Job Ref. No. JLIL130 (Re-advertised)
Role Purpose
The IT Risk and Compliance Manager, will serve as an expert advisor to all stakeholders in defining, recommending, and implementing necessary policies, controls, and procedures to cost-effectively assess and manage security-related risk, educate workforce, and support/participate in regulatory IT compliance activities, especially with regards to, data privacy, cybersecurity, IT disaster recovery management, IT risk management and related legislation.
Main Responsibilities
Support the company strategy for access controls, compliance, audit, and penetration test remedial actions tracking that supports the business and support units and enables risk management and regulatory compliance. The challenges include identifying where and how we use data; determining what tools and technologies we should deploy; ensuring that preventive/detective/corrective controls are in place and functioning effectively; staying current with government regulations and commercial agreements governing the use of data.
Organize and lead IT Risk/Compliance training programs across departments, to educate and inform employees about our practices and standards, raise the level of cooperation, and help people understand the rationale for the rules.
Manage internal and external audit and testing programs, reporting risks and compliance areas that need correction to the senior management team and prioritizing the said work.
Reviewing and responding to security questionnaires and contract questions from customers on Jubilee’s information security policies and practices.
Assesses potential items of risk and opportunities of vulnerability in the network and on information technology infrastructure and applications.
Participates in the development and maintenance of a global risk framework (a single view of the company’s risk profiles and tolerance.)
Oversee information security governance & compliance consultancy to the Jubilee Holding companies.
Manage the group ITDR program aligned to best practice as captured in the ISO 22301:2019 and ISO27001:2013.
Support & oversee the implementation of ISO 20000 compliant IT Service Management Systems (ITSMS)
Support the scoping & remedial tracking of security assurance audits, including technical infrastructure security assessments,
Application Penetration Testing, Mobile Application Testing, Web application testing and governance audits.
Support the design of robust security and privacy technical controls architectures to support the inhouse data privacy program.
Delivery of Cyber Risk, IT Risk and Enterprise risk management training
Provides reports to leaders regarding the effectiveness of IT controls adopted for governance, information security and data privacy.
Work with integrity, passion, and commitment through:
Full compliance of Jubilee Insurance’s non solicitation policy
Protection of company’s data base, IP, strategy and secrets, sensitive, personal, and confidential client data
Any other duties that may be assigned by management.
Key Competencies
Strong knowledge and experience of applicable frameworks and regulatory requirements, e.g., ISO 2700x, ISO20000 series, NIST
In-depth knowledge of security, risk, compliance issues, techniques, and implications across all existing computer platforms.
Qualifications
Bachelor’s degree in computer science, Information Systems or another related field.
CISSP/CISA/CISM/CRISC certification.
ISO27001/ ISO2000 Lead Implementer certification.
Relevant Experience
4+ years’ experience of working in an information security role, IT Audit, or IT Risk with a good understanding of information security risk assessments.
If you are qualified and seeking an exciting new challenge, please apply via Recruitment@jubileekenya.com quoting the Job Reference Number and Position by 27th November 2023. Only shortlisted candidates will be contacted
Apply via :
Recruitment@jubileekenya.com