Deadline of this Job: 25 October 2022
Job Description
• NBC is the oldest serving bank in Tanzania with over five decades of experience. We offer a range of retail, business, corporate and investment banking, wealth management products and services.
Job Summary
• Manage implementation, maintenance, and enhancement of all Desktops, Laptops, Mobile phones and Print Services focusing on a Standard Build for Desktop, Virtual Desktop, Office end user applications and Remote printing to enable the use of appropriate platform technology as an integral and reliable component of business processes.
Assist the IT department to identify control, record, report, audit and verify IT Assets and Configuration Items, including attributes, relationships and constituent and overall management of IT asset life cycle from procurement, distribution, reallocation and disposal.
Drive convergence of technologies, ensure delivery of technology projects associated with End User Computing and liaise and negotiate with internal customers and technology vendors.
Job Description
• Accountability: Service (End User Computing (EUT)) Infrastructure Availability
The prime responsibility is for maintaining the availability and reliability of GTIS End User Computing to ensure that IT can effectively meet service targets in accordance with planned business objectives.
Key Activities
• Provide a range of End User Computing service availability reporting to ensure that agreed levels of availability, reliability and maintainability are measured and monitored on an ongoing basis
• Successfully facilitate delivery of changes to reports needed by the business and ensure that reports and their dependencies are made available for the business.
• Provide holistic support of End User Computing service availability to Business Users
• Take actions to achieve reductions in frequency and duration of incidents that impact End User Computing service availability
• Ensure shortfalls End User Computing availability are recognized and appropriate corrective actions are identified and progressed
• Initiate and coordinate actions required to maintain or improve availability of End User Computing service
• Act as a coordination point for changes to GTIS End User Computing infrastructure when needed
• Maintain an awareness of technology advancements and best practices that support End User Computing service availability
• End User Computing components management i.e. Unsupported Infrastructure and Application Management (EUT UIA)
Asset and Configuration Management
• Help define and maintain Configuration Item (CI) naming and numbering conventions in Service now
• Support compliance to Configuration Item (CI) registration procedures
• Interfaces with Finance team to perform mass updates, corrections, or attribute changes to the asset tool database
• Ensure detected exceptions are categorized and managed back through the appropriate corrective action control process
• Performs regular housekeeping on asset tool database by maintaining value lists and archival process information
• Responsible for the day to day hands on operations of the process
• Verifies Asset tool database data against proposed changes and implemented changes
• Verify all information on assets disposed as per procedure and update the inventory list
• Assist in conducting audits
• Work with Finance: Asset Manager to ensure all company’s assets are consolidated, traced, recorded and properly monitored.
Asset MI Reporting
• Prepare an asset inventory list; distribute the list to each Department/branch quarterly and dept/branch will be responsible to verify the accuracy of the inventory listed by physically identifying those assets on the list that are accounted for. The dept/branch is also responsible for adding any asset that is not included on the listing
• Compile any exceptions in order to provide a complete accounting of all assets recorded in the inventory system
• Conducts inventories and reconcile all technology assets with current IT Assets and financial database on quarterly basis
Provide reports on the status of Configuration Items (CIs)
Accountability: Test Management
• Responsibility is to ensure that proper testing occurs for all GTIS End User Computing changes released into the production environments as assigned to you by Line Management
Key Activities
• Work closely with Release/AV/Patches Analysts
• Review releases/AV/patches and assign appropriate release testing tasks
• Compile and review the Testing Deliverables
• Conduct installation procedure tests
• Participate in functional, performance, and integration testing results
• Coordinate user acceptance testing
• Coordinate back out testing
• Conduct supporting documentation review
• Compile test results
• Conduct release test review
• Coordinate post release testing
• Validate and communicate results of testing activities
Accountability: Risk Management
• Build relationship with country IT Risk and Governance team and provide support wherever required.
• Contribute and deliver to the improvement of the risk profile by delivering improved governance, risk management, controls and compliance requirements.
Accountability: People Management
• Responsible for leading and guiding outsourced End User Support Engineers to provide end user support services in agreed levels of availability, reliability and maintainability.
• Responsible for driving own Performance Development, collating relevant documentation, preparing for and arranging reviews.
• By utilizing skills matrix, identify training and development requirements, formulating own plan to be agreed with team leader. Responsible for ensuring own plan is completed within agreed timescales.
• Undertake all necessary training in order to perform the role to the required standards, including gaining accreditation where appropriate.
Qualifications
• Analytical Thinking – Basic (Meets all of the requirements), Bachelor’s Degree – Information Technology, Enabling team success (Meets some of the requirements and would need further development), Experience in a similar environment at junior specialist level, IT Infrastructure & Assets (Meets some of the requirements and would need further development), IT Support (Meets all of the requirements), Openness to change (Meets some of the requirements and would need further development), Quality orientation (Meets some of the requirements and would need further development)
Deadline of this Job: 25 October 2022
JOB DETAILS:
Job Summary
• The Technology Risk & Cyber Security Specialist is responsible for ensuring that specific Technology Risk and Cyber Security controls & solutions are applied to ensure confidentiality, Integrity, availability and non-repudiation of NBC information systems and data are at optimum level, and that they comply with the Technology Key Risk as well as Cyber Security policies and standards, and consequently meets the businesses requirement and safeguards the Bank’s computing environment, business operations and reputation.
Job Description
• Conducting risk assessments to all new IT systems, identifying the risks that may be introduced and their corresponding controls measures required to mitigate the identified risks.
• Conduct controls snap checks around technology operations and cyber security critical processes.
• Perform regular security assessments on systems configurations, application security, databases, networks and data centers to determine security violations and inefficiencies.
• Be involved in projects implementation providing security guidance from the initial stages of systems/ software development up to the end.
• Assist on threat intelligence and attack monitoring activities identifying abnormalities, reporting violations and recommend essential control measures.
• Monitor identity and access management, including monitoring for abuse of permissions by authorized system users.
• Monitor organization’s networks for security breaches and incidents to identify the root cause and investigate a violation when one occurs.
• Regular monitoring, measuring and reporting of technology risk and cyber security thresholds and the related key indicators, identify and define reasons for out of threshold indicators
• Respond to security incidents including ‘phishing’ emails and ‘pharming’ activity, breaches etc.… and mitigate the consequences of a cyber-incident.
• Analyze security events and incidents, identify root cause and impacted control objectives. Ensure risk events are booked for all critical security incidents
• Undertaking third-party due diligence & security assessment for critical IT Vendors and Service Providers to ensure they meet security requirements.
• Assist with internal and external audits engagements relating to information security and technology risk
• Oversee internal and external security assessment activities (Vulnerability Assessment and Penetration Test- VAPT)
• Participate/ provide support in fraud investigation that related to technology risk and cyber security
• Plan for disaster recovery and create contingency plans in the event of any security breaches
• Coordinate implementation of regulatory requirement, and monitor compliance for the same.
• Maintain an information security and technology risk register and actively monitor and coordinate remediation of technology and cyber security control gaps
• Perform and/or coordinate regular security awareness training for all employees to ensure consistently high levels of compliance with IT Security policies.
• Keep abreast of the latest technology &b security threats and development.
• Perform other job-related duties as assigned.
Qualifications and Experience
• Advanced diploma or bachelor’s degree in management information systems, or related field.
• At least one professional Certification in Information Security, System Audit or IT Governance e.g. CISM, CISSP, CISA, CRISC, CGEIT, CEH, or CCNA Security
• At least one professional qualification in ITSM related area (i.e. ITIL or COBIT)
• Familiarity with security frameworks (e.g. NIST Cybersecurity framework) and risk management methodologies
• Good understanding of Infrastructure (servers and network) designs and architecture.
• At least 4 years of prior relevant experience
• Proficiency in Security and Risk management
• Vulnerability management and penetration testing
• Identity and Access Management
• Communications and Network Security.
• Security Operations
• Application Security
• Asset Security
• System Resilience and Data Recovery Capabilities
Qualifications
Bachelor`s Degrees and Advanced Diplomas – Information Technology, Certified in Risk and information systems Control (CRISC) – Other, Digital familiarity (Meets some of the requirements and would need further development), Experience in a similar environment, IT Security (Meets some of the requirements and would need further development), Openness to change (Meets some of the requirements and would need further development), Process optimisation (Meets some of the requirements and would need further development), Reasoning (Meets all of the requirements), Risk and Security Management (Meets some of the requirements and would need further development)