IT Manager, Risk and Compliance at Jubilee Insurance

Job Reference Number: HRJIC607

We currently have an exciting career opportunity for IT Manager, Risk and Compliance. The position holder will report directly to the Group Chief Actuarial, Risk and Compliance Officer with a matrix reporting to the Chief Executive Officers of the three companies (Jubilee General, Jubilee Health and Jubilee Life Insurance) and will be based at Head Office in Nairobi.

Role Purpose

The job holder will serve as an expert advisor to all stakeholders in defining, recommending, and implementing necessary policies, controls, and procedures to cost-effectively assess and manage security-related risk, educate the workforce, and support/participate in regulatory compliance activities, especially with regards to Anti Money Laundering, KYC integrity, data privacy, cybersecurity, and related legislation.

The job holder will also assist with the implementation of world-class information security in the organization, including regular information security risk and system audits, policy governance, compliance with regulatory requirements, information security training and awareness initiatives, third-party audits, and third-party risk. Will also oversee and coordinate information security-related risk management and compliance.

Main Responsibilities

1. Support the company strategy for access controls, compliance, audit, and penetration testing that supports the business and support units and enables risk management and regulatory compliance. The challenges include identifying where and how we use data; determining what tools and technologies we should deploy; ensuring that preventive/detective/corrective controls are in place and functioning effectively; staying current with government regulations and commercial agreements governing the use of data.
2. Organize and lead IT Risk/Privacy/Compliance training programs across departments, to educate and inform employees about our practices and standards, raise the level of cooperation, and help people understand the rationale for the rules.
3. Manage internal and external audit and testing programs, reporting risks and compliance areas that need correction to the senior management team and prioritizing the said work.
4. Reviewing and responding to security questionnaires and contract questions from customers on Jubilee’s information security policies and practices.
5. Assesses potential items of risk and opportunities of vulnerability in the network and on information technology infrastructure and applications.
6. Participates in the development and maintenance of a global risk framework (a single view of the company’s risk profiles and tolerance.
7. Provides reports to leaders regarding the effectiveness of information security and makes recommendations for the adoption of new policies and procedures.
8. Work with integrity, passion, and commitment through:
   a. Full compliance of Jubilee Insurance’s non solicitation policy
   b. Protection of company’s data base, IP, strategy and secrets, sensitive, personal, and confidential client data
9. Ensuring unethical ways/behavior of other team members are reported to the manager.
10. Any other duties that may be assigned by management.

Key Competencies

1. Understanding of insurance risk and compliance legislation in Kenya.
2. Market Awareness.
3. Ownership & Commitment.
4. Team Spirit.
5. Effective verbal and written communication skills on complex technical topics to a non- technical audience.
6. Ability to multi-task and ensure delivery of set goals.
7. Change Management.

Qualifications

1. Bachelor’s Degree in Computer Science, Information Systems, or any other related field.
2. Desired Certifications; CISSP/CISA/CISM/CEH or other relevant security certifications.
3. Strong knowledge and experience of applicable frameworks and regulatory requirements, e.g. ISO 2700x, PCI-DSS, NIST, CBK

Relevant Experience

Minimum of 3 years’ experience of working in an information security role, IT Audit, or IT Risk with a good understanding of information security risk assessments.
Experience in driving risk and compliance-based decisions to support business strategy and regulatory needs, experience in working with legal, audit, compliance staff and ISMS internal audit and security review.