Manager IAM at CRDB Bank Tanzania

Reporting Line

HEAD OF CYBERSECURITY

Location

Tanzania Head Office

Department

CYBERSECURITY UNIT

Number of openings

1

Job Purpose

The Manager: Identity and Access Management (IAM) will lead the development, implementation, and continuous improvement of enterprise identity and access controls. This role is responsible for ensuring secure, compliant, and seamless access to the bank’s systems and digital services by driving the design, governance, and operation of IAM capabilities.

The position oversees Access Management, Privileged Access Management (PAM), and User Access Management (UAM) functions, ensuring consistent enforcement of identity policies, automation of access processes, and reduction of access-related risks. The role will provide subject matter expertise in identity security, guide the implementation of modern IAM technologies, and ensure that identity controls are fully integrated into business processes, system onboarding, and cybersecurity initiatives.

Principle Responsibilities

• Define and own the IAM strategy and roadmap, aligning capabilities (Access Management, UAM, PAM) with cybersecurity priorities, business objectives, and regulatory obligations.
• Establish and enforce IAM policies and standards, ensuring alignment with internal bank policies, regulatory requirements, and industry best practices (e.g., least privilege, just-in-time access, Credential rotation, separation of duties, zero trust).
• Govern the enterprise RBAC model: oversee design, approval, maintenance, role engineering, and comprehensive documentation.
• Set IAM performance metrics and SLAs (e.g., JML timeliness, access request turnaround, access review completion, PAM coverage) and report on them to senior cybersecurity leadership.
• Own end-to-end Joiner–Mover–Leaver (JML) execution across all in-scope applications, platforms, and directories—ensuring timely, accurate provisioning, changes, and de-provisioning with strong automation.
• Support automation of access processes (provisioning, de-provisioning, approvals, re-certifications) this is to reduce manual touchpoints, errors, and cycle time.
• Lead periodic user access reviews/attestations with business owners, ensure Segregation of Duties control enforcement, track remediation, and maintain audit-ready evidence.
• Maintain comprehensive IAM/UAM documentation—procedures, playbooks, runbooks, and user guides—and ensure they are current and version-controlled.
• Own and administer the enterprise PAM platform, including vaulting strategy, policy configuration, integrations, and platform health/availability.
• Ensure complete and continuous onboarding of privileged accounts (human and non-human) into PAM with appropriate classifications and controls.
• Enforce privileged access controls, including session recording, just-in-time (JIT) access, credential rotation, and break-glass procedures; support continuously monitoring and auditing privileged sessions for violations and misconfigurations.
• Enable and upskill administrators and operators on secure privileged access usage via PAM, including approved workflows, session launchers, and integrations.
• Risk, Incident, and Compliance 14. Lead incident management for access-related events, including violations, misconfigurations, and unauthorized access; drive root-cause analysis, corrective actions, and preventive controls.
• Continuously assess access risks across systems and drive risk reduction initiatives coverage expansion, control hardening, and exception management.
• Ensure secure integration of IAM with enterprise systems (apps, directories, cloud platforms, federation/SSO, MFA), working closely with engineering, infrastructure, and application teams.
• Evaluate and implement IAM enhancements (e.g., improved workflows, connectors, MFA/SSO patterns, passwordless/JIT), manage changes through defined CAB and change management processes.
• Own vendor relationships and licensing for IAM/PAM tools, manage upgrades/patching, and ensure platform scalability, reliability, and performance.

Qualifications Required

• Bachelor’s degree in computer science/engineering, Cyber Security, Software engineering, or related academic field.
• Industry certifications such as CISA, CISSP, or ISO 27001 LA/LI are a plus.
• Minimum of 5 years of experience in Cyber Security, User access review and management, Privilege access Management, OR.

• Solid understanding of IAM and PAM tools like CyberArk, beyond Trust and any other access management and access review tools
• Familiarity with security frameworks and standards (e.g., NIST, ISO 27001, PCI DSS).
• Experience in User access right review processes and Procedures, User Matrix Setup, and management.
• Basic knowledge of Incident management and Troubleshooting.
• Understanding of ICT infrastructure, networks, and application administration.
• Analytical and problem-solving skills, especially in identifying and mitigating security risks.
• Ability to work collaboratively within cross-functional teams.
• Basic project management and documentation skills.
• Strong foundation of the required skills and knowledge through projects, programs, and related experience.

CRDB Commitment

CRDB Bank is dedicated to upholding Sustainability and ESG practices and encourage applicants who share this commitment. The Bank also promotes an inclusive workplace, hence applications from women and individual with disabilities are encouraged.

It is important to note that CRDB Bank does not charge any fees for the application or recruitment process, and any requests for payment should be disregarded as they do not represent the bank’s practices.

Only Shortlisted Candidates will be Contacted.

Deadline

2026-02-12

Employment Terms

PERMANENT