CYBER RISK SPECIALIST

About Us

CIC Insurance Group is a leading insurance and financial services organisation with more than five decades of experience helping individuals, families, and organizations achieve financial security.

We have grown into a dynamic Group offering life, general, micro insurance, asset management, and investment solutions, with operations in Kenya, Uganda, South Sudan, and Malawi, and are listed on the Nairobi Securities Exchange.

Our tagline, “We Keep Our Word,” reflects our unwavering commitment to integrity, transparency, and delivering on our promises to our clients, partners, and communities.

CIC Group is passionate about innovation, digital transformation, and inclusive insurance solutions that meet the evolving needs of cooperatives, SMEs, corporates, and individuals. By joining us, you will be part of a team that is shaping the future of financial protection across Africa.

About the Role

Reporting to the Technology Risk and Cybersecurity Manager, the role holder will be responsible for the identification, assessment, monitoring, and reporting of cybersecurity risks across CIC Insurance Group’s technology estate. The role supports the Technology Risk and Cybersecurity Manager in executing the ICT and cybersecurity risk programme.  The role holder brings specialist cyber risk expertise that complements the broader ICT risk function focusing specifically on cybersecurity threat assessment, vulnerability management, security monitoring, and third-party cyber risk and is expected to operate with a high degree of technical competence, independence, and initiative across CIC Group.

Key Responsibilities

• Conduct cyber risk assessments across the Group’s IT infrastructure, systems, applications, and data assets, documenting threats, vulnerabilities, likelihood, impact ratings, and recommended treatment actions in the Group’s cyber risk register.
• Maintain and update the cyber risk register, ensuring all identified risks are classified, prioritised, assigned to risk owners, and tracked through to treatment or acceptance in line with the Group’s risk appetite framework.
• Work closely with the ICT Risk Specialist to ensure that cybersecurity risks within the broader IT risk landscape are consistently identified, cross-referenced, and reported avoiding duplication while maintaining complete coverage of the technology risk environment.
• Support the Project and innovation Risk Lead by providing specialist cyber risk input into project and innovation risk assessments, ensuring that cybersecurity threats and control requirements are identified and incorporated into project plans, Risk register, and change requests from initiation through to delivery.
• Lead vulnerability screening across the Group’s technology environment, develop curative strategies for identified vulnerabilities, and track remediation progress.
• Conduct real-time security monitoring, investigate and respond to security alerts from firewalls, intrusion detection systems, anti-malware software, and other monitoring tools, and escalate material incidents in accordance with the Cyber Incident Response Plan.
• Support the Technology Risk and Cybersecurity Manager in leading the response to cybersecurity incidents, including triage, containment, evidence documentation, and preparation of incident reports suitable for internal governance or IRA submission.
• Conduct cyber risk assessments for third-party vendors and technology partners, reviewing security questionnaires, certifications, penetration test reports, and incident history maintaining the third-party cyber risk register and escalating material findings to the Cybersecurity Manager.
• Support annual penetration testing exercises and red / blue teaming activities, reviewing findings with technical teams and tracking remediation actions to closure.
• Prepare cyber risk reports, dashboards, and management information for the Technology Risk and Cybersecurity Manager, including quarterly emerging ICT risk research reports and risk presentations for governance committees.
• Support the delivery of cybersecurity awareness activities, contribute to staff training materials, and share threat intelligence and security alerts with relevant stakeholders across the Group.

General Responsibilities;

• Participate in departmental planning, budgeting, and various governance meetings and committees as required.
• Stay current with developments in the cybersecurity field, share emerging threat intelligence with the Cybersecurity Manager and relevant teams, and recommend new security technologies where appropriate.
• Support internal and external audit engagements on cybersecurity matters, providing evidence, analysis, and technical input as required.

 Who We’re Looking For

Essential Knowledge/Skills and Experience Required:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Relevant certifications such as CISA, CISM, CISP, CEH or similar.
• Additional certifications are a plus, including cloud security certifications (AWS, Azure, GCP).
• Minimum of four (4) years of hands-on IT security experience
• Experience in financial services and insurance is preferred
• Proven experience in conducting penetration tests vulnerability assessments and leading closure of findings through collaborating with various stakeholders (Internal & External IT Auditors, IT Risk, External Pentesters etc)
• Strong knowledge of security frameworks and standards (e.g., ISO 27001, NIST).
• Experience working across multiple African jurisdictions is an advantage.

Key Competencies:

• Strong technical knowledge of cybersecurity risk management principles.
• Ability to conduct and document structured cyber risk assessments, maintain risk registers, and produce clear risk reports and dashboards for non-technical management audiences.
• Strong analytical, report-writing, and presentation skills.
• High personal integrity, discretion, and reliability in handling sensitive security information.
• Exceptional personal integrity, absolute reliability, and the highest standards of professional conduct.
• Intellectual authority and technical confidence.
• Stakeholder management and communication skills.
• Established strategic planning and organizational skills.
• Deep awareness of both the internal and external threat environment, including sector-specific attack patterns and adversary motivation.

Why Join Us?

Joining CIC Insurance Group as a Cyber Risk Specialist places you at the forefront of managing cybersecurity risks within a complex, multi-jurisdictional technology environment. You will play a critical role in identifying threats, conducting vulnerability assessments, and strengthening the organization’s cyber resilience. The role offers exposure to advanced security frameworks, real-time incident response, and third-party risk management, allowing you to deepen your technical expertise while influencing enterprise-wide risk decisions. It is an ideal opportunity for a cybersecurity professional seeking to operate strategically, contribute to digital transformation, and shape robust cyber risk practices in a leading financial services group.

If you have the aforementioned professional and academic qualifications and you are ready to execute the above mandate, strictly apply through: https://careers.cicinsurancegroup.com/ clearly indicating the position being applied for.

The application should reach us by close of business on 28^th April, 2026. Please note only short-listed candidates will be contacted. If you do not hear from us by 31^st May, 2026 consider your application unsuccessful.

CIC Group is an equal opportunity employer and does not solicit or require any form of payment for employment opportunities.

N/B: This job advert is open to both internal and external candidates.