Information Security Analyst at Geminia Insurance Company

SPECIFIC RESPONSIBILITIES:

• Develop and oversee the organization’s information security strategy, ensuring alignment with business objectives and regulatory requirements.
• Develop, enhance, and implement information security policies, procedures, standards, and controls across the organization.
• Lead the cybersecurity function and ensure adherence to security policies and standards across all business units.
• Collaborate with IT, legal, and compliance teams to maintain a strong organizational security posture.
• Ensure compliance with applicable data protection and privacy regulations, including GDPR and relevant local insurance regulatory frameworks.
• Establish and maintain cybersecurity risk management programs to assess, mitigate, and monitor risks across cloud and on-premises environments.
• Monitor security risks and ensure proper documentation, reporting, and remediation plans are in place.
• Lead security audits, assessments, and regulatory reporting for internal stakeholders and oversight bodies.
• Design, implement, and maintain enterprise security architecture and infrastructure security controls.
• Implement and enforce best practices for identity and access management, network security, encryption, endpoint protection, and cloud security.
• Develop, maintain, and test the cybersecurity incident response framework to ensure rapid detection, containment, and resolution of security incidents.
• Establish a proactive threat intelligence capability to detect, respond to, and mitigate emerging cyber threats.
• Conduct vulnerability assessments, penetration testing, and security reviews to continuously improve the organization’s security posture.
• Provide cybersecurity oversight for third-party vendors and partners, including security due diligence and risk assessments.
• Lead staff security awareness and training programs to promote strong cyber hygiene and compliance with security best practices.
• Evaluate and implement advanced security technologies and frameworks to strengthen the organization’s cybersecurity capabilities.
• Advise management on cyber risk trends, vulnerabilities, and mitigation priorities.

PERSON SPECIFICATIONS

Academic Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.

Professional Qualification

• Relevant certifications such as CISSP, CISM, CISA, CRISC, CCSP, CEH or equivalent are highly desirable.

Experience

• At least 3 years of experience in information security roles, preferably in the financial or insurance sector.
• Proven experience managing IT security.
• Strong knowledge of regulatory compliance.
• Experience handling security operations, incident response, and risk management in a complex IT landscape.
• Hands-on knowledge of firewall management, endpoint security, SIEM, and IAM.