FINCA Microfinance Bank Tanzania is a social-impact financial institution that has been providing loans, savings, and other services in the country since 1998. It was the first microfinance institution in Tanzania to be licensed as a bank by the Bank of Tanzania. FINCA’s purpose is to provide accessible and impactful financial services to low-income individuals and communities, helping them invest in their futures and fight poverty.

The Information Security and Business Continuity Intern will assist in implementing the Bank’s Information Security, Cybersecurity, Personal Data Protection, and Business Continuity programs. The intern will work under the guidance of the Senior Information Security and Business Continuity management to help ensure compliance with applicable laws, regulations, internal policies, and procedures and Subsidiary Policy Manual (SPM). The role is responsible for safeguarding confidentiality, integrity, and availability of information assets, IT Compliance and ensuring the protection of personal data across all business units.

ESSENTIAL DUTIES:

• Assist in the implementation and maintenance of the Information Security Management System (ISMS).
• Support in performing basic risk assessments and vulnerability checks
• Help to monitor cybersecurity logs and report anomalies.
• Participate in security awareness and training programs (e.g., phishing simulations, follow up on training attendance).
• Define and enforce implementation of security policies, standards, and procedures.
• Assist with user access reviews and documentation.
• Support in responding to security information event/incidents.
• Provide support during internal and external audits related to information security
• Support on implementation of Information Security Matrix and Control Plan
• Follow up on closure of BOT directives, Internal and external Audit related to information security and BCM
• Support in ensuring compliance with internal policies, laws and regulations on Personal data protection
• Assist in conducting Personal Data Protection Impact Assessments (PDP-IAs)
• Support in documenting and monitoring data processing activities.
• Help responding to data subject access requests under supervision.
• Assist in preparing regular reports on compliance status of the personal data protection laws and regulations.
• Assist in updating and Implement Business Continuity Management including BCM Policy, BCPs, BRP, DRP, CMP, OEP, BIA.
• Participate in Simulation exercises and awareness training BCPs, BRPs, DRP and CMP.
• Help tracking backup and recovery plans.