Get a free C.V. review by sending your C.V. to firstname.lastname@example.org or click the following link. Submit C.V.! use the subject heading REVIEW.
IMPORTANT: Read the application instructions keenly, Never pay for a job interview or application.
Click the Links Below to Get Job Updates.
Monitor organization-wide compliance with information security policies and standards and proactively identify areas of emerging cyber risks and provide recommendations in liaison with the Information security officer
- Work with the business to understand the day to day activities and evaluate that controls provide adequate security and compliance.
- Monitor organization wide compliance with information security policies and standards and proactively identify areas of emerging cyber risks and provide recommendations in liaison with the Information security officer.
- Participate in the review and development of information security policies, and related standards and guidelines, by representing the risk department in the ICT working group;
- Perform periodic user rights reviews for staff and ICT administrators across business systems to ensure privileged access risks are controlled.
- Monitor that data is captured, stored, processed and disposed off as per the policies. He/she should make sure that data is safeguarded and used responsibly by the data owners at various functional levels.
- Conduct quarterly ICT Risk reviews and maintain an up-to-date ICT risk register for all the subsidiaries in CIC Insurance Group and proactively oversee implementation of risk mitigations.
- Support the development of a risk awareness culture across the group through periodic trainings and risk awareness communicate.
- Research on emerging ICT risks and present a quarterly report to Risk committee of management for every subsidiary.
- Support business systems owners in the definition of information security requirements for existing and new applications and communication systems;
- Support project managers during the project risk management process to identify project risks and treatment approaches for systems/ technology-based projects.
- Provide expert advice on the security architecture and configuration of complex systems to the ICT department;
- Participate in quality assurance activities by validating, or overseeing the validation of, the correct implementation of security controls before systems enter production;
- Perform post implementation risk assessments for technology and information systems and recommend appropriate risk management controls.
- Evaluate training and awareness programs carried out by ICT security and HR;
- Keep abreast of developments in the field and shares security alerts with those responsible for affected operational functions;
- Communicate ICT risks to business owners and document risk acceptance.
- Represent the risk in the incident response team and coordinate the response to information security incidents;
- Perform and/or oversee red teaming exercises
- Conduct information risk assessments, identify and recommend risk mitigation measures
- Bachelor’s degree in a related field
- CISA/CISM/CRM or Progress ICT Security Certifications
- Minimum of four (4) years’ relevant experience
If you have the aforementioned professional and academic qualifications and you are ready to execute the above mandate, kindly submit your application:
Strictly apply through: https://cic.co.ke/job-application/ clearly indicating the position being applied for. E.g. ICT Risk Specialist
The application should reach us by close of business on 26th March, 2021. Please note only short listed candidates will be contacted. If you do not hear from us by 30th April, 2021 consider your application unsuccessful.