SPECIFIC RESPONSIBILITIES:
Develop and oversee the organization's information security strategy, ensuring alignment with business objectives and regulatory requirements.
Develop, enhance, and implement information security policies, procedures, standards, and controls across the organization.
Lead the cybersecurity function and ensure adherence to security policies and standards across all business units.
Collaborate with IT, legal, and compliance teams to maintain a strong organizational security posture.
Ensure compliance with applicable data protection and privacy regulations, including GDPR and relevant local insurance regulatory frameworks.
Establish and maintain cybersecurity risk management programs to assess, mitigate, and monitor risks across cloud and on-premises environments.
Monitor security risks and ensure proper documentation, reporting, and remediation plans are in place.
Lead security audits, assessments, and regulatory reporting for internal stakeholders and oversight bodies.
Design, implement, and maintain enterprise security architecture and infrastructure security controls.
Implement and enforce best practices for identity and access management, network security, encryption, endpoint protection, and cloud security.
Develop, maintain, and test the cybersecurity incident response framework to ensure rapid detection, containment, and resolution of security incidents.
Establish a proactive threat intelligence capability to detect, respond to, and mitigate emerging cyber threats.
Conduct vulnerability assessments, penetration testing, and security reviews to continuously improve the organization's security posture.
Provide cybersecurity oversight for third-party vendors and partners, including security due diligence and risk assessments.
Lead staff security awareness and training programs to promote strong cyber hygiene and compliance with security best practices.
Evaluate and implement advanced security technologies and frameworks to strengthen the organization's cybersecurity capabilities.
Advise management on cyber risk trends, vulnerabilities, and mitigation priorities.
PERSON SPECIFICATIONS
Academic Qualifications
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
Professional Qualification
Relevant certifications such as CISSP, CISM, CISA, CRISC, CCSP, CEH or equivalent are highly desirable.
Experience
At least 3 years of experience in information security roles, preferably in the financial or insurance sector.
Proven experience managing IT security.
Strong knowledge of regulatory compliance.
Experience handling security operations, incident response, and risk management in a complex IT landscape.
Hands-on knowledge of firewall management, endpoint security, SIEM, and IAM.