Specialist, Infrastructure & Cyber Security at Stanbic Bank Tanzania
Post: Specialist, Infrastructure & Cyber Security
Stanbic Bank Tanzania is a full-service commercial bank that specializes in providing facilities and services to public and private sector corporations.
To provide IT security services to the IT Department/Bank and in so doing ensure that appropriate IT security practices, solutions, controls, processes and procedures are in place for adequate protection of the Bank’s assets.
Implement IT security practices for the Bank from a technological perspective
- Working within approved standards, ensure that IT security requirements, processes and controls are in place and that specific country requirements are incorporated into and aligned.
- Monitor full adherence to approved security practices/protocols/standards/guidelines as well as industry best practices.
- Design adequate architecture that ensures security features and controls are embedded in solutions and infrastructures from the onset, both on premise and in the cloud, including other emerging trends and tools.
- Implement, monitor and maintain up-to-date security controls of the bank’s information and technology assets by overseeing the proper loading of end-point security agents (Antivirus, Patch, firmware, detection tools, prevention tools, etc)
- Ensure endpoint management and distribution tools are adequate and fully functional.
Ensure appropriate encryption mechanism are in place to safeguard information at rest and while in transit, such as disk encryption, web traffic encryption, etc.
Maintain and monitor appropriate controls in network infrastructure and perimeter security such as network access controls, firewalls, intrusion prevention, DNS security, web traffic filtering, and detection systems.
Manage and monitor controls and tools that shield the bank from cybersecurity threats both internally and externally, such as web application firewall, remote access tools.
Report and track security breaches and ensure that any known and substantive security gaps are dealt with swiftly
Proactively Identify, Advise and remediate Technology and Cybersecurity Risks
- Develop threat models for critical areas to identify likely avenues of cyber-attacks or compromise.
- Plan and execute relevant techniques to identify vulnerabilities and risks within the environment through various means such as controls self-assessments, scanning, etc,
- Plan and execute relevant mechanisms and activities to highlight how threats can be exploited to compromise the bank systems such as penetration testing, red team assessments, etc
- Engage and collaborate consistently with relevant stakeholders to identify, analyse, and set appropriate respective remedial actions to address identified issues.
- Escalate any security failures or breaches immediately. Log the incident reports, participate in the investigations, threat hunting and work on the remedial actions to prevent recurrence.
- Provide advisory services to stakeholders on the relevant security controls required to be engineered into solutions before products are developed, during development and before promoted to production to ensure security is “embedded in” and solutions are securely developed.
- Perform technical reviews of new solutions, application systems and/or infrastructure assessing the adequacy of controls systems, infrastructure and information assets.
- Monitor, track, report and manage the resolution of identified security and risk issues in conjunction with relevant teams.
Drive appropriate Logical Access Management practices
- Ensure appropriate processes are in place for the provisioning and deprovisioning of access rights to users
- Review all user access requests in conjunction with the appropriate teams.
- Maintain least privileged access rights
- On a periodic basis, extract and collate existing users access control lists from systems in use for review of adequacy
- Liaise with respective colleagues/departments for periodic review of all user access rights and manage any remediation thereof.
- Report on the status of access rights and reviews.
Create awareness of Technology and Cyber Security good practices
- Participate in the formulation of awareness programmes and plans that are fit for purpose, aligned with strategy and considers a range of risk data points e.g. audit findings, risk and control self-assessments, cybersecurity risk assessments, emerging threats and risks, and incidents.
- Create awareness proactively on identified risk themes within the Bank.
- Execute the awareness plan through various delivery mediums.
Coordinate cyber-security incident management, response and recovery
- Coordinate the recovery process post a cyber-security incident.
- Mobilize the requisite resources and ensure that recovery efforts receive appropriate focus and priority.
- Write the security incident report and share with the stakeholders, with emphasis on root cause and lessons learnt.
- Facilitate and guide the remediation work that is undertaken in line with findings and ensure that it is coordinated, tracked and reported.
- Actively drive incident simulation exercises aimed at testing the effectiveness of cyber security incident response controls.
- Type of qualification: First Degree
- Field of study: IT and Computer Sciences
- International Certifications on IT Security such as CISSP, CISM, CEH
- Experience in Infrastructure, Technical, support, Systems Administration, Applications support, Programming, Database Administration, Systems Analysis.
- Experience in IT Security / Auditing in a multi-system environment.
Please note: All our recruitment processes comply with the applicable local laws and regulations. Standard Bank South Africa has a Vaccination Policy which requires all employees to be fully vaccinated against COVID-19. We will never ask for money or any from of payment as part of our recruitment process. If you experience this, please contact our Fraud line on +27 800222050 or TransactionFraudOpsSA@standardbank.co.za