Company. CRDB Bank Tanzania
Deadline. 26 March 2026
Job Purpose
The Manager: Infrastructure Security will lead the design, implementation, and continuous improvement of the bank’s infrastructure security capabilities. This role is responsible for securing the bank’s network, database, virtualisation, and communication infrastructure, ensuring resilient and well-defended systems across all corporate and branch environments. The position oversees a broad portfolio of security solutions spanning network security, email security, remote access, database security, data protection, and PKI, ensuring that all controls are aligned with cybersecurity policy, regulatory requirements, and business objectives. The role provides subject matter expertise across infrastructure security domains, drives incident response coordination for ICT-related events, and ensures that security technologies are effectively deployed, monitored, and continuously improved to protect the bank’s critical systems and data.
Principle Responsibilities
Manage and administer Email Security solutions, including anti-phishing controls, DMARC, SPF, and DKIM configurations, ensuring robust protection of the bank’s email channels against spoofing and phishing attacks.
Oversee the security of virtualisation platforms, ensuring that hypervisors, virtual machines, and related infrastructure are hardened, monitored, and compliant with cybersecurity standards.
Manage the Air Gap Solution to support secure data backup, ensuring that critical data is isolated from network-connected environments and recoverable in the event of a ransomware or cyber incident.
Administer and govern Database Security, including the deployment and management of Database Activity Monitoring (DAM), database firewall solutions, and overall database security posture to protect sensitive data from unauthorised access and misuse.
Lead Network Security operations, including the management and maintenance of network firewall management platforms, enforcement of rule-based access controls, and regular policy audits to ensure firewall configurations remain current, effective, and compliant.
Serve as the primary point of contact for ICT-related security incidents, coordinating investigations, supporting forensic activities, driving root-cause analysis, and ensuring timely escalation and resolution in line with the bank’s incident management framework.
Manage the Network Detection and Response (NDR) solution, ensuring continuous monitoring of network traffic, rapid detection of anomalies and threats, and timely escalation and response to network-based security incidents.
Administer and maintain remote access solutions, ensuring secure, authenticated, and policy-compliant connectivity for employees, contractors, and third parties accessing the bank’s systems from remote or external locations.
Ensure the proper implementation and ongoing management of Network Access Control (NAC) across corporate and branch networks, controlling device authentication and enforcing access policies to prevent unauthorised endpoints from connecting to the bank’s network.
Administer the DDoS protection solution, ensuring the bank’s internet-facing services and critical infrastructure are protected against volumetric, protocol, and application-layer denial-of-service attacks, with appropriate alerting and response procedures in place.
Ensure the implementation of Network Segmentation strategies to isolate critical systems, limit lateral movement, and reduce the attack surface across the bank’s corporate, branch, and data centre environments.
Manage the Web Application Firewall (WAF) solution, configuring and maintaining rulesets to protect web-facing applications from common and emerging threats such as SQL injection, cross-site scripting (XSS), and application-layer DDoS attacks.
Administer and govern the bank’s Public Key Infrastructure (PKI), including the lifecycle management of SSL/TLS certificates across all systems and services, ensuring timely renewal, proper issuance controls, and compliance with cryptographic standards.
Manage sensitive data locations across the bank’s infrastructure, ensuring that data stores containing personally identifiable, confidential, or regulated data are identified, classified, and subject to appropriate security controls and access restrictions.
Oversee the implementation and management of native and third-party encryption technologies to protect data at rest and in transit, ensuring encryption standards are consistently applied across servers, storage, databases, and communication channels.
Implement and manage Data Masking and Tokenisation solutions to de-identify sensitive data in non-production environments and reduce exposure in business processes, ensuring compliance with data protection regulations and minimising the risk of data leakage.
Own vendor relationships and licensing for all infrastructure security tools and platforms, managing upgrades, patching, and renewals, and ensuring solutions remain scalable, reliable, and aligned with the bank’s evolving security requirements.
Qualifications Required
Knowledge
In-depth knowledge of network security technologies including Next-Generation Firewalls (NGFW), IDS/IPS, NAC, NDR, DDoS protection, VPN, and network segmentation techniques.
Strong understanding of email security protocols (DMARC, SPF, DKIM, anti-phishing), PKI/SSL certificate management, WAF technologies, and database security tools including DAM and database firewalls.
Familiarity with data protection technologies including encryption (native and third-party), data masking, tokenization, and sensitive data discovery and classification across structured and unstructured environments.
Working knowledge of ICT incident management processes, virtualization security, Air Gap backup solutions, and security frameworks and standards (e.g., NIST, ISO 27001, PCI DSS).
Understanding of remote access architectures, Network Access Control principles, and secure connectivity solutions for corporate and branch environments.
Skills
Strong analytical and problem-solving skills, with the ability to assess complex infrastructure security risks and design effective, proportionate controls.
Good interpersonal and communication skills.
Commitment to staying current with evolving infrastructure security threats, technologies, and industry best practices.
Ability to work collaboratively within cross-functional teams.
Project management and documentation skills, with the ability to manage multiple concurrent security initiatives, maintain runbooks and procedures, and report to senior leadership.
Qualifications
At least 5 years specifically in a supervisory or managerial leadership role overseeing security operations, infrastructure, or IT teams.
Bachelor’s degree in computer science/engineering, Cyber Security, Software engineering, or related academic field.
Industry certifications such as CISSP, CISM, CompTIA Security+, CCNP Security, or ISO 27001 LA/LI are a plus.
Deadline
2026-03-25
Employment Terms
PERMANENT
CRDB Commitment
CRDB Bank is dedicated to upholding Sustainability and ESG practices and encourage applicants who share this commitment. The Bank also promotes an inclusive workplace, hence applications from women and individual with disabilities are encouraged.
It is important to note that CRDB Bank does not charge any fees for the application or recruitment process, and any requests for payment should be disregarded as they do not represent the bank’s practices.
Job post.SPECIALIST PRIVILEGED ACCESS MANAGEMENT
Department
CYBERSECURITY UNIT
Location
Tanzania Head Office
Job Purpose
Responsible
for protecting the bank’s IT systems, servers, databases, and networks.
This includes implementing and managing PAM and IAM processes to secure
access, designing and maintaining computer security architecture, and
developing cybersecurity solutions aligned with established security
requirements.
Principle Responsibilities
Administer and maintain overall enterprise PAM solution architecture, including Vaults, PSM, CPM, and PVWA.
Manage the lifecycle of privileged accounts in the PAM solution: onboarding, offboarding, rotation, and monitoring.
Develop and enforce policies for privileged access, including session recording, just-in-time access, and credential rotation.
Enforce and review safe access policies for privileged accounts, including dual control/dual approval of workflows.
Monitor and audit privileged access sessions and alerts and coordinate investigations for anomalies and violations.
Troubleshoot technical issues with the PAM platform and its integrations.
Manage and secure remote access sessions for privileged users, ensuring compliance with policy.
Provide operational support for PAM users and services.
Assist in incident response and forensic investigations related to privileged accounts and access breaches.
Maintain and update documentation, SOPs, and operational procedures for PAM and IAM processes.
Administer general IAM operations: user provisioning, de-provisioning, access approvals, and workflow management.
Monitor and enforce segregation of duties (SoD) policies and controls.
Support
internal and external audits, including preparation, evidence
collection, and reporting for privileged and general access.
Recommend and implement improvements to access policies, controls, and PAM/IAM operations.
Participate in IAM-related projects such as SSO, MFA, and role-based access enhancements.
Maintain knowledge of best practices for privileged, remote, and enterprise access management.
Collaborate
with Security Operations and IT teams on access-related incidents or
policy violations and recommend improvements to access policies and
controls.
Lead information security awareness and training programs (SAT program) to inform and motivate staff on cybersecurity matters.
Qualifications Required
Knowledge
Understanding Identity and Access Management (IAM) concepts, including authentication, authorization, RBAC, PAM, and UAM.
Hands-on experience specifically on PAM solutions, such as CyberArk/ Beyond-Trust solution infrastructure and administration.
Understanding networking concepts, principles, and network security standards.
Working knowledge of IT desktop applications, computer technologies, and operating systems (Windows/Linux).
Knowledge of IT security, virtualization, operating systems, and cloud services (Azure, AWS, GCP).
Skills
Strong problem-solving skills with the ability to respond and resolve issues efficiently.
Excellent interpersonal and oral communication skills.
Knowledge of security issues and products, enabling complex issues to be quickly diagnosed and resolved.
Effective time management and the ability to work independently or coordinate with teams.
Capability to conduct security awareness training and communicate cybersecurity concepts effectively.
Qualifications
At
least 3 years of hands‑on experience in, Privileged Access Management
(PAM) tools, Identity & Access Management (IAM), Active Directory,
Azure AD, and related access security technologies.
Possession of a bachelor’s degree in computer systems/technology/ Cybersecurity or related academic field.
ICT Security professional certifications like CC, ISO 27001 LI, CISSP, CISA, CEH, etc. Will be an added advantage.
Employment Terms
PERMANENT
CRDB Commitment
CRDB
Bank is dedicated to upholding Sustainability and ESG practices and
encourage applicants who share this commitment. The Bank also promotes
an inclusive workplace, hence applications from women and individual
with disabilities are encouraged.
It is important to note
that CRDB Bank does not charge any fees for the application or
recruitment process, and any requests for payment should be disregarded
as they do not represent the bank’s practices.
Only Shortlisted Candidates will be Contacted.
Reviewed by husseinchuse
on
Thursday, March 19, 2026
Rating:
No comments: