Responsible for protection of system boundaries, keeping computer systems and network devices hardened against attacks and securing highly sensitive data. This includes designing and managing computer security architecture and developing cyber security designs as per the established security requirements. Ensuring security minimum requirements and best practices are applied consistently across existing and new systems.

• To design, implement and enforce Cyber Security Policies to ensure alignment with related corporate policies.
• To understand and provide expert advice on the Cyber security risks facing information assets.
• Responsible for the technical Cyber security strategy, proposing and implementing solutions and processes to continuously reduce the risks and effects of hacking and cybercrime.
• Responsible for forensic investigation of Cyber security incidents/breaches, providing regular reporting using the appropriate assurance framework.
• Responsible for gathering network intrusion artefacts that include domains, Uniform Resource Identifiers (URIs) and certificates.
• Provide global operational ownership for Network security infrastructure & operations (firewalls, proxies, content filtering, load balancers, VPN gateways, IDS, IPS), enforcing standards, policy compliance and running day-to-day operations.
• To coordinate regular security testing with high-quality reporting. Responsible for the subsequent hardening of IT systems based on the results of regular tests.
• Implement technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
• To administrate and monitor using specific Cyber Security applications including [but not limited to] the company-wide IPS/IDS, Firewalls, DDoS Protection, Anti-Virus, Server Patching, Web-Filtering, NAC, Data Loss Prevention, Proxy and E-mail filtering, identity management system and tokenization. This requires continuous re-assessment of suitability for purpose and making or recommending any required changes.
• Run various assessment tools to obtain insight on security posture and create various reports for management and stakeholders.
• Provide remediation consultation to global teams to support enterprise risk reduction efforts.
• Monitoring of all IT assets on configuration integrity in order to proactive manage the bank’s environment.
• Engineer, implement and monitor security measures for the protection of computer systems, networks and information assets.
• Identify and define system security requirements standards of the bank.
• To be responsible for regular security testing with high-quality reporting. Responsible for the subsequent hardening of IT systems based on the results of regular tests.
• Hardening of all IT assets before being promoted to the production environment. The formal checklist will be used for installation/changes of any configuration in the bank’s environment for a new/existing setup.
• Help enhance and maintain current hardening standards for all information assets this includes but is not limited to servers, workstations, databases, audiovisuals and network devices.
• Support penetration testing activities and exercises.
• Recommend through assessment-based findings, outcomes, and propositions for further system security hardening enhancement.
• Reviewing configuration API and PKI of the bank to ensure its compliance to the established standard on regular basis.
• Responsible for information security awareness and training program that informs and motivates workers on cyber-security matters as per the SAT program.
• Create network security technology infrastructure architectures in support of business and technical initiatives.
• Implement new technology on the network security and ensure security hardening and effectiveness of the control. Implement and Ensure compliance of the Cybersecurity framework within the organization.
• Participate in the incident response program, ensuring that the program is tested throughout the organization and that every staff knows his or her duties during such an incident.
• Prepare and report all security incidents to the ICT Management or as directed by the line manager.
• Evaluate network topology and device configurations to pinpoint critical security concerns and offer the best security practice recommendations.
• Assist in network device integrity analysis on multi-vendor products.
• Real-time monitoring of network user activities.
• Work with different units in the department to reduce system configuration risk.The CRDB Bank Management may assign other responsibilities as needed.

• Bachelor’s degree in computer systems technology or a related academic field.
• At least 1 ICT Security professional certifications, CCNA, CCNP, CISSP, CEH, etc.
• Expert knowledge of current IT cyber security issues·
• Management of a complex IT Infrastructure within a large enterprise-level organization.
• Contingency and Disaster Recovery Planning.
• Up-to-date knowledge of technical applications.
• Ability to think ahead and anticipate problems, issues, and solutions.
• Experience providing IT-focused Enterprise Architecture and strategy.
• Windows Operating Systems and Active Directory Management.
• Anti-virus domain infrastructure.
• At least 3 years of general ICT Security experience in a banking environment.
• Experience working in a deadline-oriented incident management environment managing multiple issues simultaneously.
• Technical handling interaction with vendors, contractors, and other stakeholders.

CRDB Bank is dedicated to upholding Sustainability and ESG practices and encourage applicants who share this commitment. The Bank also promotes an inclusive workplace, hence applications from women and individual with disabilities are encouraged.

It is important to note that CRDB Bank does not charge any fees for the application or recruitment process, and any requests for payment should be disregarded as they do not represent the bank’s practices.

Only Shortlisted Candidates will be Contacted.