Chief Information Security Officer (CISO)

roomDar es Salaam

business_centerFull Time

book Direct Reports

bookmark Senior Manager

directions_carDriving License Not Required

flagOnly Open to Tanzanian Nationals



The chief information security officer (CISO) is the head of IT security operations, driving the IT security strategy and implementation forward while protecting the business from security threats and cyber-hacking.


  • Develop and implement Bank's Cyber Security program and enforce the
    Security policy.
  • Ensure that the bank maintains a current enterprise-wide knowledge base of its
    devices, applications, and their relationships, including but not limited to:
  1. Software and hardware asset inventory;
  2. Network maps (including boundaries, traffic, and data flow); and
  3. Network utilization and performance data.
  • Ensure that information systems meet the needs of the Bank, and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite, and ICT risk management policies of the institution.
  • Design Cyber Security controls with the consideration of users at all levels of the
    organization, including internal (i.e. management and staff) and external users (i.e.
    contractors/consultants, business partners, and service providers).
  • Organize professional cyber-related training to improve the technical proficiency of staff.
  • Ensure that regular and comprehensive cyber risk assessments are conducted.
  • Ensure that adequate processes are in place for monitoring IT systems to detect Cyber Security events and incidents in a timely manner.
  • Report to the CEO / CRO on an agreed interval but not less than once per quarter on the following:
  1. Assessment of the confidentiality, integrity, and availability of the information
    systems in the institutions.
  2. Detailed exceptions to the approved Cyber Security policies and procedures.
  3. Assessment of the effectiveness of the approved Cyber Security program
    Job Description - CISO
  4. All material Cyber Security events that affected the institution during the period
  • Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
  • Incorporate the utilization of scenario analysis to consider a material cyber-attack,
    mitigating actions, and identifying potential control gaps.
  • Ensure frequent data backups of critical IT systems (e.g. real-time backup of changes made to critical data) are carried out to a separate storage location.
  • Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented, and communicated to relevant staff.
  • Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.

Important Relationships

  1. Job is both internally and externally focussed, requiring that the individual be highly adaptable in terms of personal style and the development of business knowledge related to banking
  2.  The job requires relationships to be built across the organization at the senior level
  3.  The jobholder will develop and nurture an external network of relationships
  4. The job holder will participate in cybersecurity forums.
  5. Appropriate regional and cross country forums will require participants to ensure
    teambuilding and sharing of best practices across the organization.


Education and Qualifications

  • Degree in Computer Science and other ICT related courses
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP


  • At least five years working experience in ICT Infrastructure Support
  • Familiarity with service delivery culture and support function
    Personal competencies


  • A structured approach to dealing with complex and variable work environments in an independent manner.
  • Ability to balance opposing business requirements.
  • Ability to balance long term and short term requirements independently
  • Strong evaluation, communication, and reporting skills
  • Able to provide advice and cause/effect evaluation to support business decision
  • Independent and logical thinker, yet an achiever and implementer
  • Leads by example
  • Good at managing large volumes of information and can add value through
    management reporting
  • Builds relationships and networks easily
  • Has a strong service ethic




Banking: 5 Years