ICT Risk Specialist at CIC Insurance

PURPOSE:

Monitor organization-wide compliance with information security policies and standards and proactively identify areas of emerging cyber risks and provide recommendations in liaison with the Information security officer

PRIMARY RESPONSIBILITIES

• Work with the business to understand the day to day activities and evaluate that controls provide adequate security and compliance.
• Monitor organization wide compliance with information security policies and standards and proactively identify areas of emerging cyber risks and provide recommendations in liaison with the Information security officer.
• Participate in the review and development of information security policies, and related standards and guidelines, by representing the risk department in the ICT working group;
• Perform periodic user rights reviews for staff and ICT administrators across business systems to ensure privileged access risks are controlled.
• Monitor that data is captured, stored, processed and disposed off as per the policies. He/she should make sure that data is safeguarded and used responsibly by the data owners at various functional levels.
• Conduct quarterly ICT Risk reviews and maintain an up-to-date ICT risk register for all the subsidiaries in CIC Insurance Group and proactively oversee implementation of risk mitigations.
• Support the development of a risk awareness culture across the group through periodic trainings and risk awareness communicate.
• Research on emerging ICT risks and present a quarterly report to Risk committee of management for every subsidiary.
• Support business systems owners in the definition of information security requirements for existing and new applications and communication systems;
• Support project managers during the project risk management process to identify project risks and treatment approaches for systems/ technology-based projects.
• Provide expert advice on the security architecture and configuration of complex systems to the ICT department;
• Participate in quality assurance activities by validating, or overseeing the validation of, the correct implementation of security controls before systems enter production;
• Perform post implementation risk assessments for technology and information systems and recommend appropriate risk management controls.
• Evaluate training and awareness programs carried out by ICT security and HR;
• Keep abreast of developments in the field and shares security alerts with those responsible for affected operational functions;
• Communicate ICT risks to business owners and document risk acceptance.
• Represent the risk in the incident response team and coordinate the response to information security incidents;
• Perform and/or oversee red teaming exercises
• Conduct information risk assessments, identify and recommend risk mitigation measures

PERSON SPECIFICATIONS

Academic Qualifications

• Bachelor’s degree in a related field

Professional Qualifications

• CISA/CISM/CRM or Progress ICT Security Certifications

Experience

• Minimum of four (4) years’ relevant experience