Whatsapp, Telegram Groups
Jobs by Categories
Information Security Officer at AAR Insurance
New
AAR Insurance
Website :
3 Days Ago
Linkedid Twitter Share on facebook
Information Security Officer
2025-04-16T13:20:15+00:00
AAR Insurance
https://cdn.greatkenyanjobs.com/jsjobsdata/data/employer/comp_7936/logo/insurance.jpeg
FULL_TIME
 
Nairobi
Nairobi
00100
Kenya
Computers
Computer & IT
KES
 
MONTH
2025-04-30T17:00:00+00:00
 
Kenya
8

AAR Insurance is a licensed financial services provider in Kenya and a member of the Association of Kenya Insurers (AKI) with presence across the country through its intensive branch and broker network.

Information Security Officer

Overall Purpose of the Job

Reporting to the Group Head of Technology, the Information Security Officer (ISO) is responsible for developing and implementing the enterprise-wide information security strategy for the AAR Insurance Group. They will oversee the security of both cloud and on-premise environments, ensuring robust cybersecurity measures, data privacy compliance, and risk management frameworks are in place and shall act as the focal point for all cyber security related engagements. This role requires deep expertise in regulatory compliance, cloud security, and enterprise risk management within the insurance/financial sector.

Key Responsibilities

    • Develop, implement, and oversee the organization’s comprehensive information security strategy, ensuring alignment with business objectives and regulatory requirements.
    • Develop/enhance and implement information security policies, procedures, and controls aligned with business objectives and regulatory requirements.
    • Lead the cybersecurity function, ensuring security policies, procedures, and standards are adhered to across all business units.
    • Collaborate with IT, legal, and compliance teams to maintain a strong security posture.
    • Ensure compliance with relevant data privacy and protection regulations, including HIPAA, GDPR, and local insurance regulatory frameworks.
    • Establish and maintain risk management programs to assess, mitigate, and monitor security risks in cloud and on-premise environments.
    • Monitor and manage security risks, ensuring proper documentation and remediation plans are in place.
    • Lead audits, security assessments, and reporting for internal stakeholders and regulatory bodies.
    • Define and enforce security controls for hybrid IT infrastructure, including cloud platforms (AWS, Azure) and on-premise data center.
    • Implement best practices for identity and access management (IAM), network security, encryption, and endpoint protection.
    • Oversee security incident response plans and lead remediation efforts in case of cyber threats or breaches.
    • Develop and maintain a proactive threat intelligence program to detect, respond to, and mitigate cyber threats.
    • Lead incident response efforts, ensuring rapid detection, containment, and resolution of security breaches.
    • Continuously improve the organization’s security posture through red team exercises, penetration testing, and vulnerability assessments.
    • Develop and lead employee security awareness programs to promote compliance with best practices.
    • Engage with third-party vendors, partners, and contractors to ensure security requirements are met.
    • Stay up to date with emerging cybersecurity threats, trends, and best practices to proactively enhance security measures.
    • Evaluate and implement advanced security technologies, including zero-trust architecture, AI-driven security analytics, and cloud-native security solutions.
    • Lead security due diligence for IT projects, mergers, and acquisitions.

Career development programs

Maasai Mara wildlife experience

Education, Experience & Competencies

  • Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
  • Relevant certifications such as CISSP, CISM, CISA, CRISC, CCSP, CEH or equivalent are highly desirable.
  • 5+ years of experience in information security roles, preferably in the financial, insurance or healthcare sector.
  • Proven experience managing security in hybrid cloud and on-premises environments.
  • Strong knowledge of regulatory compliance (HIPAA, GDPR, ISO 27001, PCI DSS, etc.).
  • Experience handling security operations, incident response, and risk management in a complex IT landscape.
  • Strong leadership, problem solving and communication skills, with the ability to influence executive leadership and business units.
  • Understanding of cloud security architecture and DevSecOps principles.
  • Hands-on knowledge of firewall management, endpoint security, SIEM, IAM, and SOC operations.
  • Ability to assess and manage third-party security risks.
  • High level of integrity, confidentiality, and a proactive approach to cybersecurit
Develop, implement, and oversee the organization’s comprehensive information security strategy, ensuring alignment with business objectives and regulatory requirements. Develop/enhance and implement information security policies, procedures, and controls aligned with business objectives and regulatory requirements. Lead the cybersecurity function, ensuring security policies, procedures, and standards are adhered to across all business units. Collaborate with IT, legal, and compliance teams to maintain a strong security posture. Ensure compliance with relevant data privacy and protection regulations, including HIPAA, GDPR, and local insurance regulatory frameworks. Establish and maintain risk management programs to assess, mitigate, and monitor security risks in cloud and on-premise environments. Monitor and manage security risks, ensuring proper documentation and remediation plans are in place. Lead audits, security assessments, and reporting for internal stakeholders and regulatory bodies. Define and enforce security controls for hybrid IT infrastructure, including cloud platforms (AWS, Azure) and on-premise data center. Implement best practices for identity and access management (IAM), network security, encryption, and endpoint protection. Oversee security incident response plans and lead remediation efforts in case of cyber threats or breaches. Develop and maintain a proactive threat intelligence program to detect, respond to, and mitigate cyber threats. Lead incident response efforts, ensuring rapid detection, containment, and resolution of security breaches. Continuously improve the organization’s security posture through red team exercises, penetration testing, and vulnerability assessments. Develop and lead employee security awareness programs to promote compliance with best practices. Engage with third-party vendors, partners, and contractors to ensure security requirements are met. Stay up to date with emerging cybersecurity threats, trends, and best practices to proactively enhance security measures. Evaluate and implement advanced security technologies, including zero-trust architecture, AI-driven security analytics, and cloud-native security solutions. Lead security due diligence for IT projects, mergers, and acquisitions.
 
Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. Relevant certifications such as CISSP, CISM, CISA, CRISC, CCSP, CEH or equivalent are highly desirable. 5+ years of experience in information security roles, preferably in the financial, insurance or healthcare sector. Proven experience managing security in hybrid cloud and on-premises environments. Strong knowledge of regulatory compliance (HIPAA, GDPR, ISO 27001, PCI DSS, etc.). Experience handling security operations, incident response, and risk management in a complex IT landscape. Strong leadership, problem solving and communication skills, with the ability to influence executive leadership and business units. Understanding of cloud security architecture and DevSecOps principles. Hands-on knowledge of firewall management, endpoint security, SIEM, IAM, and SOC operations. Ability to assess and manage third-party security risks. High level of integrity, confidentiality, and a proactive approach to cybersecurit
bachelor degree
60
JOB-67ffae8f3fb23

Vacancy title:
Information Security Officer

[Type: FULL_TIME, Industry: Computers, Category: Computer & IT]

Jobs at:
AAR Insurance

Deadline of this Job:
Wednesday, April 30 2025

Duty Station:
Nairobi | Nairobi | Kenya

Summary
Date Posted: Wednesday, April 16 2025, Base Salary: Not Disclosed

Similar Jobs in Kenya
Learn more about AAR Insurance
AAR Insurance jobs in Kenya

JOB DETAILS:

AAR Insurance is a licensed financial services provider in Kenya and a member of the Association of Kenya Insurers (AKI) with presence across the country through its intensive branch and broker network.

Information Security Officer

Overall Purpose of the Job

Reporting to the Group Head of Technology, the Information Security Officer (ISO) is responsible for developing and implementing the enterprise-wide information security strategy for the AAR Insurance Group. They will oversee the security of both cloud and on-premise environments, ensuring robust cybersecurity measures, data privacy compliance, and risk management frameworks are in place and shall act as the focal point for all cyber security related engagements. This role requires deep expertise in regulatory compliance, cloud security, and enterprise risk management within the insurance/financial sector.

Key Responsibilities

    • Develop, implement, and oversee the organization’s comprehensive information security strategy, ensuring alignment with business objectives and regulatory requirements.
    • Develop/enhance and implement information security policies, procedures, and controls aligned with business objectives and regulatory requirements.
    • Lead the cybersecurity function, ensuring security policies, procedures, and standards are adhered to across all business units.
    • Collaborate with IT, legal, and compliance teams to maintain a strong security posture.
    • Ensure compliance with relevant data privacy and protection regulations, including HIPAA, GDPR, and local insurance regulatory frameworks.
    • Establish and maintain risk management programs to assess, mitigate, and monitor security risks in cloud and on-premise environments.
    • Monitor and manage security risks, ensuring proper documentation and remediation plans are in place.
    • Lead audits, security assessments, and reporting for internal stakeholders and regulatory bodies.
    • Define and enforce security controls for hybrid IT infrastructure, including cloud platforms (AWS, Azure) and on-premise data center.
    • Implement best practices for identity and access management (IAM), network security, encryption, and endpoint protection.
    • Oversee security incident response plans and lead remediation efforts in case of cyber threats or breaches.
    • Develop and maintain a proactive threat intelligence program to detect, respond to, and mitigate cyber threats.
    • Lead incident response efforts, ensuring rapid detection, containment, and resolution of security breaches.
    • Continuously improve the organization’s security posture through red team exercises, penetration testing, and vulnerability assessments.
    • Develop and lead employee security awareness programs to promote compliance with best practices.
    • Engage with third-party vendors, partners, and contractors to ensure security requirements are met.
    • Stay up to date with emerging cybersecurity threats, trends, and best practices to proactively enhance security measures.
    • Evaluate and implement advanced security technologies, including zero-trust architecture, AI-driven security analytics, and cloud-native security solutions.
    • Lead security due diligence for IT projects, mergers, and acquisitions.

Career development programs

Maasai Mara wildlife experience

Education, Experience & Competencies

  • Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
  • Relevant certifications such as CISSP, CISM, CISA, CRISC, CCSP, CEH or equivalent are highly desirable.
  • 5+ years of experience in information security roles, preferably in the financial, insurance or healthcare sector.
  • Proven experience managing security in hybrid cloud and on-premises environments.
  • Strong knowledge of regulatory compliance (HIPAA, GDPR, ISO 27001, PCI DSS, etc.).
  • Experience handling security operations, incident response, and risk management in a complex IT landscape.
  • Strong leadership, problem solving and communication skills, with the ability to influence executive leadership and business units.
  • Understanding of cloud security architecture and DevSecOps principles.
  • Hands-on knowledge of firewall management, endpoint security, SIEM, IAM, and SOC operations.
  • Ability to assess and manage third-party security risks.
  • High level of integrity, confidentiality, and a proactive approach to cybersecurit

 

Work Hours: 8

Experience in Months: 60

Level of Education: bachelor degree

Job application procedure
Interested in applying for this job? Click here to submit your application now.

All Jobs | QUICK ALERT SUBSCRIPTION

Job Info
Job Category: Computer/ IT jobs in Kenya
Job Type: Full-time
Deadline of this Job: Apr 30, 2025
Duty Station:  Nairobi | Nairobi | Kenya
Posted: 16-04-2025
No of Jobs: 1
Start Publishing: 16-04-2025
Stop Publishing (Put date of 2030): 16-04-2065
Apply Now
Notification Board

Join a Focused Community on job search to uncover both advertised and non-advertised jobs that you may not be aware of. A jobs WhatsApp Group Community can ensure that you know the opportunities happening around you and a jobs Facebook Group Community provides an opportunity to discuss with employers who need to fill urgent position. Click the links to join. You can view previously sent Email Alerts here incase you missed them and Subscribe so that you never miss out.

Caution: Never Pay Money in a Recruitment Process.

Some smart scams can trick you into paying for Psychometric Tests.