JOBS: Information Security Officer - Rest of Africa at Old Mutual Kenya

Focus of the role

The Information Security Officer (ISO)’s role is to provide information security risk management and cybersecurity expertise to all the RoA markets, including but not limited to, risk analysis, consultancy, best practice guidance, and process improvements. The role works closely with project teams, service providers, IT heads, business unit executives, and other assurance providers like audit and Enterprise-wide Risk Management to achieve these outcomes. 

The candidate is expected to bring pragmatic Information security experience to promote business outcomes of the RoA markets in a secure manner that meets internal policies and regulatory compliance requirements.

Key result areas

• Supports the RoA Lead Information Security Officer in implementing and embedding risk and information security management processes across RoA
• Drives the management of internal and external audit issues and third party, system, and production risk issues
• Fosters a culture of proactive risk management by embedding key processes like risk and control self-assessments, documentation of issues being actioned by management (IBAMs), exposure management, and risk remediation
• Collaborates with the Information Security Managers, IT executives, business unit management, assurance partners, and other stakeholders to promote a positive risk culture and instill confidence regarding the management of IT and Information Security risks
• Works closely with the Architecture team, application owners, scrum masters, and other stakeholders to embed security and manage risk in the design and implementation of all IT systems and platforms
• Participates in the investigation, documentation, and resolution of information security issues identified in the markets, working with the local teams
• Provides technical assistance to segments requiring subject matter expertise
• Manages the RoA issues log and ensures that all risks are identified, captured, assigned appropriate actions and suitable ownership, and are regularly updated with progress statuses
• Liaises with project managers, implementation teams, and service providers in support of the implementation of Information Security Programme initiatives
• Promotes adoption and optimal use of the various security tools deployed across the markets
• Assists with the interpretation of relevant policies, standards, and controls, and provides advice on approaches to meeting the requirements

Qualifications, skills, and experience

• A tertiary qualification in an IT-related field
• An information security-related professional certification will be an added advantage
• At least five years’ experience in a similar role. Experience in the financial services sector (insurance/banking) will be beneficial
• Good working knowledge of security technologies covering intrusion detection and prevention, anti-malware, vulnerability management, cloud access security, attack surface management, and extended detection and response
• Strong analytical and problem-solving skills

Competencies

• Strategic
• Leading with Influence
• Collaboration
• Customer First
• Execution
• Innovation
• Personal Mastery