INFORMATION SECURITY ANALYST

DEPARTMENT: ICT

REPORTS TO: IT Manager

Branch: Head Office – Westlands

PRIMARY PURPOSE:
i) Develop and implement the information security strategy for Geminia Insurance Company.
ii) Oversee the security of both cloud and on-premises environments, ensuring robust cybersecurity measures, data privacy compliance, and effective risk management frameworks are in place.
iii) Serve as the focal point for all cybersecurity-related engagements and initiatives.

SPECIFIC RESPONSIBILITIES:

1. Develop and oversee the organization’s information security strategy, ensuring alignment with business objectives and regulatory requirements.
2. Develop, enhance, and implement information security policies, procedures, standards, and controls across the organization.
3. Lead the cybersecurity function and ensure adherence to security policies and standards across all business units.
4. Collaborate with IT, legal, and compliance teams to maintain a strong organizational security posture.
5. Ensure compliance with applicable data protection and privacy regulations, including GDPR and relevant local insurance regulatory frameworks.
6. Establish and maintain cybersecurity risk management programs to assess, mitigate, and monitor risks across cloud and on-premises environments.
7. Monitor security risks and ensure proper documentation, reporting, and remediation plans are in place.
8. Lead security audits, assessments, and regulatory reporting for internal stakeholders and oversight bodies.
9. Design, implement, and maintain enterprise security architecture and infrastructure security controls.
10. Implement and enforce best practices for identity and access management, network security, encryption, endpoint protection, and cloud security.
11. Develop, maintain, and test the cybersecurity incident response framework to ensure rapid detection, containment, and resolution of security incidents.
12. Establish a proactive threat intelligence capability to detect, respond to, and mitigate emerging cyber threats.
13. Conduct vulnerability assessments, penetration testing, and security reviews to continuously improve the organization’s security posture.
14. Provide cybersecurity oversight for third-party vendors and partners, including security due diligence and risk assessments.
15. Lead staff security awareness and training programs to promote strong cyber hygiene and compliance with security best practices.
16. Evaluate and implement advanced security technologies and frameworks to strengthen the organization’s cybersecurity capabilities.
17. Advise management on cyber risk trends, vulnerabilities, and mitigation priorities.

PERSON SPECIFICATIONS

Academic Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.

Professional Qualification

• Relevant certifications such as CISSP, CISM, CISA, CRISC, CCSP, CEH or equivalent are highly desirable.
  Experience
• At least 3 years of experience in information security roles, preferably in the financial or insurance sector.
• Proven experience managing IT security.
• Strong knowledge of regulatory compliance.
• Experience handling security operations, incident response, and risk management in a complex IT landscape.
• Hands-on knowledge of firewall management, endpoint security, SIEM, and IAM.

Required Skills and Attributes

• High level of integrity and confidentiality.
• Excellent interpersonal and communication skills.
• Good analytical skills and attention to detail.
• Deep understanding of current technology trends.
• Highly motivated and self-directed individual with the discipline to deliver within agreed timelines.

HOW TO APPLY

Interested candidates can apply through the link https://recruitment.geminia.co.ke/ . Job Application, to reach us on or before Tuesday 17th March 2026. The application should include a cover letter demonstrating how you meet our requirements and details of your current remuneration. It should be accompanied by a detailed and up-to-date CV with copies of supporting certificates.