TECHNOLOGY RISK AND CYBERSECURITY MANAGER

About Us

CIC Insurance Group is a leading insurance and financial services organisation with more than five decades of experience helping individuals, families, and organizations achieve financial security.

We have grown into a dynamic Group offering life, general, micro insurance, asset management, and investment solutions, with operations in Kenya, Uganda, South Sudan, and Malawi, and are listed on the Nairobi Securities Exchange.

Our tagline, “We Keep Our Word,” reflects our unwavering commitment to integrity, transparency, and delivering on our promises to our clients, partners, and communities.

CIC Group is passionate about innovation, digital transformation, and inclusive insurance solutions that meet the evolving needs of cooperatives, SMEs, corporates, and individuals. By joining us, you will be part of a team that is shaping the future of financial protection across Africa.

About the Role

Reporting to the Group Director – Risk and Compliance, the role holder will be responsible for embedding cybersecurity and information risk disciplines into the organization’s broader ERM framework ensuring technology-related risks are identified, assessed, quantified, and treated in a manner consistent with the organization’s risk appetite and governance structures.  In addition to cybersecurity risk, the role carries oversight responsibility for the full spectrum of ICT risk across the Group’s technology estate, supervising the ICT Risk Specialist and ensuring that infrastructure, system, and change-related risks are integrated into the Group’s enterprise risk register alongside cybersecurity threats.

Key Responsibilities

• Support the Director, Risk and Compliance in embedding cybersecurity and ICT risk within the enterprise risk management framework, ensuring that technology risks are consistently captured in the organizational risk register, assessed against agreed risk appetite, and reported to governance forums in clear business terms.
• Provide direct line management and professional development for the ICT Risk Specialist, Cyber Risk Specialist, Project and Innovation Risk Specialist setting clear objectives, coordinating workplans, conducting performance reviews, and ensuring high-quality delivery across all four disciplines.
• Implement the CIC Group Cybersecurity Strategy and preparing reports on the Group’s cybersecurity risk appetite, monitoring quantified thresholds and for quarterly and annual cybersecurity risk reports to Management, regulators and Board of Directors.
• Lead the Group’s cybersecurity incident response capability directing the technical and governance response to material incidents in accordance with the Cyber Incident Response Plan.
• Direct the Group’s red and blue teaming programme commissioning annual red team adversarial simulation exercises, overseeing blue team defensive monitoring and response capability, reviewing findings from both disciplines, and driving remediation to strengthen the Group’s overall security posture.
• Provide expert input into the security design of IT architectures, system implementations, and digital transformation initiatives, ensuring security-by-design and privacy-by-design principles are embedded from project initiation.
• Implement the Group’s Third-Party Risk Management Framework for ICT-related vendors ensuring all such relationships are assessed, classified, and managed proportionately to their risk tier, and monitoring for supply chain cyber threats and third-party data breaches in line with the Framework’s escalation timelines.
• Supporting digital forensic investigations, maintaining chain of custody, and producing reports suitable for management, board and regulatory submission or legal proceedings.

General Responsibilities;

• Participate in budgeting and resource allocation for the Risk and Compliance function.
• Manage internal, external audit and regulatory engagements related to cybersecurity and information risk, coordinating audit responses and tracking remediation of findings.
• Maintain current knowledge of developments in cybersecurity legislation, regulatory guidance, threat intelligence, and industry best practice across all operating jurisdictions, disseminating relevant updates to stakeholders.
• Maintain and enforce cybersecurity risk policies and standards, reviewing them periodically to reflect changes in the threat landscape, regulatory environment, and organizational risk appetite, and ensuring compliance across all nine subsidiaries.

Who We’re Looking For

Essential Knowledge/Skills and Experience Required:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• A Master’s degree in Information Security, Risk Management, or a related discipline is an added advantage.
• Mandatory: One or more of CISSP, CISM, CISA, or equivalent senior cybersecurity certification.
• Desirable: CGEIT, CRISC, CEH, cloud security certifications (AWS Security Specialty, Microsoft SC-100/AZ-500), ISO 27001 Lead Implementer/Auditor, or a risk management qualification (IRM, CRMA).
• Total Experience: Minimum of eight (6) years of progressive cybersecurity or IT risk experience.
• Leadership Experience: At least four (3) years in a management or team lead role with direct reports across multiple security or risk disciplines.
• Industry Experience: Prior experience in financial services, insurance, or a regulated industry is strongly preferred.
• Frameworks & Standards: Strong working knowledge of ISO 27001, NIST CSF, and enterprise risk frameworks (e.g. COSO ERM, ISO 31000), with practical experience applying these in a compliance-driven environment

Why Join Us?

Joining CIC Insurance Group offers the opportunity to contribute to a dynamic, multi-country organization committed to innovation, integrity, and excellence. In this role, you will play a key part in strengthening cybersecurity and technology risk management while influencing enterprise-wide resilience. CIC provides a strong platform for professional growth, exposure to complex risk environments, and the chance to make a meaningful impact in shaping the future of financial security across Africa.

If you have the aforementioned professional and academic qualifications and you are ready to execute the above mandate, strictly apply through: https://careers.cicinsurancegroup.com/ clearly indicating the position being applied for.

The application should reach us by close of business on 28^th April, 2026. Please note only short-listed candidates will be contacted. If you do not hear from us by 31^st May, 2026 consider your application unsuccessful.

CIC Group is an equal opportunity employer and does not solicit or require any form of payment for employment opportunities.

N/B: This job advert is open to both internal and external candidates.