Risk Officer - Information Security at Old Mutual Kenya

Job Description

The Information Security Officer (ISO) will partner the Digital and Data team within Old Mutual Limited (OML) on information security risk management and cybersecurity expertise in support of the team’s strategic priorities. The ISO will be embedded within the team to perform system risk assessments on digital initiatives and provide guidance on policies, standards, processes and best practices. The ISO will also champion the identification, analysis and treatment of risks in the function, including managing risks identified by other assurance providers. The ISO will be required to work with the Digital squads (project teams), service providers, the Technology and Security teams, and assurance providers in the execution of their duties. The ISO will also be expected to establish and run a community of practice for risk management on Digital projects across OML. The candidate is expected to bring practical Information security experience that will contribute to the efficient delivery of key business initiatives in a secure manner that meets best practice and Old Mutual Information Security polices and standards. The candidate is expected to work independently, as well as collaboratively, as part of the project delivery teams. The successful candidate will have strong digital risk, compliance or audit experience and a solid technical background.

Key Result Areas

• Participate in, and provide information security subject matter input into, planning and review sessions and any other key engagements
• Perform system risk assessments for all solutions being delivered and facilitate the reporting of findings, formulation and logging of management actions, and tracking and reporting of remediation efforts
• Work closely with architects, functional area specialists and security staff to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
• Provide training and awareness to facilitate the embedment of secure coding standards, tools and processes within the development teams
• Execute processes and work packages to identify, analyse, evaluate, articulate, remediate, review and communicate digital risks (opportunities and threat)
•  Act as the primary interface between the Digital and Data team and the office of the CISO
• Identify security testing requirements and facilitate the necessary security tests for all identified changes
• Manage stakeholders at all levels, ensuring strong relationships are built and maintained
• Instill confidence across the Digital and Data function that information security risks are identified and mitigated

Role Requirements

• Bachelor’s degree in Computer Science, Information Systems Management, Cybersecurity, Information Assurance or a tertiary (3-year) qualification in a related field
• Any of the following certifications, in good standing, will be an added advantage: CRISC, CGEIT, CISA, CISM, CISSP or CCSP
• Experience with cybersecurity frameworks such an NIST or ISO
• Five or more years’ relevant industry experience in an IT risk management or security role.
• Experience within the Insurance and /or financial services sector is advantageous
• Knowledge of IT risk management principles and practices
• Solid understanding and good working knowledge of SAFe and Agile software development
• Interest in artificial intelligence, machine learning and robotics process automation
• Excellent written and verbal communication skills
• Strong facilitation, negotiation and conflict resolution skills
• Ability to pivot quickly in response to changing priorities
• Strong analytical and problem-solving skills, including the ability to decompose high level information into finer detail
• Proven ability to multi-task and work independently, as well as collaboratively as part of a cross-functional team
• Experience influencing and directing the actions of team members not directly under one’s line management responsibilities
• Ability to build and maintain relationships

Competencies

• Customer First
• Innovation
• Strategic
• Leading with Influence
• Collaboration
• Execution
• Personal Mastery