Reporting to the Technology Risk and Cybersecurity Manager, the role holder will be responsible for the identification, assessment, monitoring, and reporting of cybersecurity risks across CIC Insurance Group’s technology estate. The role supports the Technology Risk and Cybersecurity Manager in executing the ICT and cybersecurity risk programme. The role holder brings specialist cyber risk expertise that complements the broader ICT risk function focusing specifically on cybersecurity threat assessment, vulnerability management, security monitoring, and third-party cyber risk and is expected to operate with a high degree of technical competence, independence, and initiative across CIC Group.
Key Responsibilities
Cyber Risk Assessment: Conduct cyber risk assessments across the Group’s IT infrastructure, systems, applications, and data assets. Document threats, vulnerabilities, likelihood, impact ratings, and recommended treatment actions in the Group’s cyber risk register.
Risk Register Management: Maintain and update the cyber risk register, ensuring all identified risks are classified, prioritized, assigned to risk owners, and tracked through to treatment or acceptance in line with the Group’s risk appetite framework.
ICT Risk Collaboration: Work closely with the ICT Risk Specialist to ensure that cybersecurity risks within the broader IT risk landscape are consistently identified, cross-referenced, and reported, avoiding duplication while maintaining complete coverage.
Project and Innovation Support: Support the Project and Innovation Risk Lead by providing specialist cyber risk input into project assessments, ensuring threats and control requirements are incorporated into project plans and change requests.
Vulnerability Management: Lead vulnerability screening across the technology environment, develop curative strategies, and track remediation progress.
Security Monitoring: Conduct real-time security monitoring, investigate security alerts from firewalls, intrusion detection systems, and anti-malware software, and escalate material incidents.
Incident Response: Support the response to cybersecurity incidents, including triage, containment, evidence documentation, and preparation of incident reports for internal governance or IRA submission.
Third-Party Risk: Conduct cyber risk assessments for third-party vendors and technology partners, reviewing security questionnaires, certifications, and penetration test reports.
Testing and Red/Blue Teaming: Support annual penetration testing exercises and red/blue teaming activities, tracking remediation actions to closure.
Reporting: Prepare cyber risk reports, dashboards, and management information, including quarterly emerging ICT risk research reports.
Cybersecurity Awareness: Support the delivery of cybersecurity awareness activities and share threat intelligence with relevant stakeholders.
General Responsibilities
Participate in departmental planning, budgeting, and various governance meetings.
Stay current with developments in the cybersecurity field and recommend new security technologies where appropriate.
Support internal and external audit engagements on cybersecurity matters.
Requirements and Qualifications
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Relevant certifications such as CISA, CISM, CISSP, CEH or similar.
Additional certifications in cloud security (AWS, Azure, GCP) are a plus.
Minimum of four (4) years of hands-on IT security experience.
Experience in financial services and insurance is preferred.
Proven experience in conducting penetration tests, vulnerability assessments, and leading closure of findings.
Strong knowledge of security frameworks and standards (e.g., ISO 27001, NIST).
Experience working across multiple African jurisdictions is an advantage.
Key Competencies
Strong technical knowledge of cybersecurity risk management principles.
Ability to conduct structured cyber risk assessments and produce clear reports for non-technical management.
Exceptional personal integrity and high standards of professional conduct.
Deep awareness of sector-specific attack patterns and adversary motivation.
How to Apply
Interested and qualified candidates should apply online through the CIC Insurance Group careers portal at https://careers.cicinsurancegroup.com or via the application link provided below.
