- Company: CIC Insurance
- Location: Kenya
- State: Nairobi
- Job type: Full-Time
- Job category: IT/Telecom Jobs in Kenya
CIC Insurance Group Limited, commonly referred to as CIC Group, is an insurance and investment group that operates mainly in Kenya, Uganda, South Sudan and Malawi
Monitor organization-wide compliance with information security policies and standards and proactively identify areas of emerging cyber risks and provide recommendations in liaison with the Information security officer
- Work with the business to understand the day to day activities and evaluate that controls provide adequate security and compliance.
- Monitor organization wide compliance with information security policies and standards and proactively identify areas of emerging cyber risks and provide recommendations in liaison with the Information security officer.
- Participate in the review and development of information security policies, and related standards and guidelines, by representing the risk department in the ICT working group;
- Perform periodic user rights reviews for staff and ICT administrators across business systems to ensure privileged access risks are controlled.
- Monitor that data is captured, stored, processed and disposed off as per the policies. He/she should make sure that data is safeguarded and used responsibly by the data owners at various functional levels.
- Conduct quarterly ICT Risk reviews and maintain an up-to-date ICT risk register for all the subsidiaries in CIC Insurance Group and proactively oversee implementation of risk mitigations.
- Support the development of a risk awareness culture across the group through periodic trainings and risk awareness communicate.
- Research on emerging ICT risks and present a quarterly report to Risk committee of management for every subsidiary.
- Support business systems owners in the definition of information security requirements for existing and new applications and communication systems;
- Support project managers during the project risk management process to identify project risks and treatment approaches for systems/ technology-based projects.
- Provide expert advice on the security architecture and configuration of complex systems to the ICT department;
- Participate in quality assurance activities by validating, or overseeing the validation of, the correct implementation of security controls before systems enter production;
- Perform post implementation risk assessments for technology and information systems and recommend appropriate risk management controls.
- Evaluate training and awareness programs carried out by ICT security and HR;
- Keep abreast of developments in the field and shares security alerts with those responsible for affected operational functions;
- Communicate ICT risks to business owners and document risk acceptance.
- Represent the risk in the incident response team and coordinate the response to information security incidents;
- Perform and/or oversee red teaming exercises
- Conduct information risk assessments, identify and recommend risk mitigation measures
- Bachelor’s degree in a related field
- CISA/CISM/CRM or Progress ICT Security Certifications
- Minimum of four (4) years’ relevant experience