Manager - IT Risk & Compliance at Jubilee Insurance

Role Purpose

To serve as expert advisors to all stakeholders in defining, recommending, and implementing necessary policies, controls, and procedures to cost-effectively assess and manage information security-related risks, educate workforce, and support/participate in regulatory IT compliance activities, especially with regards to, data privacy, cybersecurity, IT disaster recovery management, IT risk management and related legislation. Assists with development and implementation of world-class information security organization, including regular information security risk and system audits, policy governance, compliance with regulatory requirements, information security training and awareness initiatives, third-party audits and third-party risk.

Main Responsibilities

• Support the company strategy for access controls, compliance, audit, and penetration test remedial actions tracking that support the business and support units and enable risk management and regulatory compliance.
• The challenges include identifying where and how we use data; determining what tools and technologies we should deploy; ensuring that preventive/detective/corrective controls are in place and function effectively; staying current with government regulations and commercial agreements governing the use of data.
• Manage internal and external audit and testing programs, reporting risks and compliance areas that need correction to the senior management team and prioritizing the said work.
• Assesses potential items of risk and opportunities of vulnerability in the network and on information technology infrastructure and applications.
• Participates in the development and maintenance of a global risk framework (a single view of the company’s risk profiles and tolerance.)
• Oversee information security governance & compliance consultancy to the Jubilee Holding companies.
• Manage the group ITDR program aligned to best practice as captured in the ISO 22301:2019 and ISO27001:2013.
• Support & oversee the implementation of ISO 20000 compliant IT Service Management Systems (ITSMS)
• Support the scoping & remedial tracking of security assurance audits, including technical infrastructure security assessments, Application Penetration Testing, Mobile Application Testing, Web application testing and governance audits.
• Support the design of robust security and privacy technical controls architectures to support the inhouse data privacy program.
• Delivery of Cyber Risk, IT Risk and Enterprise risk management training.
• Provide reports to leaders regarding the effectiveness of IT controls adopted for governance, information security and data privacy.
• Monitor and report on IT risk remediation progress, escalating to senior management where necessary.
• Work with integrity, passion, and commitment through:
  • Full compliance with Jubilee Insurance’s non-solicitation policy.
  • Protection of company databases, IP, strategy and secrets, sensitive, personal, and confidential client data.
  • Any other duties that may be assigned by management

People and Culture Responsibilities

• Driving Proactive Compliance Awareness: Lead targeted training and awareness initiatives to embed IT risk and compliance knowledge across the organization, empowering employees to make risk-informed decisions confidently.
• Fostering Transparent Communication: Create a psychologically safe environment where team members and stakeholders can openly report risks or ethical concerns, supported by accessible feedback mechanisms and regular cross-departmental dialogue.
• Modelling Ethical Leadership: Demonstrate unwavering commitment to compliance and ethical standards through consistent policy adherence and transparent decision-making, inspiring trust and accountability within the team.
• Strengthening Cross-Functional Synergy: Build collaborative partnerships with IT, legal, and operational teams to integrate risk and compliance practices seamlessly into workflows, promoting a unified approach to organizational resilience.

Key Deliverables

• Ensure systems and processes are in place to support all risk management, risk mitigation, and compliance functions at all times, satisfying all business and regulatory requirements.
• Establish, implement, test, and maintain an updated Business Continuity Management System (BCMS) to ensure operational resilience.
• Provide periodic reporting on ICT risk indicators and risk controls self-assessments to inform leadership and drive continuous improvement.
• Develop and maintain a comprehensive IT risk register, updated quarterly, to track and prioritize risks with actionable mitigation plans.
• Implement an annual compliance training program for all employees, achieving at least 90% completion rate to enhance risk awareness.
• Conduct biannual tabletop exercises for IT incident response, ensuring cross-functional readiness and identifyinggaps in preparedness

Relevant Qualifications and Experience

• Bachelor’s degree in computer science, Information Systems or another related field.
• 5-7 years’ experience in Information Technology and/or IT Audit experience with a financial institution, a fintech company, or a provider to the financial services sector.
• Desired Certifications.
  • CISSP/CISA/CISM/CRISC
  • ISO27001/ ISO2000 Lead Implementer
• Strong knowledge and experience of applicable frameworks and regulatory requirements, e.g., ISO 2700x, ISO20000 series, NIST.
• Subject matter expertise in in two or more: DevOps, microservices, hybrid cloud, SDWAN/SASE/, AI.
• Driving risk and compliance-based decisions to support business strategy and regulatory needs.
• Working with legal, audit, and compliance staff.
• ISMS internal audit and security review.
• Ensure continual alignment to business, risk strategy and compliance to regulation through Information Security Risk Management framework and processes.
• In-depth knowledge of security, risk, compliance issues, techniques, and implications across all existing computer platforms.