Manager Patch and Vulnerability Management at CRDB Bank Tanzania

To lead and oversee the organization’s vulnerability assessment and patch management programs, ensuring alignment with security policies, regulatory requirements, and business objectives. This role involves strategic planning, team leadership, policy development, and cross-functional collaboration to ensure timely identification and remediation of security risks out of missing patches and vulnerabilities. The manager is responsible for reporting on program effectiveness, driving continuous improvement, and serving as a key liaison between technical teams and management.

Principle Responsibilities

• Define and execute the overall strategy, roadmap, and governance model. Develop KPIs and dashboards to track vulnerability closure rates, patch compliance, and SLA adherence.
• Present risk posture, trends, and remediation progress to senior leadership and stakeholders.
• Monitor emerging threats and vulnerabilities to proactively adjust remediation strategies.
• Provide domain and subject matter expertise in vulnerability and patch management.
• Review and coordinate the deployment of patches, updates, and security fixes across all systems, applications, and infrastructure of the bank.
• Ensure timely remediation of critical vulnerabilities and deployment of patches.
• Establish and/or enhance a standardized thorough testing process to verify the compatibility and stability of patches before deployment to production environments.
• Work closely with infrastructure, application, Cybersecurity, and IT teams to schedule and implement patching activities with minimal impact on business operations.
• Prepare detailed reports, metrics, and insights on patch compliance, analyze vulnerability remediation progress, and system performance to management and stakeholders.
• Regularly communicate the progress of patch management initiatives to management. Demonstrating system health and patching/vulnerability remediation compliance status based on predefined standards and routine maintenance of patch management.
• Provide support during incident response efforts related to vulnerabilities or issues arising from patching activities.
• Investigate and troubleshoot patch-related problems, collaborating with relevant teams to identify root causes and implement corrective actions.
• Work within the change management and service management processes within the bank for all patch/vulnerability management coordination and execution.
• Prepare and present the changes to CAB, both internal and external with regards to patch/vulnerability management.
• Support technical evaluation and evidence for security assessments and audits by internal or external reviewers or regulatory compliance efforts.
• Ensure provision of training and guidance to IT staff on patching best practices and tools usage.
• Regularly review and refine patch management processes to enhance efficiency, reduce risk, and adapt to evolving technologies.

Qualifications Required

• Bachelor’s degree in computer science, Information Security, or related field.
• Minimum of 5 years of experience in vulnerability management or IT systems security operations in supervisory role.
• Advanced certifications such as CISSP, CISM, or PMP are highly desirable.
• Proficiency in risk assessment, remediation planning, and compliance reporting.
• Strong understanding of regulatory requirements and security frameworks (e.g., NIST, ISO 27001, PCI-DSS).
• Deep understanding of Vulnerability Management Frameworks such as CVSS, CVE, and vulnerability lifecycle management.
• Expertise in patch management tools like SCCM, WSUS, Ivanti, BigFix, ManageEngine, Ansible and Respective frameworks.
• Proficiency with Vulnerability scanning tools like Qualys, Nessus, Rapid7, Tenable, etc.
• Strong understanding of Windows, Linux, macOS, and cloud platforms (AWS, Azure, GCP).
• Ability to correlate vulnerabilities with real-world threats and exploits.
• Familiarity with ITIL processes and structured change control environments.
• Awareness of cloud-native vulnerabilities and remediation strategies.
• Ability to assess, communicate, and mitigate cyber risk effectively.
• Excellent communication and stakeholder management skills.
• Strategic planning and execution. Team leadership and mentoring.
• Technical troubleshooting and root cause analysis. Project and program management.
• Automation and scripting (PowerShell, Python, Bash). Policy development and enforcement.
• Vendor and tools evaluation.

CRDB Commitment

CRDB Bank is dedicated to upholding Sustainability and ESG practices and encourage applicants who share this commitment. The Bank also promotes an inclusive workplace, hence applications from women and individual with disabilities are encouraged.

It is important to note that CRDB Bank does not charge any fees for the application or recruitment process, and any requests for payment should be disregarded as they do not represent the bank’s practices.

Only Shortlisted Candidates will be Contacted.

Deadline

2025-08-13

Employment Terms

PERMANENT