Digital Security and Resilience Manager
Ict & Computer Jobs
- BancABC Zimbabwe
- Expires 11 Feb 2026
- Harare
- Full Time
Job Description
A Digital Security and Resilience Manager oversees the Bank’s ability to protect digital assets and customer information
and to prevent, withstand, respond to, and recover from security incidents with minimal impact on critical business
services. The role combines security leadership (governance, risk, controls, detection, response) with operational
resilience (business continuity, disaster recovery, impact tolerances, testing) across digital channels,
Duties and Responsibilities
SECURITY GOVERNANCE, RISK & RESILIENCE STRATEGY
• Plan resource requirements based on monthly/quarterly security and resilience targets and risk posture.
• Lead the Security & Digital Resilience Strategy aligned to bank strategy and global standards (e.g., NIST CSF outcomes & BIS
Security-resilience).
• Lead the Security Governance Plan across Technology Services, including the full policy/standard/procedure lifecycle (draft, review, approve, communicate, measure compliance).
• Lead the annual Security & Information Security Plan covering risk assessments, control implementation, awareness, detection, response, recovery and continuous improvement.
• Lead the Technology Risk Plan with Enterprise Risk: maintain risk register, top risks, treatment plans, KRIs, thresholds and escalation paths.
• Integrate Business Continuity & Operational Resilience: define critical services, dependencies, impact tolerances and test scenarios with business owners.
• Establish annual goals, objectives and operating procedures for Security, Resilience & Risk with Technology Heads;
• Update Security & Governance policies, standards and procedures (cloud, data protection, IAM/PAM, incident, DR/BCP, vulnerability, third-party; submit for approval; communicate and track attestation.
2. FINANCIAL MANAGEMENT AND CONTROL
• Formulate the Security & Resilience budget (OPEX/CAPEX) and submit for consolidation.
• Manage utilisation, track variances and reforecast.
• Optimise
tooling/licensing
operating
costs
(SIEM/EDR/PAM/DLP/CSPM).
• Oversee preventive
controls that avoid financial loss from
misconfigurations or fraud exposure.
3. DIGITAL SECURITY AND GOVERNANCE MANAGEMENT AND CONTROL
• Lead design, testing, control and maintenance of security and resilience capabilities (EDR/DR, SIEM/SOAR, IAM/PAM, DLP, WAF, CSPM/CWPP, HA/failover).
• Enforce change management for security-relevant changes.
• Oversee intrusion detection & coordinated incident response with SOC and Infra/App teams.
• Identifying and Recommending schedules for security improvements, reconfigurations, upgrades, and/or purchases in liaison with the line managers.
• Coordinate penetration testing and vulnerability management; drive timely remediation.
• Maintain SIEM/SOAR use-case roadmap mapped to threat model and resilience observability (failover readiness, health thresholds, capacity).
• Preparing monthly incident reports on security breaches and submit to the Head Technology Services.
• Review user access/privileges (IAM/PAM); run quarterly certifications;
ensure emergency access ("break-glass") resilience.
• Preparing Regulatory Technology Services and Board reports and submits to the Head Technology Services
SOFTWARE QUALITY, TECHNOLOGY RISK & RESILIENCE
ENGINEERING
• Embed security and resilience in SDLC (SAST/DAST/IAST, SCA, secrets mgmt, resilience patterns such as circuit breakers/bulkheads/graceful degradation).
• Ensure participation in UATs with security/resilience acceptance criteria.
• Prepares Technology Risk sign-offs for new and existing products and services and submits to Risk department.
• Identify vendors/tools with Procurement; evaluate security and resilience capability and fit
• Maintain procedures to identify/measure/monitor/control technology and resilience risk (SPOFs, capacity, fragility, recovery capability).
• Compile monthly risk reports on internal/external developments (threat intel, emerging risks, lessons learned).
• Monitor new product/service implementations for regulatory, security and resilience compliance.
• Track closure of audit & assurance findings; report status.
5. DISASTER RECOVERY, BUSINESS CONTINUITY &
OPERATIONAL RESILIENCE
• Design, document and implement DR plans for OS, DB, networks, servers, applications; map dependencies across on-prem and cloud.
• Lead the Operational Resilience Testing Framework (severe-but-plausible scenarios, Security recovery, manual fallback, facility outages, cloud region failover).
• Conducts ad hoc security or vulnerability checks on systems in line with Technology Services policies and procedures and potential threats.
• Conducts ad hoc security or vulnerability checks on systems in line with Technology Services policies and procedures and potential threats.
• Define and refine impact tolerances for critical services; track and report exceedances.
6. DEPARTRMENTAL MANAGEMENT
• Develop plans to meet agreed goals and objectives (OKRS/KPIS).
• Review and recommend optimum structure; maintain clear
• RACI
(SOC/GRC/Resilience coverage).
• Ensure staffing, skills, succession and training plans.
• Ensures that the section team operates in line with the departmental policies and guidelines and that requisite human resource policies, procedures and systems are followed accurately;
Run weekly team meetings; agree targets, tasks and actions.
THIRD-PARTY & SUPPLY CHAIN SECURITY
AND RESILIENCE RISK
• Implement third-party risk framework (tiering, due diligence, monitoring, exit).
• Ensure contractual security & resilience clauses (breach notification, audit rights, data location, failover, RTO/RPO).
• Perform resilience assurance for critical suppliers (DR/BCP tests, backup guarantees, interdependency risk, incident timelines).
8. METRICS, REPORTING & CONTINUOUS IMPROVEMENT
• Maintain KRI/KPI dashboards (control coverage, incidents, MTTD/MTTR, patch SLAs, policy currency, service availability, failover time).
Run annual maturity assessment (e.g., NIST CSF
Profile/FFIEC CAT/CRI) and track improvement plan.
Drive problem management/RCAs for repeat incidents and disruptions; embed lessons learned.
9. COMPLIANCE, AUDIT & REGULATORY ENGAGEMENT
• Ensure compliance with applicable laws, standards and Supervisory expectations; maintain evidence for inspections.
• Coordinate internal/external audits and examinations; track and close findings.
• Prepare and deliver executive/board-level security & resilience reports and regulatory notifications as required.
Qualifications and Experience
QUALIFICATIONS AND WORK EXPERIENCE
• Bachelor's Degree Information Security, Computer Science or Information Technology, Information Systems
• 5 years' experience in a similar or related environment, with a minimum of 2 or more years in a Management position.
Experience in the Banking sector (payments, core banking, SWIFT/PCI scopes ) will be an added advantage.
• Hands-on familiarity with SIEM/SOAR, EDR/DR, IAM/PAM, DLP, WAF, CSPM/CWPP, GRC tooling and DR/BCP practices.
• The successful candidate should possess professional certifications demonstrating expertise in digital and cloud security, risk management, governance, and operational
SKILLS AND COMPETENCIES
Strong analytical capability with the ability to see the big picture
• Excellent verbal, written, influencing, and presentation skills
Effective people and team management, with the ability to simplify complex concepts
Strong stakeholder engagement skills across a matrix environment
Solid project and process management capability
Solution-oriented, resilient problem solver with sound risk evaluation and decision-making skills
JOB RELATED KNOWLEDGE
• Cybersecurity principles, frameworks, and best practices (e.g. NIST, ISO 27001, CIS)
• Information security governance, risk management, and compliance
Digital risk assessment, threat modelling, and vulnerability management
• Incident response, cyber crisis management, and business continuity planning
IT infrastructure, networks, cloud platforms, and application security
Data protection, privacy regulations, and regulatory compliance requirements
• Security monitoring tools, SIEM, and threat intelligence solutions
Disaster recovery planning and operational resilience frameworks
• Secure systems architecture and access control mechanisms
• Emerging cyber threats, attack vectors, and defensive technologies
Third-party and vendor risk management
• Technology controls within financial services or regulated environments
How to Apply
Interested applicants who meet the job requirements should e-mail their CVs to Careerszim@bancabc.co.zw with the Heading: “Vacancy –
Digital Security and Resilience Manager attaching all your academic certificates and transcripts.
APPOINTMENTS WILL BE MADE IN COMPLIANCE WITH BancABC’s RECRUITMENT POLICY.
Closing date: 11 February 2026 @ 1630hrs
