Role Purpose
To serve as expert advisors to all stakeholders in defining, recommending, and implementing necessary policies, controls, and procedures to cost-effectively assess and manage information security-related risks, educate workforce, and support/participate in regulatory IT compliance activities, especially with regards to, data privacy, cybersecurity, IT disaster recovery management, IT risk management and related legislation. Assists with development and implementation of world-class information security organization, including regular information security risk and system audits, policy governance, compliance with regulatory requirements, information security training and awareness initiatives, third-party audits and third-party risk.
Main Responsibilities
- Support the company strategy for access controls, compliance, audit, and penetration test remedial actions tracking that support the business and support units and enable risk management and regulatory compliance.
- The challenges include identifying where and how we use data; determining what tools and technologies we should deploy; ensuring that preventive/detective/corrective controls are in place and function effectively; staying current with government regulations and commercial agreements governing the use of data.
- Manage internal and external audit and testing programs, reporting risks and compliance areas that need correction to the senior management team and prioritizing the said work.
- Assesses potential items of risk and opportunities of vulnerability in the network and on information technology infrastructure and applications.
- Participates in the development and maintenance of a global risk framework a single view of the company’s risk profiles and tolerance.
- Oversee information security governance & compliance consultancy to the Jubilee Holding companies.
- Manage the group ITDR program aligned to best practice as captured in the ISO 22301:2019 and ISO27001:2013.
- Support & oversee the implementation of ISO 20000 compliant IT Service Management Systems ITSMS
- Support the scoping & remedial tracking of security assurance audits, including technical infrastructure security assessments, Application Penetration Testing, Mobile Application Testing, Web application testing and governance audits.
- Support the design of robust security and privacy technical controls architectures to support the inhouse data privacy program.
- Delivery of Cyber Risk, IT Risk and Enterprise risk management training.
- Provide reports to leaders regarding the effectiveness of IT controls adopted for governance, information security and data privacy.
- Monitor and report on IT risk remediation progress, escalating to senior management where necessary.
- Work with integrity, passion, and commitment through:
- Full compliance with Jubilee Insurance’s non-solicitation policy.
- Protection of company databases, IP, strategy and secrets, sensitive, personal, and confidential client data.
- Any other duties that may be assigned by management
People and Culture Responsibilities
- Driving Proactive Compliance Awareness: Lead targeted training and awareness initiatives to embed IT risk and compliance knowledge across the organization, empowering employees to make risk-informed decisions confidently.
- Fostering Transparent Communication: Create a psychologically safe environment where team members and stakeholders can openly report risks or ethical concerns, supported by accessible feedback mechanisms and regular cross-departmental dialogue.
- Modelling Ethical Leadership: Demonstrate unwavering commitment to compliance and ethical standards through consistent policy adherence and transparent decision-making, inspiring trust and accountability within the team.
- Strengthening Cross-Functional Synergy: Build collaborative partnerships with IT, legal, and operational teams to integrate risk and compliance practices seamlessly into workflows, promoting a unified approach to organizational resilience.
Key Deliverables
- Ensure systems and processes are in place to support all risk management, risk mitigation, and compliance functions at all times, satisfying all business and regulatory requirements.
- Establish, implement, test, and maintain an updated Business Continuity Management System BCMS to ensure operational resilience.
- Provide periodic reporting on ICT risk indicators and risk controls self-assessments to inform leadership and drive continuous improvement.
- Develop and maintain a comprehensive IT risk register, updated quarterly, to track and prioritize risks with actionable mitigation plans.
- Implement an annual compliance training program for all employees, achieving at least 90% completion rate to enhance risk awareness.
- Conduct biannual tabletop exercises for IT incident response, ensuring cross-functional readiness and identifyinggaps in preparedness
Relevant Qualifications and Experience
- Bachelor’s degree in computer science, Information Systems or another related field.
- 5-7 years’ experience in Information Technology and/or IT Audit experience with a financial institution, a fintech company, or a provider to the financial services sector.
- Desired Certifications.
- CISSP/CISA/CISM/CRISC
- ISO27001/ ISO2000 Lead Implementer
- Strong knowledge and experience of applicable frameworks and regulatory requirements, e.g., ISO 2700x, ISO20000 series, NIST.
- Subject matter expertise in in two or more: DevOps, microservices, hybrid cloud, SDWAN/SASE/, AI.
- Driving risk and compliance-based decisions to support business strategy and regulatory needs.
- Working with legal, audit, and compliance staff.
- ISMS internal audit and security review.
- Ensure continual alignment to business, risk strategy and compliance to regulation through Information Security Risk Management framework and processes.
- In-depth knowledge of security, risk, compliance issues, techniques, and implications across all existing computer platforms.
