology and Risk Management.
• Experience in IT operations, systems analysis, infrastructure management, or technology risk oversight.
• Strong understanding of technology infrastructure, enterprise systems, and vendor risk management.
• Knowledge of technology risk frameworks, controls, and risk management methodologies.
• Familiarity with banking regulations and technology-related regulatory requirements.
• Understanding of payment systems, technology governance, and operational risk management.
• Knowledge of emerging technology risks including AI governance, cloud adoption, and automation risks.
• Understanding of data governance, data quality standards, and privacy requirements.
• Strong analytical and problem-solving skills.
• Experience with data analysis, dashboard development, and management reporting.
• Proficiency in Microsoft Excel, Power BI, or similar business intelligence tools.
• Working knowledge of SQL concepts and structured data analysis.
• Excellent written, verbal, and presentation skills.
• Strong stakeholder management and relationship-building abilities.
• High levels of integrity, professionalism, and personal credibility.

General Conditions

• The position is based in Dar es Salaam, Tanzania.
• Employment is offered on a full-time basis.
• The successful candidate will work within NMB Bank Plc’s Risk Management function.
• Competitive remuneration and benefits will be provided in accordance with the bank’s policies and procedures.
• The role requires adherence to banking regulations, risk governance standards, and internal control frameworks.
• Candidates must demonstrate strong technical, analytical, and risk management competencies.
• Only shortlisted applicants will be contacted for further stages of the recruitment process.
• NMB Bank Plc is committed to equal employment opportunities, diversity, and professional development.
• Applicants must possess the legal right to work in Tanzania where applicable.

• Support the identification, assessment, and management of technology infrastructure and third-party risks across the bank.
• Oversee technology vendor and third-party risk management activities, including governance, risk mitigation, and contractual compliance.
• Ensure key technology and third-party risks are documented together with appropriate controls and risk indicators.
• Facilitate and monitor Risk and Control Self-Assessments (RCSAs) in accordance with operational risk guidelines.
• Identify control gaps and weaknesses within technology infrastructure and third-party environments.
• Support the development and maintenance of Risk Appetite Statements related to technology infrastructure and third-party risks.
• Train and guide first-line staff on risk controls and risk management requirements.
• Assist in developing and implementing controls to mitigate technology and vendor-related risks.
• Document and monitor risk mitigation strategies and ensure adequate implementation.
• Ensure compliance with new policies, standards, and regulatory requirements across the organization.
• Track remediation of risk issues, audit findings, regulatory observations, and control deficiencies.
• Escalate overdue remediation actions and unresolved risk issues to management.
• Maintain a comprehensive database of third-party service providers and related compliance requirements.
• Monitor vendor performance, contractual obligations, and service level agreement (SLA) compliance.
• Assess capacity, lifecycle, obsolescence, and performance risks across technology infrastructure.
• Monitor emerging technology risks, including artificial intelligence, cloud computing, and robotic process automation.
• Develop second-line oversight reporting on technology and third-party risk exposures.
• Prepare monthly, quarterly, and ad hoc risk reports for management and governance committees.
• Build and maintain executive dashboards covering technology risk indicators, control effectiveness, SLA breaches, and risk trends.
• Conduct advanced analysis of technology risk data to identify trends, root causes, and emerging threats.
• Automate monitoring and reporting of recurring technology risk indicators where feasible.
• Consolidate risk assurance information across technology risk domains.
• Support continuous improvement of technology risk management frameworks and processes.
• Perform any other duties assigned by management.

• Strong technical knowledge
• Risk management expertise
• Ability to translate complex risk information into meaningful insights
• Strong analytical and problem-solving skills
• Experience with data analysis, dashboard development, and management reporting
• Proficiency in Microsoft Excel, Power BI, or similar business intelligence tools
• Working knowledge of SQL concepts and structured data analysis
• Excellent written, verbal, and presentation skills
• Strong stakeholder management and relationship-building abilities
• High levels of integrity, professionalism, and personal credibility

• Bachelor’s Degree in Computer Science, Information Systems, Information Technology, Cybersecurity, or a related field.
• Active professional certification in Technology Risk such as CRISC, CISM, or equivalent.
• Third-Party or Outsourcing Risk certification such as CTPRP, CSCRP, CVA, VRMP, VCP, or equivalent is preferred.
• Master’s Degree in Business Administration, Risk Management, Information Systems, or a related field is an added advantage.
• Professional banking certifications are an added advantage.
• Minimum of three years of combined experience in Information Technology and Risk Management.
• Experience in IT operations, systems analysis, infrastructure management, or technology risk oversight.
• Strong understanding of technology infrastructure, enterprise systems, and vendor risk management.
• Knowledge of technology risk frameworks, controls, and risk management methodologies.
• Familiarity with banking regulations and technology-related regulatory requirements.
• Understanding of payment systems, technology governance, and operational risk management.
• Knowledge of emerging technology risks including AI governance, cloud adoption, and automation risks.
• Understanding of data governance, data quality standards, and privacy requirements.