Skip to content

Manager – IT Risk & Compliance at Jubilee Insurance

Expired
Job Overview
Employment FullTime
Location Nairobi Kenya
Experience At least 5 years
Education Level Bachelor's Degree
View More in Jobs
svg background up
Opportunities Meet Aspirations

Manager – IT Risk & Compliance

Job Ref. No. JLIL319

Role Purpose

To serve as expert advisors to all stakeholders in defining, recommending, and implementing necessary policies, controls, and procedures to cost-effectively assess and manage information security-related risks, educate workforce, and support/participate in regulatory IT compliance activities, especially with regards to, data privacy, cybersecurity, IT disaster recovery management, IT risk management and related legislation. Assists with development and implementation of world-class information security organization, including regular information security risk and system audits, policy governance, compliance with regulatory requirements, information security training and awareness initiatives, third-party audits and third-party risk.

Main Responsibilities

  • Support the company strategy for access controls, compliance, audit, and penetration test remedial actions tracking that support the business and support units and enable risk management and regulatory compliance.
  • The challenges include identifying where and how we use data; determining what tools and technologies we should deploy; ensuring that preventive/detective/corrective controls are in place and function effectively; staying current with government regulations and commercial agreements governing the use of data.
  • Manage internal and external audit and testing programs, reporting risks and compliance areas that need correction to the senior management team and prioritizing the said work.
  • Assesses potential items of risk and opportunities of vulnerability in the network and on information technology infrastructure and applications.
  • Participates in the development and maintenance of a global risk framework (a single view of the company’s risk profiles and tolerance.)
  • Oversee information security governance & compliance consultancy to the Jubilee Holding companies.
  • Manage the group ITDR program aligned to best practice as captured in the ISO 22301:2019 and ISO27001:2013.
  • Support & oversee the implementation of ISO 20000 compliant IT Service Management Systems (ITSMS)
  • Support the scoping & remedial tracking of security assurance audits, including technical infrastructure security assessments, Application Penetration Testing, Mobile Application Testing, Web application testing and governance audits.
  • Support the design of robust security and privacy technical controls architectures to support the inhouse data privacy program.
  • Delivery of Cyber Risk, IT Risk and Enterprise risk management training.
  • Provide reports to leaders regarding the effectiveness of IT controls adopted for governance, information security and data privacy.
  • Monitor and report on IT risk remediation progress, escalating to senior management where necessary.
  • Work with integrity, passion, and commitment through:
    • Full compliance with Jubilee Insurance’s non-solicitation policy.
    • Protection of company databases, IP, strategy and secrets, sensitive, personal, and confidential client data.
    • Any other duties that may be assigned by management

People and Culture Responsibilities

  • Driving Proactive Compliance Awareness: Lead targeted training and awareness initiatives to embed IT risk and compliance knowledge across the organization, empowering employees to make risk-informed decisions confidently.
  • Fostering Transparent Communication: Create a psychologically safe environment where team members and stakeholders can openly report risks or ethical concerns, supported by accessible feedback mechanisms and regular cross-departmental dialogue.
  • Modelling Ethical Leadership: Demonstrate unwavering commitment to compliance and ethical standards through consistent policy adherence and transparent decision-making, inspiring trust and accountability within the team.
  • Strengthening Cross-Functional Synergy: Build collaborative partnerships with IT, legal, and operational teams to integrate risk and compliance practices seamlessly into workflows, promoting a unified approach to organizational resilience.

Key Deliverables

  • Ensure systems and processes are in place to support all risk management, risk mitigation, and compliance functions at all times, satisfying all business and regulatory requirements.
  • Establish, implement, test, and maintain an updated Business Continuity Management System (BCMS) to ensure operational resilience.
  • Provide periodic reporting on ICT risk indicators and risk controls self-assessments to inform leadership and drive continuous improvement.
  • Develop and maintain a comprehensive IT risk register, updated quarterly, to track and prioritize risks with actionable mitigation plans.
  • Implement an annual compliance training program for all employees, achieving at least 90% completion rate to enhance risk awareness.
  • Conduct biannual tabletop exercises for IT incident response, ensuring cross-functional readiness and identifyinggaps in preparedness

Relevant Qualifications and Experience

  • Bachelor’s degree in computer science, Information Systems or another related field.
  • 5-7 years’ experience in Information Technology and/or IT Audit experience with a financial institution, a fintech company, or a provider to the financial services sector.
  • Desired Certifications.
    • CISSP/CISA/CISM/CRISC
    • ISO27001/ ISO2000 Lead Implementer
  • Strong knowledge and experience of applicable frameworks and regulatory requirements, e.g., ISO 2700x, ISO20000 series, NIST.
  • Subject matter expertise in in two or more: DevOps, microservices, hybrid cloud, SDWAN/SASE/, AI.
  • Driving risk and compliance-based decisions to support business strategy and regulatory needs.
  • Working with legal, audit, and compliance staff.
  • ISMS internal audit and security review.
  • Ensure continual alignment to business, risk strategy and compliance to regulation through Information Security Risk Management framework and processes.
  • In-depth knowledge of security, risk, compliance issues, techniques, and implications across all existing computer platforms.

How to Apply

If you are qualified and seeking an exciting new challenge, please apply via Recruitment@jubileekenya.com quoting the Job Reference Number and Position by 29th May 2025. Only shortlisted candidates will be contacted

Share This Post
Don't miss out on new jobs listing! Follow our channels Today WhatsApp Channel
Disclaimer Opened Career is a free job-posting website that does not charge applicants. We do not support recruitment agents or entities that demand money or favors to expedite the hiring process. Please use our platform responsibly and report any suspicious activity.
Why Opened Career
OUR OBJECTIVES
At Opened Career, we prioritize inclusivity, diversity, and equal opportunities for all individuals, regardless of their backgrounds or experiences. We believe in creating a level playing field where every candidate has the chance to showcase their skills and potential, and every employer has access to a diverse pool of qualified candidates.
CORE VALUES
Innovation
Integrity
Team Work
Excellence
Customer Focus
Professionalism
Filters & Sorting
Select Specialism