PURPOSE:
Monitor organization-wide compliance with information security policies and standards and proactively identify areas of emerging cyber risks and provide recommendations in liaison with the Information security officer
Primary Responsibilities
Work with the business to understand the day to day activities and evaluate that controls provide adequate security and compliance.
Monitor organization wide compliance with information security policies and standards and proactively identify areas of emerging cyber risks and provide recommendations in liaison with the Information security officer.
Participate in the review and development of information security policies, and related standards and guidelines, by representing the risk department in the ICT working group;
Perform periodic user rights reviews for staff and ICT administrators across business systems to ensure privileged access risks are controlled.
Monitor that data is captured, stored, processed and disposed off as per the policies. He/she should make sure that data is safeguarded and used responsibly by the data owners at various functional levels.
Conduct quarterly ICT Risk reviews and maintain an up-to-date ICT risk register for all the subsidiaries in CIC Insurance Group and proactively oversee implementation of risk mitigations.
Support the development of a risk awareness culture across the group through periodic trainings and risk awareness communicate.
Research on emerging ICT risks and present a quarterly report to Risk committee of management for every subsidiary.
Support business systems owners in the definition of information security requirements for existing and new applications and communication systems;
Support project managers during the project risk management process to identify project risks and treatment approaches for systems/ technology-based projects.
Provide expert advice on the security architecture and configuration of complex systems to the ICT department;
Participate in quality assurance activities by validating, or overseeing the validation of, the correct implementation of security controls before systems enter production;
Perform post implementation risk assessments for technology and information systems and recommend appropriate risk management controls.
Evaluate training and awareness programs carried out by ICT security and HR;
Keep abreast of developments in the field and shares security alerts with those responsible for affected operational functions;
Communicate ICT risks to business owners and document risk acceptance.
Represent the risk in the incident response team and coordinate the response to information security incidents;
Perform and/or oversee red teaming exercises
Conduct information risk assessments, identify and recommend risk mitigation measures
Person Specifications
Academic Qualifications
Bachelor’s degree in a related field
Professional Qualifications
CISA/CISM/CRM or Progress ICT Security Certifications
Experience
Minimum of four (4) years’ relevant experience
