Manager: Infrastructure Security

Company: CRDB Bank

Reporting Line: HEAD OF TECHNOLOGY INFRASTRUCTURE

Department: CYBERSECURITY UNIT

Number of openings: 1

Job Purpose

The Manager: Infrastructure Security will lead the design, implementation, and continuous improvement of the bank’s infrastructure security capabilities. This role is responsible for securing the bank’s network, database, virtualisation, and communication infrastructure, ensuring resilient and well-defended systems across all corporate and branch environments. The position oversees a broad portfolio of security solutions spanning network security, email security, remote access, database security, data protection, and PKI, ensuring that all controls are aligned with cybersecurity policy, regulatory requirements, and business objectives. The role provides subject matter expertise across infrastructure security domains, drives incident response coordination for ICT-related events, and ensures that security technologies are effectively deployed, monitored, and continuously improved to protect the bank’s critical systems and data.

Principle Responsibilities

• Manage and administer Email Security solutions, including anti-phishing controls, DMARC, SPF, and DKIM configurations, ensuring robust protection of the bank’s email channels against spoofing and phishing attacks.
• Oversee the security of virtualisation platforms, ensuring that hypervisors, virtual machines, and related infrastructure are hardened, monitored, and compliant with cybersecurity standards.
• Manage the Air Gap Solution to support secure data backup, ensuring that critical data is isolated from network-connected environments and recoverable in the event of a ransomware or cyber incident.
• Administer and govern Database Security, including the deployment and management of Database Activity Monitoring (DAM), database firewall solutions, and overall database security posture to protect sensitive data from unauthorised access and misuse.
• Lead Network Security operations, including the management and maintenance of network firewall management platforms, enforcement of rule-based access controls, and regular policy audits to ensure firewall configurations remain current, effective, and compliant.
• Serve as the primary point of contact for ICT-related security incidents, coordinating investigations, supporting forensic activities, driving root-cause analysis, and ensuring timely escalation and resolution in line with the bank’s incident management framework.
• Manage the Network Detection and Response (NDR) solution, ensuring continuous monitoring of network traffic, rapid detection of anomalies and threats, and timely escalation and response to network-based security incidents.
• Administer and maintain remote access solutions, ensuring secure, authenticated, and policy-compliant connectivity for employees, contractors, and third parties accessing the bank’s systems from remote or external locations.
• Ensure the proper implementation and ongoing management of Network Access Control (NAC) across corporate and branch networks, controlling device authentication and enforcing access policies to prevent unauthorised endpoints from connecting to the bank’s network.
• Administer the DDoS protection solution, ensuring the bank’s internet-facing services and critical infrastructure are protected against volumetric, protocol, and application-layer denial-of-service attacks, with appropriate alerting and response procedures in place.
• Ensure the implementation of Network Segmentation strategies to isolate critical systems, limit lateral movement, and reduce the attack surface across the bank’s corporate, branch, and data centre environments.
• Manage the Web Application Firewall (WAF) solution, configuring and maintaining rulesets to protect web-facing applications from common and emerging threats such as SQL injection, cross-site scripting (XSS), and application-layer DDoS attacks.
• Administer and govern the bank’s Public Key Infrastructure (PKI), including the lifecycle management of SSL/TLS certificates across all systems and services, ensuring timely renewal, proper issuance controls, and compliance with cryptographic standards.
• Manage sensitive data locations across the bank’s infrastructure, ensuring that data stores containing personally identifiable, confidential, or regulated data are identified, classified, and subject to appropriate security controls and access restrictions.
• Oversee the implementation and management of native and third-party encryption technologies to protect data at rest and in transit, ensuring encryption standards are consistently applied across servers, storage, databases, and communication channels.
• Implement and manage Data Masking and Tokenisation solutions to de-identify sensitive data in non-production environments and reduce exposure in business processes, ensuring compliance with data protection regulations and minimising the risk of data leakage.
• Own vendor relationships and licensing for all infrastructure security tools and platforms, managing upgrades, patching, and renewals, and ensuring solutions remain scalable, reliable, and aligned with the bank’s evolving security requirements.

Qualifications Required

Knowledge

• In-depth knowledge of network security technologies including Next-Generation Firewalls (NGFW), IDS/IPS, NAC, NDR, DDoS protection, VPN, and network segmentation techniques.
• Strong understanding of email security protocols (DMARC, SPF, DKIM, anti-phishing), PKI/SSL certificate management, WAF technologies, and database security tools including DAM and database firewalls.
• Familiarity with data protection technologies including encryption (native and third-party), data masking, tokenization, and sensitive data discovery and classification across structured and unstructured environments.
• Working knowledge of ICT incident management processes, virtualization security, Air Gap backup solutions, and security frameworks and standards (e.g., NIST, ISO 27001, PCI DSS).
• Understanding of remote access architectures, Network Access Control principles, and secure connectivity solutions for corporate and branch environments.

Skills

• Strong analytical and problem-solving skills, with the ability to assess complex infrastructure security risks and design effective, proportionate controls.
• Good interpersonal and communication skills.
• Commitment to staying current with evolving infrastructure security threats, technologies, and industry best practices.
• Ability to work collaboratively within cross-functional teams.
• Project management and documentation skills, with the ability to manage multiple concurrent security initiatives, maintain runbooks and procedures, and report to senior leadership.

Qualifications

• At least 5 years specifically in a supervisory or managerial leadership role overseeing security operations, infrastructure, or IT teams.
• Bachelor’s degree in computer science/engineering, Cyber Security, Software engineering, or related academic field.
• Industry certifications such as CISSP, CISM, CompTIA Security+, CCNP Security, or ISO 27001 LA/LI are a plus.

CRDB Commitment

CRDB Bank is dedicated to upholding Sustainability and ESG practices and encourage applicants who share this commitment. The Bank also promotes an inclusive workplace, hence applications from women and individual with disabilities are encouraged.

It is important to note that CRDB Bank does not charge any fees for the application or recruitment process, and any requests for payment should be disregarded as they do not represent the bank’s practices.

Only Shortlisted Candidates will be Contacted.

Application Deadline

2026-03-25

Employment Terms

PERMANENT