Specialist Technology Risk at NMB Bank Tanzania

Responsible for ensuring that risks related to IT Operations and Technology Third-Party Management are effectively and structurally managed, enabling the bank to make sound, risk-informed decisions that protect its overall risk posture.

Main Responsibilities:

• Drive and support the identification of potential risks related to technology infrastructure and third-party relationships risk within the bank
• Oversee technology third-party/vendor risks, ensuring governance, risk mitigation, contractual compliance, and alignment with enterprise risk appetite to support informed decision-making.
• Ensure key risks for technology infrastructure and third-party risks have been documented with controls and relevant key indicators.
• Ensure the business conducts Risk and Control Assessments (RCSAs) in accordance with guidelines issued by Operational Risk
• Proper identification of technology infrastructure and third-party control gaps at assessed departments/ designated assignment(s).
• Define, in close co-operation and alignment with the first line, the Risk Appetite Statement for Technology Infrastructure and third-party risks.
• Train the first line staff members to understand the defined controls
  
  Risk Mitigation strategies
• Support the development and implementation of controls to address technology infrastructure and third-party risks
• Document risk mitigation strategies and ensure the strategies are well analyzed and adequately documented.
• Ensure that new requirements following from new policies are implemented and followed bank-wide
• Track and validate remediation of issues and control gaps, including sustainment checks and escalation of overdue actions to the Technology Risk Manager.
  
  Risk Monitoring
• Maintain a database of all relevant third parties and track key information related to the mandatory requirements applicable to third parties.
• Continuously monitor third-party relationships and compliance to performance and service level agreements (SLA)
• Monitor capacity and obsolescence risk, technology lifecycle status, and service performance indicators across Datacenter, network, database infrastructure.
• Track progress of risk remediation action plans arising from RCSAs, risk events, audit findings, regulatory observations, and governance committee decisions.
• Monitor emerging technology adoption risks, including AI model performance and governance, cloud adoption risk, and bot exception handling.
  
  Risk Communication and Reporting
• Create 2LoD view on the risk effort of the ICT department in their infrastructure and third-party risks exposure reporting.
• Produce timely and accurate monthly and quarterly (and ad hoc) reports on technology infrastructure and third-party risks exposure to governance committees on monthly basis.
• Build and maintain executive dashboards covering IT Operations and Third-Party issues, KRI/KCI trends, issues aging, SLA breach rates, change risk metrics, and third-party performance, enabling real-time visibility of the risk posture.
• Perform advanced data analysis on technology risk datasets to identify trends, outliers, root cause patterns, and risk drivers, and present findings in a clear and actionable format for decision-makers.
• Automate exception monitoring for recurring risk indicators.
• Serve as the Technology Risk teams reporting custodian by consolidating risk assurance information across all technology risk domains, including IT operations risk, third-party and vendor risk, IT governance, and business technology continuity.

Knowledge and Skills:

• Strong understanding of technology infrastructure, IT operations, and third-party/vendor risk management across diverse platforms and enterprise systems.
• Practical knowledge of technology risk, controls, and risk management tools/methodologies, with ability to apply them in a banking or financial services environment.
• Awareness of core operational processes within IT and business units, including related procedures, control frameworks, and integration risks with third-party providers.
• Familiarity with standards and other regulatory requirements for managing technology infrastructure, payment systems, and associated third-party technology risks.
• Understanding of emerging technology risk domains, including AI model risk and governance, cloud adoption risk, and robotic process automation.
• Knowledge of data governance principles, data quality standards, and privacy requirements relevant to technology risk oversight in a large bank.
• High personal credibility and integrity, fostering trust and influence across all organizational levels.
• Strong analytical and data analysis skills, with proficiency in advanced Excel, Power BI, or equivalent visualisation tools, and comfort with querying and interpreting structured data, including SQL concepts.
• Excellent written and verbal communication skills, able to convey complex IT and third-party risk issues clearly and persuasively.

Qualifications and Experience:

• Holder of University Degree in Computer Science, Information Systems or related field
• Holder of active professional certification in Technology Risk such as CRISC, CISM and at least one Third Party or Outsourcing Risk including at least CTPRP, CSCRP, CVA, VRMP, VCP or comparable is preferred.
• Master's degree in business studies is an added advantage
• Banking certification(s) is an added advantage
• At least three (3) years of combined IT and Risk experience with broad exposure to IT operations, systems analysis, infrastructure management, and third-party/vendor risk oversight.
• Practical experience in data analysis, dashboard development, and exception reporting, with the ability to translate risk data into management-ready insights.
  
  
  NMB Bank Plc is an Equal Opportunity Employer. We are committed to creating a diverse environment and achieving a gender balanced workforce.
  
  Female candidates and people living with disabilities are strongly encouraged to apply for this position.
  
  NMB Bank Plc does not charge any fee in connection with the application or recruitment process. Should you receive a solicitation for the payment of a fee, please disregard it.
  
  Only shortlisted candidates will be contacted.

Job opening date : 05-Jun-2026

Job closing date : 19-Jun-2026