Information Security Analyst

Geminia Insurance Company Limited is a fully local-owned insurance company providing innovative products and services in general insurance. We are seeking a qualified Information Security Analyst to lead our cybersecurity function. The role involves developing and overseeing the organization’s information security strategy, ensuring alignment with business objectives and regulatory requirements. You will be responsible for implementing security policies, managing risks, and maintaining a robust security architecture across both cloud and on-premises environments.

Key Responsibilities

• Strategy & Policy: Develop and oversee the organization’s information security strategy. Implement and enhance information security policies, procedures, standards, and controls across the organization.
• Governance & Compliance: Lead the cybersecurity function and ensure adherence to security policies across all business units. Ensure compliance with data protection and privacy regulations, including GDPR and local insurance regulatory frameworks.
• Risk Management: Establish and maintain cybersecurity risk management programs to assess, mitigate, and monitor risks across cloud and on-premises environments.
• Audits & Reporting: Lead security audits, assessments, and regulatory reporting for internal stakeholders and oversight bodies.
• Security Architecture: Design, implement, and maintain enterprise security architecture and infrastructure security controls.
• Security Operations: Enforce best practices for identity and access management (IAM), network security, encryption, endpoint protection, and cloud security.
• Incident Response: Develop, maintain, and test the cybersecurity incident response framework for rapid detection and resolution of incidents.
• Threat Intelligence: Establish proactive threat intelligence capabilities to detect and mitigate emerging cyber threats.
• Technical Assessments: Conduct vulnerability assessments, penetration testing, and security reviews.
• Vendor Oversight: Provide cybersecurity oversight for third-party vendors, including security due diligence and risk assessments.
• Awareness: Lead staff security awareness and training programs to promote strong cyber hygiene.
• Advisory: Advise management on cyber risk trends, vulnerabilities, and mitigation priorities.

Requirements & Qualifications

• Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• Experience: At least 3 years of experience in information security roles, preferably in the financial or insurance sector.
• Certifications: Relevant certifications such as CISSP, CISM, CISA, CRISC, CCSP, CEH or equivalent are highly desirable.
• Technical Knowledge: Hands-on knowledge of firewall management, endpoint security, SIEM, and IAM.
• Management: Experience handling security operations, incident response, and risk management in a complex IT landscape.

How to Apply

Interested and qualified candidates should apply online through the Geminia Insurance Company portal by visiting the official application link. For more information, you can visit their website at geminia.co.ke.