As the Technology Risk and Cybersecurity Manager at CIC Insurance Group Limited, you will report to the Group Director – Risk and Compliance. You will be responsible for embedding cybersecurity and information risk disciplines into the organization’s broader Enterprise Risk Management (ERM) framework. This ensures technology-related risks are identified, assessed, quantified, and treated in a manner consistent with the organization’s risk appetite and governance structures. Beyond cybersecurity risk, the role carries oversight responsibility for the full spectrum of ICT risk across the Group’s technology estate, supervising specialists in ICT Risk, Cyber Risk, and Project and Innovation Risk to ensure that infrastructure, system, and change-related risks are integrated into the Group’s enterprise risk register.
Key Responsibilities
- ERM Framework Integration: Support the Director, Risk and Compliance in embedding cybersecurity and ICT risk within the ERM framework, ensuring technology risks are captured, assessed, and reported to governance forums in clear business terms.
- Team Leadership: Provide direct line management and professional development for the ICT Risk Specialist, Cyber Risk Specialist, and Project and Innovation Risk Specialist; setting objectives, coordinating workplans, and conducting performance reviews.
- Strategy & Reporting: Implement the CIC Group Cybersecurity Strategy and prepare reports on the Group’s cybersecurity risk appetite for Management, regulators, and the Board of Directors.
- Incident Response: Lead the Group’s cybersecurity incident response capability, directing technical and governance responses to material incidents in accordance with the Cyber Incident Response Plan.
- Security Posture Improvement: Direct the Group’s red and blue teaming programmes, commissioning annual adversarial simulation exercises and overseeing defensive monitoring and remediation.
- Security by Design: Provide expert input into the security design of IT architectures, system implementations, and digital transformation initiatives, ensuring security and privacy-by-design principles are embedded.
- Third-Party Risk Management: Implement the Group’s Third-Party Risk Management Framework for ICT-related vendors, monitoring for supply chain cyber threats and data breaches.
- Forensics & Investigations: Support digital forensic investigations, maintaining chain of custody and producing reports for management, board, or legal proceedings.
- Governance & Compliance: Maintain and enforce cybersecurity risk policies across all nine subsidiaries, manage audit engagements (internal/external), and track remediation findings.
- Functional Support: Participate in budgeting and resource allocation for the Risk and Compliance function and maintain current knowledge of cybersecurity legislation and industry best practices.
Requirements
- Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master’s degree in Information Security or Risk Management is an added advantage.
- Certifications: Mandatory senior certification in one or more of CISSP, CISM, or CISA. Desirable certifications include CGEIT, CRISC, CEH, Cloud Security (AWS/Microsoft), or ISO 27001 Lead Implementer.
- Experience: Minimum of six (6) years of progressive cybersecurity or IT risk experience.
- Leadership: At least three (3) years in a management or team lead role with direct reports across multiple security or risk disciplines.
- Industry Knowledge: Prior experience in financial services, insurance, or a regulated industry is strongly preferred.
- Frameworks: Strong working knowledge of ISO 27001, NIST CSF, and enterprise risk frameworks (COSO ERM, ISO 31000).
How to Apply
Interested and qualified candidates should apply online via the official CIC Insurance careers portal by visiting the link provided below.
Apply for Technology Risk and Cybersecurity Manager
