Information Security Officer
2025-06-11T16:28:10+00:00
Liberty Life
https://cdn.greatkenyanjobs.com/jsjobsdata/data/employer/comp_8068/logo/liberty.jpeg
https://www.liberty.co.ke/
FULL_TIME
Kenya
Nairobi
00100
Kenya
Insurance
Computer & IT
2025-06-20T17:00:00+00:00
Kenya
8
Liberty Life Assurance Kenya is a life insurance provider that has been providing relevant products to Kenyans for over 50 years. Our purpose at Liberty is to make a difference in people’s lives by making financial freedom possible. We change realities and make freedom possible by providing innovative and relevant solutions that help our customers prote…
Information Security Officer
Job Summary
The purpose of the job is to implement and maintain an enterprise-wide Information Security Management Program to safeguard organizational information assets. This includes identifying, evaluating, and reporting on information security risks to ensure compliance with regulatory requirements and alignment with the organization’s overall risk management strategy.
Key Responsibilities
- Developing and maintaining relationships with key stakeholders to further embed the partnership that exists between IT Security, IT and the business.
- Research and maintain knowledge of the IT threat landscape, security trends, regulatory requirements, new technologies and best practices in order to provide sensible and pragmatic security advice to stakeholders.
- Facilitate the adoption of IT Security solutions e.g. privilege user management or access management processes and services e.g. IT Security engineering and penetration tests across the application and infrastructure landscape.
- Provide adequate IT Security input into all features and other technology solutions; this includes the requirements for the evaluation, selection, installation, configuration and maintenance of hardware, applications and software.
- Develop an effective line of business IT Security strategy that supports and enables business strategy.
- Advise IT business partners on regulatory and/or legal requirements as it relates to securing of data as well as assist with the implementation of the controls to support these requirements.
- Conduct reviews of applications, systems, underlying infrastructure and related processes as per the schedule.
- Establish and maintain risk profiles for business units by facilitating the implementation and ongoing management of general control reviews.
- Collaborate threat intelligence, cybersecurity, security engineering and other risk functions to develop and maintain a holistic security strategy and remediation plans.
- Collaborate with feature teams, product owners, architecture, IT, business, vendors and other stakeholders to investigate risk remediation controls.
- Assist in documenting and tracking security findings into a formal risk register. Provide the necessary information to support any deviation to IT Security policies and standards.
- Facilitate the use of secure architectural patterns and work with the security engineers to translate these patterns into line of business secure builds.
- Embed the use of self-service and automated security testing into the DevOps/Software Development Lifecycle.
- Participating in the development of new and the annual review of existing IT Security Policies, Standards and Guidelines by providing input to enhance the quality and completeness of these documents.
- Communicate the requirements for compliance to the IT Security Policies, Standards and Guidelines to the relevant parties within IT.
- Identify areas of non-compliance to IT Security Policies and Standards within IT.
Qualifications
- Bachelor’s Degree in Information Technology, Computer Science and any relevant field.
- Certification and/or knowledge in the following areas would be preferred:
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA).
Experience
At least 4 years’ experience in an Information Security or Risk and Compliance role within a large highly digitized organization running mission-critical systems. Experience in the BFSI (Banking, Financial Services and Insurance) sector will be an added advantage.
Competencies
- The ability to assess and mitigate the risks associated with the storage and retrieval of electronic information.
- Ability to examine essential elements of risk such as assets, threats, vulnerabilities, safeguards, consequences and the likelihood of the threats materialising. The ability to define and analyse risk identification information in a quantitative and/or qualitative way.
- The ability to manage, and provide expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
- The ability to independently conduct third-party assessment of the conformity of any activity, process, deliverable, product or service with the criteria of specified standards, best practice or other documented requirements with regards to network security tools, firewalls and Internet security.
- Business Continuity planning.
Developing and maintaining relationships with key stakeholders to further embed the partnership that exists between IT Security, IT and the business. Research and maintain knowledge of the IT threat landscape, security trends, regulatory requirements, new technologies and best practices in order to provide sensible and pragmatic security advice to stakeholders. Facilitate the adoption of IT Security solutions e.g. privilege user management or access management processes and services e.g. IT Security engineering and penetration tests across the application and infrastructure landscape. Provide adequate IT Security input into all features and other technology solutions; this includes the requirements for the evaluation, selection, installation, configuration and maintenance of hardware, applications and software. Develop an effective line of business IT Security strategy that supports and enables business strategy. Advise IT business partners on regulatory and/or legal requirements as it relates to securing of data as well as assist with the implementation of the controls to support these requirements. Conduct reviews of applications, systems, underlying infrastructure and related processes as per the schedule. Establish and maintain risk profiles for business units by facilitating the implementation and ongoing management of general control reviews. Collaborate threat intelligence, cybersecurity, security engineering and other risk functions to develop and maintain a holistic security strategy and remediation plans. Collaborate with feature teams, product owners, architecture, IT, business, vendors and other stakeholders to investigate risk remediation controls. Assist in documenting and tracking security findings into a formal risk register. Provide the necessary information to support any deviation to IT Security policies and standards. Facilitate the use of secure architectural patterns and work with the security engineers to translate these patterns into line of business secure builds. Embed the use of self-service and automated security testing into the DevOps/Software Development Lifecycle. Participating in the development of new and the annual review of existing IT Security Policies, Standards and Guidelines by providing input to enhance the quality and completeness of these documents. Communicate the requirements for compliance to the IT Security Policies, Standards and Guidelines to the relevant parties within IT. Identify areas of non-compliance to IT Security Policies and Standards within IT.
The ability to assess and mitigate the risks associated with the storage and retrieval of electronic information. Ability to examine essential elements of risk such as assets, threats, vulnerabilities, safeguards, consequences and the likelihood of the threats materialising. The ability to define and analyse risk identification information in a quantitative and/or qualitative way. The ability to manage, and provide expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems. The ability to independently conduct third-party assessment of the conformity of any activity, process, deliverable, product or service with the criteria of specified standards, best practice or other documented requirements with regards to network security tools, firewalls and Internet security. Business Continuity planning.
Bachelor’s Degree in Information Technology, Computer Science and any relevant field. Certification and/or knowledge in the following areas would be preferred: Certified Information Systems Security Professional (CISSP) Certified Ethical Hacker (CEH) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Certified Information Systems Auditor (CISA). Experience At least 4 years’ experience in an Information Security or Risk and Compliance role within a large highly digitized organization running mission-critical systems. Experience in the BFSI (Banking, Financial Services and Insurance) sector will be an added advantage.
JOB-6849ae9a0be85
Vacancy title:
Information Security Officer
[Type: FULL_TIME, Industry: Insurance, Category: Computer & IT]
Jobs at:
Liberty Life
Deadline of this Job:
Friday, June 20 2025
Duty Station:
Kenya | Nairobi | Kenya
Summary
Date Posted: Wednesday, June 11 2025, Base Salary: Not Disclosed
Similar Jobs in Kenya
Learn more about Liberty Life
Liberty Life jobs in Kenya
JOB DETAILS:
Liberty Life Assurance Kenya is a life insurance provider that has been providing relevant products to Kenyans for over 50 years. Our purpose at Liberty is to make a difference in people’s lives by making financial freedom possible. We change realities and make freedom possible by providing innovative and relevant solutions that help our customers prote…
Information Security Officer
Job Summary
The purpose of the job is to implement and maintain an enterprise-wide Information Security Management Program to safeguard organizational information assets. This includes identifying, evaluating, and reporting on information security risks to ensure compliance with regulatory requirements and alignment with the organization’s overall risk management strategy.
Key Responsibilities
- Developing and maintaining relationships with key stakeholders to further embed the partnership that exists between IT Security, IT and the business.
- Research and maintain knowledge of the IT threat landscape, security trends, regulatory requirements, new technologies and best practices in order to provide sensible and pragmatic security advice to stakeholders.
- Facilitate the adoption of IT Security solutions e.g. privilege user management or access management processes and services e.g. IT Security engineering and penetration tests across the application and infrastructure landscape.
- Provide adequate IT Security input into all features and other technology solutions; this includes the requirements for the evaluation, selection, installation, configuration and maintenance of hardware, applications and software.
- Develop an effective line of business IT Security strategy that supports and enables business strategy.
- Advise IT business partners on regulatory and/or legal requirements as it relates to securing of data as well as assist with the implementation of the controls to support these requirements.
- Conduct reviews of applications, systems, underlying infrastructure and related processes as per the schedule.
- Establish and maintain risk profiles for business units by facilitating the implementation and ongoing management of general control reviews.
- Collaborate threat intelligence, cybersecurity, security engineering and other risk functions to develop and maintain a holistic security strategy and remediation plans.
- Collaborate with feature teams, product owners, architecture, IT, business, vendors and other stakeholders to investigate risk remediation controls.
- Assist in documenting and tracking security findings into a formal risk register. Provide the necessary information to support any deviation to IT Security policies and standards.
- Facilitate the use of secure architectural patterns and work with the security engineers to translate these patterns into line of business secure builds.
- Embed the use of self-service and automated security testing into the DevOps/Software Development Lifecycle.
- Participating in the development of new and the annual review of existing IT Security Policies, Standards and Guidelines by providing input to enhance the quality and completeness of these documents.
- Communicate the requirements for compliance to the IT Security Policies, Standards and Guidelines to the relevant parties within IT.
- Identify areas of non-compliance to IT Security Policies and Standards within IT.
Qualifications
- Bachelor’s Degree in Information Technology, Computer Science and any relevant field.
- Certification and/or knowledge in the following areas would be preferred:
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA).
Experience
At least 4 years’ experience in an Information Security or Risk and Compliance role within a large highly digitized organization running mission-critical systems. Experience in the BFSI (Banking, Financial Services and Insurance) sector will be an added advantage.
Competencies
- The ability to assess and mitigate the risks associated with the storage and retrieval of electronic information.
- Ability to examine essential elements of risk such as assets, threats, vulnerabilities, safeguards, consequences and the likelihood of the threats materialising. The ability to define and analyse risk identification information in a quantitative and/or qualitative way.
- The ability to manage, and provide expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
- The ability to independently conduct third-party assessment of the conformity of any activity, process, deliverable, product or service with the criteria of specified standards, best practice or other documented requirements with regards to network security tools, firewalls and Internet security.
- Business Continuity planning.
Work Hours: 8
Experience in Months: 48
Level of Education: bachelor degree
Job application procedure
Interested in applying for this job? Click here to submit your application now.
All Jobs | QUICK ALERT SUBSCRIPTION
