IT Security Manager
2025-05-13T12:20:08+00:00
CIC Insurance
https://cdn.greatkenyanjobs.com/jsjobsdata/data/employer/comp_7945/logo/CIC-Insurance.jpg
https://ke.cicinsurancegroup.com/
FULL_TIME
Nairobi
Nairobi
00100
Kenya
Insurance
Computer & IT
2025-05-20T17:00:00+00:00
Kenya
8
PURPOSE:
- Reporting to the Group Head of IT the IT Security Manager protects information systems and maintains compliance through strategic planning and hands-on implementation of security controls while addressing emerging cyber threats. The role involves collaborating with cross-functional teams to embed security-by-design principles in new initiatives and ensuring compliance with security frameworks such as ISO 27001 and NIST.
PRIMARY RESPONSIBILITIES:
- Manage and maintain IT security infrastructure including firewalls, IDS/IPS, endpoint protection, PAM, NAC, Patch management and cloud security controls across platforms (AWS, Azure), ensuring regular testing, patching, and updates.
- Lead and conduct technology security assessment programs including vulnerability scanning, penetration testing, risk assessments, collaborating with IT audit and risk teams for timely closure of findings from both internal and external evaluations.
- Develop and enforce security policies and procedures, including remote work protocols, while managing internal/external audit responses and maintaining policy compliance dashboards.
- Design and deliver comprehensive security awareness programs, including incident response training and ongoing security awareness on security threats and best practice.
- Partner with project teams and IT managers to embed security-by-design principles in new initiatives, providing security architecture guidance and risk assessments for all major projects.
- Monitor and analyze security trends, implementing proactive measures to protect against emerging threats while maintaining up-to-date security measures across all systems.
- Manage the incident response lifecycle, including detection, investigation, containment, eradication, and recovery processes, ensuring proper documentation and learning from each incident.
- Oversee business continuity and disaster recovery processes, including bi-annual DR testing and implementation of comprehensive incident response procedures to effectively address security breaches.
- Ensure regular patching and hardening of systems to maintain system integrity and resilience, and generate status reports on infrastructure health for executive review.
- Establish and maintain relationships with security vendors ensuring effective service delivery and value for security investments.
Key Skills, Knowledge, Experience and Behavioural Competencies
Academic and Professional Requirements
- Education Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Professional Qualification
- Relevant certifications such as CISA, CISM, CISP, CEH or similar.
- Additional certifications are a plus, including cloud security certifications (AWS, Azure, GCP).
Experience
Skills and Competencies:
- Total Experience: Minimum of five (7) years of hands-on IT security experience.
- Leadership Experience: At least two (2) years of team leadership or project experience.
- Industry Experience: Experience in financial services and insurance is preferred.
- Vulnerability Management: Proven experience in conducting penetration tests vulnerability assessments and leading closure of findings through collaborating with various stakeholders (Internal & External IT Auditors, IT Risk, External Pentesters etc)
- Frameworks & Standards: Strong knowledge of security frameworks and standards (e.g., ISO 27001, NIST).
- Skilled in IT risk management, cyber threat mitigation, and hands-on problem-solving with strong analytical abilities.
- Proven leadership and communication skills in cross functional teams and conveying complex security concepts to diverse audiences.
- Strategic, adaptable, and budget-conscious decision-maker, aligning security initiatives with business objectives and managing vendor relations effectively.
Manage and maintain IT security infrastructure including firewalls, IDS/IPS, endpoint protection, PAM, NAC, Patch management and cloud security controls across platforms (AWS, Azure), ensuring regular testing, patching, and updates.
Lead and conduct technology security assessment programs including vulnerability scanning, penetration testing, risk assessments, collaborating with IT audit and risk teams for timely closure of findings from both internal and external evaluations.
Develop and enforce security policies and procedures, including remote work protocols, while managing internal/external audit responses and maintaining policy compliance dashboards.
Design and deliver comprehensive security awareness programs, including incident response training and ongoing security awareness on security threats and best practice.
Partner with project teams and IT managers to embed security-by-design principles in new initiatives, providing security architecture guidance and risk assessments for all major projects.
Monitor and analyze security trends, implementing proactive measures to protect against emerging threats while maintaining up-to-date security measures across all systems.
Manage the incident response lifecycle, including detection, investigation, containment, eradication, and recovery processes, ensuring proper documentation and learning from each incident.
Oversee business continuity and disaster recovery processes, including bi-annual DR testing and implementation of comprehensive incident response procedures to effectively address security breaches.
Ensure regular patching and hardening of systems to maintain system integrity and resilience, and generate status reports on infrastructure health for executive review.
Establish and maintain relationships with security vendors ensuring effective service delivery and value for security investments.
Total Experience: Minimum of five (7) years of hands-on IT security experience.
Leadership Experience: At least two (2) years of team leadership or project experience.
Industry Experience: Experience in financial services and insurance is preferred.
Vulnerability Management: Proven experience in conducting penetration tests vulnerability assessments and leading closure of findings through collaborating with various stakeholders (Internal & External IT Auditors, IT Risk, External Pentesters etc)
Frameworks & Standards: Strong knowledge of security frameworks and standards (e.g., ISO 27001, NIST).
Skilled in IT risk management, cyber threat mitigation, and hands-on problem-solving with strong analytical abilities.
Proven leadership and communication skills in cross functional teams and conveying complex security concepts to diverse audiences.
Strategic, adaptable, and budget-conscious decision-maker, aligning security initiatives with business objectives and managing vendor relations effectively.
Relevant certifications such as CISA, CISM, CISP, CEH or similar.
Additional certifications are a plus, including cloud security certifications (AWS, Azure, GCP).
JOB-682338f8e898f
Vacancy title:
IT Security Manager
[Type: FULL_TIME, Industry: Insurance, Category: Computer & IT]
Jobs at:
CIC Insurance
Deadline of this Job:
Tuesday, May 20 2025
Duty Station:
Nairobi | Nairobi | Kenya
Summary
Date Posted: Tuesday, May 13 2025, Base Salary: Not Disclosed
Similar Jobs in Kenya
Learn more about CIC Insurance
CIC Insurance jobs in Kenya
JOB DETAILS:
PURPOSE:
- Reporting to the Group Head of IT the IT Security Manager protects information systems and maintains compliance through strategic planning and hands-on implementation of security controls while addressing emerging cyber threats. The role involves collaborating with cross-functional teams to embed security-by-design principles in new initiatives and ensuring compliance with security frameworks such as ISO 27001 and NIST.
PRIMARY RESPONSIBILITIES:
- Manage and maintain IT security infrastructure including firewalls, IDS/IPS, endpoint protection, PAM, NAC, Patch management and cloud security controls across platforms (AWS, Azure), ensuring regular testing, patching, and updates.
- Lead and conduct technology security assessment programs including vulnerability scanning, penetration testing, risk assessments, collaborating with IT audit and risk teams for timely closure of findings from both internal and external evaluations.
- Develop and enforce security policies and procedures, including remote work protocols, while managing internal/external audit responses and maintaining policy compliance dashboards.
- Design and deliver comprehensive security awareness programs, including incident response training and ongoing security awareness on security threats and best practice.
- Partner with project teams and IT managers to embed security-by-design principles in new initiatives, providing security architecture guidance and risk assessments for all major projects.
- Monitor and analyze security trends, implementing proactive measures to protect against emerging threats while maintaining up-to-date security measures across all systems.
- Manage the incident response lifecycle, including detection, investigation, containment, eradication, and recovery processes, ensuring proper documentation and learning from each incident.
- Oversee business continuity and disaster recovery processes, including bi-annual DR testing and implementation of comprehensive incident response procedures to effectively address security breaches.
- Ensure regular patching and hardening of systems to maintain system integrity and resilience, and generate status reports on infrastructure health for executive review.
- Establish and maintain relationships with security vendors ensuring effective service delivery and value for security investments.
Key Skills, Knowledge, Experience and Behavioural Competencies
Academic and Professional Requirements
- Education Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Professional Qualification
- Relevant certifications such as CISA, CISM, CISP, CEH or similar.
- Additional certifications are a plus, including cloud security certifications (AWS, Azure, GCP).
Experience
Skills and Competencies:
- Total Experience: Minimum of five (7) years of hands-on IT security experience.
- Leadership Experience: At least two (2) years of team leadership or project experience.
- Industry Experience: Experience in financial services and insurance is preferred.
- Vulnerability Management: Proven experience in conducting penetration tests vulnerability assessments and leading closure of findings through collaborating with various stakeholders (Internal & External IT Auditors, IT Risk, External Pentesters etc)
- Frameworks & Standards: Strong knowledge of security frameworks and standards (e.g., ISO 27001, NIST).
- Skilled in IT risk management, cyber threat mitigation, and hands-on problem-solving with strong analytical abilities.
- Proven leadership and communication skills in cross functional teams and conveying complex security concepts to diverse audiences.
- Strategic, adaptable, and budget-conscious decision-maker, aligning security initiatives with business objectives and managing vendor relations effectively.
Work Hours: 8
Experience in Months: 84
Level of Education: bachelor degree
Job application procedure
Interested and qualified? Go to CIC Insurance on careers.cicinsurancegroup.com to apply
All Jobs | QUICK ALERT SUBSCRIPTION
