Exim Bank (Tanzania) Ltd, is a locally established commercial Bank in Tanzania since August 1997. It continues to remain in the forefront of providing quality banking services in the Country. Within a short span of 18 years of its existence, the Bank has built strong brand equity through its geographical reach, innovative products, relationship management and ability to provide a faster turnaround in services; and in the process building a loyal customer base.
It is the first bank in Tanzania to have established banking footprint overseas – Union of Comoros (2007) &Republic of Djibouti (2011).
Currently, they are a seeking a Manager Quality Assurance and Controls to be based in Tanzania.
Reporting to: Head IT
Purpose of Role
The job of Quality Assurance and Controls was established for the purpose/s of supporting the IT department in Information Security Risk Management processes within the department and the bank. The QACO will primarily assess the adequacy of security and business continuity/disaster recovery controls, evaluate threats and vulnerabilities, and calculate the level of current and residual risk and communicate these risks to business units and management. The incumbent should perform IT control reviews and application controls, perform project risk controls and project and change post implementation reviews.
Key Areas of Responsibilities:
Risk Management
- Develop an overall risk management strategy for new or existing services with key business stakeholders.
- Continuously identify, assess, measure and monitor information technology risk by performing independent hands-on risk assessments. Includes both in house systems and vendor based solutions covering Information Security, Business Continuity and compliance risk.
- Perform change management risk reviews and post implementation reviews for all change requests.
- Coordinate and conduct periodic risk assessments of the department, including but not limited to the Risk Control Self Assessment, while determining the overall IT risk appetite and ensuring bank does not venture too far from outlined risk appetite
Information Security Management
- Incumbent shall act as the Info Sys Security Manager for the bank, with primary responsibility being to identify and communicate recommended security and business continuity controls and control deficiencies for business units.
- Document and monitor the implementation of controls for technology and business project plans. He/she is also expected to conduct/coordinate regular awareness sessions on IT security and compliance.
Compliance Monitoring
- He/she shall be the overall monitoring and management of compliance to controls and standards implemented in the bank. This shall include review of both internal and external vendor contracts for compliance with Bank security, business continuity and disaster recovery requirements and recommend appropriate language as necessary
- Regularly review IT management policies to determine deficiencies in the policies and ensure compliance to international standards, best practices and regulatory requirements, while enforcing departmental and organization wise compliance to the IT management policies.
Business Continuity Monitoring
The incumbent is expected to maintain broad knowledge of best practices and trends in the field of Information Security and Business Continuity. These will include policies, standards and implementation and testing of the actual Business Continuity Plan.
The successful applicant must meet the following criteria:
- A graduate in IT, IS, Computer Science/Engineering, Mathematics or related field is desirable.
- Experience in conducting regular IT controls reviews, preferably in the banking industry.
- Basic understanding of banking environment and banking systems will be an added advantage.
- At least 3 years experience of IT general control reviews, preferably in a financial institution.
- Excellent problem-solving and organisational skills
- Good analytical skills
- A good understanding of banking products, procedures and systems
- The ability to work quickly, under pressure and to deadlines
- Good communication, presentation and negotiating skills
- A good understanding of the banking policies and regulatory requirements
- Any control or security related qualifications, such as CompTIA+, CISA, CISM
- Good understanding of international control and service standards such as ITIL, COBIT, ISO 27000 etc.