Jubilee Insurance was established in August 1937, as the first locally incorporated Insurance Company based in Mombasa in 1937. Jubilee Insurance has spread its sphere of influence throughout the region to become the largest Composite insurer in East Africa, handling Life, Pensions, general and Medical insurance.

Job Ref. No. JLIL 254

Role Purpose

The IT Risk and Compliance Manager, will serve as an expert advisor to all stakeholders in defining, recommending, and implementing necessary policies, controls, and procedures to cost-effectively assess and manage security-related risk, educate workforce, and support/participate in regulatory IT compliance activities, especially with regards to, data privacy, cybersecurity, IT disaster recovery management, IT risk management and related legislation.

Main Responsibilities

• Support the company strategy for access controls, compliance, audit, and penetration test remedial actions tracking that supports the business and support units and enables risk management and regulatory compliance. The challenges include identifying where and how we use data; determining what tools and technologies we should deploy; ensuring that preventive/detective/corrective controls are in place and functioning effectively; staying current with government regulations and commercial agreements governing the use of data.
• Organize and lead IT Risk/Compliance training programs across departments, to educate and inform employees about our practices and standards, raise the level of cooperation, and help people understand the rationale for the rules.
• Manage internal and external audit and testing programs, reporting risks and compliance areas that need correction to the senior management team and prioritizing the said work.
• Reviewing and responding to security questionnaires and contract questions from customers on Jubilee’s information security policies and practices.
• Assesses potential items of risk and opportunities of vulnerability in the network and on information technology infrastructure and applications.
• Participates in the development and maintenance of a global risk framework (a single view of the company’s risk profiles and tolerance.)
• Oversee information security governance & compliance consultancy to the Jubilee Holding companies.
• Oversee the group ITDR program aligned to best practice as captured in the ISO 22301:2019 and ISO27001:2013.
• Support & oversee the implementation of ISO 20000 compliant IT Service Management Systems (ITSMS)
• Support the design of robust security and privacy technical controls architectures to support the inhouse data privacy program.
• Provides reports to leaders regarding the effectiveness of IT controls adopted for governance, information security and data privacy.
•  Work with integrity, passion, and commitment through:
  • Full compliance of Jubilee Insurance’s non solicitation policy
  • Protection of company’s data base, IP, strategy and secrets, sensitive, personal, and confidential client data
  • Any other duties that may be assigned by management.

Requirements

Key Competencies

• Strong knowledge and experience of applicable frameworks and regulatory requirements, e.g., ISO 2700x, ISO20000 series, NIST
• In-depth knowledge of security, risk, compliance issues, techniques, and implications across all existing computer platforms.

Qualifications

• Bachelor’s degree in computer science, Information Systems or another related field.
• CISSP/CISA/CISM/CRISC certification.
• ISO27001/ ISO2000 Lead Implementer certification.

Relevant Experience

• 4+ years’ experience of working in an information security role, IT Audit, or IT Risk with a good understanding of information security risk assessments.