Job Title: ICT Risk Officer
Hiring Organization: ICEA Lion Group
Location – Locality: Nairobi
Location – Region: Kenya
Industry: Insurance
Job Type: Full Time
Salary: KES
Date Posted: 07/13/2024
About
ICEA Lion Group
As one of
the largest insurers and financial services companies in East Africa, we have
decades of experience in helping discerning individuals protect and create
their wealth. But that’s not all. We also keep an eye firmly on the future,
using innovation to craft financial products and services that we know you need
in today’s constantly changing world. By trusting us with your wealth, you can
shape a secure financial landscape for yourself and get the financial freedom
you really deserve.
Job Summary
The ICT
Risk Officer will be responsible for assessing and enhancing the organization’s
cybersecurity and technology risk posture by leading the identification and
assessment of enterprise-level technology systems and cybersecurity risks. This
includes assessing potential cybersecurity and technology risks associated with
critical business systems, processes, identifying potential impacts on those
systems, processes, and engaging with diverse stakeholders to develop
mitigation plans where necessary. In addition to coordinating risk assessment
activities, this role will involve developing reports on assessment results and
presenting these results to executives and other stakeholders.
Key
responsibilities
Risk
Management
- Implement and
oversee the ICT Risk Management Framework.
- Identify,
assess, and design mitigation controls for risks, monitoring them until
closure.
- Conduct system
vulnerability tests according to Group policies and global standards, and
provide management with reports on vulnerabilities and protections against
malware and hackers.
- Perform system
penetration testing throughout various stages of system development to
ensure system integrity, availability, and assurance.
- Collaborate with
first-line IT teams and business units to enhance internal control
processes related to risks and controls; tech control library required to
meet risk framework objectives.
- Identify,
review, and articulate business risks associated with technical
vulnerabilities and IT risks, proposing improvements and opportunities to
support business objectives.
- Test and assess
the adequacy and effectiveness of control structures, providing practical
recommendations to enhance control or process efficiency.
- Monitor and
report on IT risk remediation progress, escalating issues to senior
management when necessary.
- Lead or
participate in second-line Information Security and Technology risk
management activities, including cyber security risk assessments, SOC
reviews, privacy assessments, technology selections, implementations, and
data analysis.
- Keep abreast
with current advances in all areas of ICT security.
- Maintenance of
Group ICT risk dashboards; ICT security incidents, compliance status of
ICT security policies, Key Risk Indicators (KRIs)
Stakeholder
Management
- Collaborate
closely with departments such as IT, compliance, and internal audit to
ensure a comprehensive approach to risk management.
- Engage with
external partners and vendors to align their practices with the
organization’s risk management standards.
- Support the
implementation of the Group’s Enterprise Risk Management (ERM) Framework.
- Organize and
participate in training and awareness programs for staff on ICT risks and
best practices for risk management, promoting a culture of security
awareness
Reporting
- Prepare and
present regular reports on the status of ICT risks and risk management
activities to senior management and stakeholders.
- Continuously
monitor and report on new and emerging risks in the ICT landscape.
- Assist the Group
Head of Risk and Compliance in preparing Board Update reports on the
ICT
control environment.
- Assist in
preparing responses to technology-related regulatory requests and
participate in regulatory and external audit reviews.
Requirements
- 5-7 years of
Information Security and/or IT Audit experience with a financial
institution, a fin tech company, or a provider to the financial services
- Bachelor’s
degree (or higher) in Computer Science, Information Systems or related
field required
- Master’s degree
in Information Systems/Cyber Security preferred
- CISA, CISM,
CISSP, CIA, CRISC, CGEIT certifications are highly preferred
- Solid
understanding of inherent and residual risk management principles,
including experience with control design, operation, and effectiveness
testing.
- Experience in a
current knowledge of best practice IT controls and industry-standard
models (e.g., COBIT5, ITIL, NIST) and proven understanding of regulatory
requirements.
- Cloud security
experience highly desired
- Expert in
security practices, the design of secure systems and the operation of
security processes and technology.
- Subject matter
expertise in two or more: DevOps, microservices, hybrid cloud, network
segmentation, AI/ML
Competencies
required for the role
- Ability to work
unsupervised, exercise leadership, and influence change.
- Excellent
writing and presentation skills.
- Strong change
and project management skills, including the ability to manage time well,
prioritize effectively, and handle multiple deadlines.
- Ability to use
independent judgment and discretion when making majority of decisions.
- Ability to
handle confidential and sensitive information with the appropriate
discretion and ethics.
- Ability to
engage with management.
- Excellent
communication and interpersonal skills / team player.
- Ability to
prepare and facilitate training as a Subject Matters Expert (SME)
- Good analytical
capabilities.
How To
Apply
Send your application to recruitment@icealion.com quoting
the title ICT Risk Officer on the subject.