Job Description
Jubilee Insurance was established in August 1937, as the first locally incorporated Insurance Company based in Mombasa. Jubilee
Insurance has spread its sphere of influence throughout the region to become the largest Composite insurer in East Africa, handling
Life, Pensions, General and Medical Insurance. Today, Jubilee is the number one insurer in East Africa with over 450,000 clients. Jubilee
Insurance has a network of offices in Kenya, Uganda, Tanzania, Burundi and Mauritius. It is the only ISO certified insurance group
listed on the three East Africa stock exchanges – The Nairobi Securities Exchange (NSE), Dar es Salaam Stock Exchange and Uganda
Securities Exchange. Its regional offices are highly rated on leadership, quality and risk management and have been awarded an AAin Kenya and Uganda, and an A+ in Tanzania. For more information, visit www.JubileeInsurance.com.
We currently have an exciting career opportunity for an IT Risk and Compliance Manager, Jubilee Life Insurance Limited. The
position holder will report to the Regional Head of Risk and will be based at Head Office in Nairobi.
Role Purpose
The IT Risk and Compliance Manager, will serve as an expert advisor to all stakeholders in defining, recommending, and implementing
necessary policies, controls, and procedures to cost-effectively assess and manage security-related risk, educate workforce, and
support/participate in regulatory IT compliance activities, especially with regards to, data privacy, cybersecurity, IT disaster recovery
management, IT risk management and related legislation.
Main Responsibilities
1. Support the company strategy for access controls, compliance, audit, and penetration test remedial actions tracking that supports the
business and support units and enables risk management and regulatory compliance. The challenges include identifying where and
how we use data; determining what tools and technologies we should deploy; ensuring that preventive/detective/corrective controls
are in place and functioning effectively; staying current with government regulations and commercial agreements governing the use
of data.
2. Organize and lead IT Risk/Compliance training programs across departments, to educate and inform employees about our practices
and standards, raise the level of cooperation, and help people understand the rationale for the rules.
3. Manage internal and external audit and testing programs, reporting risks and compliance areas that need correction to the senior
management team and prioritizing the said work.
4. Reviewing and responding to security questionnaires and contract questions from customers on Jubilee’s information security policies
and practices.
5. Assesses potential items of risk and opportunities of vulnerability in the network and on information technology infrastructure and
applications.
6. Participates in the development and maintenance of a global risk framework (a single view of the company’s risk profiles and
tolerance.)
7. Oversee information security governance & compliance consultancy to the Jubilee Holding companies.
8. Manage the group ITDR program aligned to best practice as captured in the ISO 22301:2019 and ISO27001:2013.
9. Support & oversee the implementation of ISO 20000 compliant IT Service Management Systems (ITSMS)
10. Support the scoping & remedial tracking of security assurance audits, including technical infrastructure security assessments,
Application Penetration Testing, Mobile Application Testing, Web application testing and governance audits.
11. Support the design of robust security and privacy technical controls architectures to support the inhouse data privacy program.
12. Delivery of Cyber Risk, IT Risk and Enterprise risk management training
13. Provides reports to leaders regarding the effectiveness of IT controls adopted for governance, information security and data privacy.
14. Work with integrity, passion, and commitment through:
a. Full compliance of Jubilee Insurance’s non solicitation policy
b. Protection of company’s data base, IP, strategy and secrets, sensitive, personal, and confidential client data
c. Any other duties that may be assigned by management.
Key Competencies
1. Strong knowledge and experience of applicable frameworks and regulatory requirements, e.g., ISO 2700x, ISO20000 series, NIST
2. In-depth knowledge of security, risk, compliance issues, techniques, and implications across all existing computer platforms.
Qualifications
1. Bachelor’s degree in computer science, Information Systems or another related field.
2. CISSP/CISA/CISM/CRISC certification.
3. ISO27001/ ISO2000 Lead Implementer certification.
Relevant Experience
4+ years’ experience of working in an information security role, IT Audit, or IT Risk with a good understanding of information security
risk assessments.