Job Purpose

Driving the governance backbone of the cybersecurity program, maintaining the policies, standards, procedures & processes, running security awareness & trainings, managing the department risk registers and tracking vendor security & contracts. This role also ensures BCM/DRP alignment with business & security objectives and produce high-quality reports for executive committees, audit, and regulators.

Principle Responsibilities

• Own and maintain the cybersecurity policy framework (policies, standards, procedures, baselines).
• Lead the security awareness & training program (annual plan, phishing simulations, targeted training for high-risk roles).
• Maintain the enterprise cyber risk register (methodology, scoring, KRIs, treatment tracking, dashboards).
• Coordinate GRC documentation lifecycle (versioning, approval workflow, repository hygiene, periodic reviews).
• Drive third-party risk management (security due diligence, contract clauses, SLAs, compensating controls, payments).
• Ensure BCM/DRP integration with cybersecurity (RPO/RTO security dependencies, backup & restore testing, tabletop exercises).
• Prepare governance reports & packs for management meetings.
• Track audit findings and regulatory commitments to timely closure.
• Support policy exceptions process (risk-based approvals, expiry, compensating controls).
• Facilitate security meetings and committees—agenda, minutes, action logs, and follow-ups.
• Maintain compliance mappings and compliance (e.g., NIST CSF, ISO/IEC 27001, PCI DSS, SWIFT CSP, regulatory matrix).
• Partner with Procurement to ensure security clauses and payment gates for non-compliant vendors.
• Manage Cybersecurity budget planning, proposals, changes, resourcing, procurement, and utilization.
• Champion people’s agenda within the department, including but not limited to allocation/relocation, performance, productivity, training needs, developments and recruitments facilitation.
• Coordinate with auditors and cross-functional team members to establish security audit scope and schedules, maintain excellent relationships with audit, risk, regulator teams and provide a consistent perspective.
• Provide guidance, evaluation and advocacy on audit findings and recommendations and ensure appropriate mitigation actions are developed and implemented in a timely manner.
• Monitor execution of Cybersecurity strategy in alignment with the overall corporate and ICT strategy.

Qualifications Required

• Bachelor’s degree in Cybersecurity, computer science, Computer Information Systems, Management Information Systems or related fields.
• At least one of the related professional certifications (COBIT, ITIL, CGEIT, CRISC, CISA, ISO27001 LA/LI, PCI DSS).
• At least 3 years of experience in Cyber governance and supplier management in banking or similar environment.
• Experience of working in a deadline-oriented environment, managing multiple issues simultaneously.
• Technical handling interaction with employees, auditors, vendors, contractors, and other stakeholders.

• Cybersecurity governance frameworks (NIST CSF, ISO/IEC 27001, PCI DSS) and their linkage to Tanzania Banking Industry.
• Risk management principles, Audit & compliance lifecycle.
• BCM/DRP concepts.
• Third-party risk management and security contract clauses.
• Analytical, organized, detail focused, Technical knowledge of ICT and Information Security.
• Policy framework design & control mapping.
• Risk register management & tooling familiarity.
• Vendor security assessments & contract review.
• BCM/DRP integration with security requirements.
• Reporting best practices (board-quality metrics), Data visualization for executive reporting (dashboards).

• Own and maintain the cybersecurity policy framework (policies, standards, procedures, baselines).
• Lead the security awareness & training program (annual plan, phishing simulations, targeted training for high-risk roles).
• Maintain the enterprise cyber risk register (methodology, scoring, KRIs, treatment tracking, dashboards).
• Coordinate GRC documentation lifecycle (versioning, approval workflow, repository hygiene, periodic reviews).
• Drive third-party risk management (security due diligence, contract clauses, SLAs, compensating controls, payments).
• Ensure BCM/DRP integration with cybersecurity (RPO/RTO security dependencies, backup & restore testing, tabletop exercises).
• Prepare governance reports & packs for management meetings.
• Track audit findings and regulatory commitments to timely closure.
• Support policy exceptions process (risk-based approvals, expiry, compensating controls).
• Facilitate security meetings and committees—agenda, minutes, action logs, and follow-ups.
• Maintain compliance mappings and compliance (e.g., NIST CSF, ISO/IEC 27001, PCI DSS, SWIFT CSP, regulatory matrix).
• Partner with Procurement to ensure security clauses and payment gates for non-compliant vendors.
• Manage Cybersecurity budget planning, proposals, changes, resourcing, procurement, and utilization.
• Champion people’s agenda within the department, including but not limited to allocation/relocation, performance, productivity, training needs, developments and recruitments facilitation.
• Coordinate with auditors and cross-functional team members to establish security audit scope and schedules, maintain excellent relationships with audit, risk, regulator teams and provide a consistent perspective.
• Provide guidance, evaluation and advocacy on audit findings and recommendations and ensure appropriate mitigation actions are developed and implemented in a timely manner.
• Monitor execution of Cybersecurity strategy in alignment with the overall corporate and ICT strategy.

• Cybersecurity governance frameworks (NIST CSF, ISO/IEC 27001, PCI DSS) and their linkage to Tanzania Banking Industry.
• Risk management principles, Audit & compliance lifecycle.
• BCM/DRP concepts.
• Third-party risk management and security contract clauses.
• Analytical, organized, detail focused, Technical knowledge of ICT and Information Security.
• Policy framework design & control mapping.
• Risk register management & tooling familiarity.
• Vendor security assessments & contract review.
• BCM/DRP integration with security requirements.
• Reporting best practices (board-quality metrics), Data visualization for executive reporting (dashboards).

• Bachelor’s degree in Cybersecurity, computer science, Computer Information Systems, Management Information Systems or related fields.
• At least one of the related professional certifications (COBIT, ITIL, CGEIT, CRISC, CISA, ISO27001 LA/LI, PCI DSS).