To plan, organize, and deliver cost-effective and efficient IT security controls to protect and defend the bank’s systems against any internal and external threats (e.g. unauthorized access, cyber-attacks, etc.).
- Drive the secure application development strategy and roadmap of the bank by ensuring applications are securely designed and developed.
- Implement application security governance by defining, developing, implementing, and maintaining required policies, procedures, standards, and guidelines.
- Provide ownership of security of all systems and applications developed and acquired by the bank.
- Establish security requirements and designs for all developed and acquired systems.
- Provide security assurance of all applications implemented by validating the implementation of security designs, conducting applications code reviews and security assessments to eliminate security vulnerabilities.
- Conduct periodic security assessments and review of implemented systems to ensure their continued compliance with security standards.
- Establish, maintain, and implement optimal security configurations of all servers OS, workstations OS, virtual environments, databases, middleware, and applications.
- Conduct research and make recommendations on systems security solutions, services, protocols, standards, and best practices in support of systems security continuous improvements.
- Maintain an inventory of security systems, hardware, and software used by the bank.
- Support continuous security monitoring efforts of all systems within the bank to detect and resolve security incidents and violations.
- Prepare and maintain systems security documentation including security architecture and designs of systems and applications.
- Implement security improvements by continuously assessing the implemented controls, evaluating security risks and anticipating requirements.
- Knowledge of modern software development trends as well as in-depth understanding of software security practices.
- Knowledge of systems security standards and baselines in Operating Systems, Databases, middleware, and applications; Hands-on experience in implementing applications in a wide range of Operating Systems is mandatory.
- Hands-on experience in Application Security testing tools with SAST and DAST capabilities.
- Familiarity with security standards such as OWASP Testing Guide, OWASP ASVS, NIST, and Sans top 20.
- Ability to communicate complex security concepts in an easy to understand business language.
- Demonstrated leadership and personnel management skills.
- Good interpersonal, written, and oral communication skills in English and Swahili.
- Demonstrable honesty, integrity, and credibility; ability to engender the trust and confidence of internal constituency and external partners.
Qualifications and Experience
- At least a Bachelor’s degree in Computer Science or related academic field.
- Preferred professional certifications such as CEH, CISM, CISA, CISSP, or any other relevant security certifications.
- At least 5 years of relevant work experience.
- Solid Hands-on experience in Computer Programming in either Java, PHP, and Python is mandatory.
- Solid experience in implementing applications in various operating systems is mandatory.
NMB Plc is committed to creating a diverse environment and is proud to be an equal opportunity employer.
Please be advised that if you are not contacted within 14 working days of the advert closing date then you have not been shortlisted.
“NMB Bank Plc does not charge any fee in connection with the application or recruitment process. Should you receive a solicitation for the payment of a fee, please disregard it”.
Deadline: 14 August, 2020