isecjobs.com

It Security Officer

Nairobi, Kenya

Full Time Mid-level / Intermediate USD 24K - 56K * est.
Company logo

Old Mutual Limited

Old Mutual Limited (OML) is a premium African financial services group that offers a broad spectrum of financial solutions to retail and corporate customers.

View all jobs at Old Mutual Limited

Apply now Apply later

Lets Write Africa's Story Together!

Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

Job Description

Will be responsible for the day-to-day management and implementation of Information security. This role requires that the role holders interact with security systems on a real-time basis and must develop ability to detect security breaches within 15 minutes.

KEY MEASURABLE GOALS

  • Achieve security and compliance to Old Mutual Group Security Blueprint and Regulatory requirements.

  • Resolve reported cyber incidents or escalate to investigative authorities.

  • Identify and manage information risks.

  • Maintain required security posture on all IT systems.

  • Compliance to Risk and Audit.

KEY RESPONSIBILITIES

  • Implement security projects by use of products such as Network Firewalls, Antivirus Systems, Database Security Systems, and Software Patching systems.

  • Implement 2 factor authentication following a risk-based approach for all critical system logins such as super user logins and remote VPN connections.

  • Train and promote information security awareness campaigns amongst all the staff.

  • Play an active role in the information security stage of every business project.

  • Develop risks based plans and polices to safeguard information assets against accidental or unauthorized modification, destruction, access or disclosure.

  • Monitor current vulnerability reports from threat management systems (antivirus reports, firewalls, alerts systems etc.) and execute measures to remove these vulnerabilities.

  • Ensure that relevant encryption and data loss prevention standards are implemented to the group security blueprint standard requirements.

  • Ensure that all Faulu Systems, Perimeter Network Systems, Desktops, Point of Sale Devices, and other Mobile devices are all up to date with the latest security patches and measures.

  • Working closely with System and Business Managers, he/she should identify and close data and information security as well as the continuity gaps necessary for effective data, information continuity and security.

  • Review vendor security systems with an aim to improve security on directly connected links.

  • Protect system by defining user access privileges and control structures.

  • Establish security for VPNs, home connections and Internet Connections

  • Where required develop an information security policy.

  • Establish information security incident visibility to the relevant investigative authorities.

  • Safeguard established and agreed logical and physical security measures for all the information assets.

  • Perform periodic User Access Rights reviews and recertifications on all critical systems.

  • Implementation of Information Security tools and methods necessary to support the bank’s Information Security Strategy.

  • Determine and report all security violations and inefficiencies by conducting periodic system information security reviews.

IT RISK AND SECURITY

  • Carry Contribute to IT security risk and controls self-assessments.

  • Continuous monitoring of IT Security baselines, policies, and frameworks to maintain stable security posture.

  • Constant monitoring and remediation of security vulnerabilities (Vulnerability per device, VPD’s) and ensure severity levels are at acceptable thresholds.

  • Perform IT Security compliance checks for network devices, endpoints, and databases in Faulu.

BANKWIDE AML KYC & CFT RESPONSIBILITIES

  • The incumbent will be responsible for ensuring adherence to, implementation of, and adoption of Compliance, Anti-Money Laundering (AML), and Sanctions-related policies, procedures, and process requirements within Old Mutual and its subsidiaries. This includes execution of customer due diligence processes, ensuring compliance with Know-Your-Customer (KYC) standards, conducting ongoing and enhanced due diligence, and maintaining data quality.

  • Additionally, the role involves identifying and monitoring potential AML, Sanctions, or Compliance breaches and unusual activities, and escalating these concerns to the Risk and Compliance Office for further action.

Education

  • Bachelor’s degree in computer science or Equivalent qualification.

  • Must possess at least one Security Certification such as CEH, Comp TIA Security + Certification(s), CIH (Certified Incident Handler), CTIA (Certified Threat Intelligence Analyst (CTIA), OSCP (Offensive Security Certified Professional), GCTI (GIAC Cyber Threat Intelligence), GCIH (GIAC Certified Incident Handler), CSX-F (Cyber Security Fundamentals), SSCP (Systems Security Certified Practitioner) and CASP (CompTIA Advanced Security Practitioner)

  • CISSP, CRISC, CISM, CISA, CEH or other InfoSec Governance Training in information security would be an added advantage.

Knowledge and Skills

  • User and Technical level knowledge of core operating systems e.g. Unix, Linux and Windows of at least one year (1) working experience.

  • Experience in Endpoint Security Management

  • Administer, optimize, and support the Bank’s security awareness and phishing simulation solutions, in compliance with the Bank’s policies and standards.

  • Good knowledge of Banking Operations and procedures.

  • Good information Data Protection Act and Data Security.

  • Experience in Network Security including firewall, NAC, Network Segmentation, VPN and gateway security

  • Experience in Identity and Access Management

  • Experience in using security monitoring tools and incidence response using SIEM tool kit

  • Experience in penetration testing and vulnerability management

  • Experience in application security from web applications to mobile apps and USSD

  • Experience in Database Security and use of Database Access Management, DAM

  • Experience in Cloud Security management

  • Experience in Security Operations and cybersecurity threat indicators then assist to detect, report, and respond to related incidents

Experience

  • A minimum of 2 years’ experience in Information Security

  • Strong technical skills in a wide range of systems and security tools such as, SIEM, DAM, PAM, WAF, Access Lists, Firewalls Rules, Wireless Encryption Standards, Windows/Linux IP Protocols, Endpoint Security, mobile devices security, access control systems, data loss prevention systems and encryption standards

  • Good understanding of Applications and Database Security controls in banking businesses, with deep knowledge in emerging security threats

  • Hands on and proven experience in security software and hardware security remediation projects

Personal Attributes

  • Team Player

  • Tech Savvy and Business awareness

  • Ownership

  • A person of high integrity, dependable and with technical knowledge

  • Flexible to work during odd hours

  • Self-starter with ability to go an extra mile and deliver within agreed timelines

  • Strong verbal and written communication skills

  • Building relationships

  • Aligning Performance for success

  • Ability to work with minimal supervision

Maintains, analyses, test, troubleshoot, and evaluates existing network systems.

Responsibilities

Infrastructure and Network Development and Maintenance

Complete operational tasks, data management, incident logging, reporting, systems monitoring, systems testing, and disaster recovery to support the day-to-day infrastructure and networks.

Continuous Improvement

Contribute to reviewing existing operations in own area of work, and support in generating new ideas to assist in identifying continuous improvements.

Continuous Integration

Provide operational support by performing prescribed continuous integration activities (sharing, testing and building) using existing systems and protocols.

Faults Diagnosis and Correction

Provide initial fault isolation and propose resolution for approval by more senior colleagues to limit and address issues promptly.

Testing Information Technology (IT) Performance

Perform routine website/applications software tests and respond to user emails to monitor, diagnose, and correct performance issues.

Applications Software Maintenance

Monitor and identify software defects and suggest corrections for approval by more senior colleagues to maintain fully functioning applications software.

Personal Capability Building

Develop own capabilities by participating in assessment and development planning activities as well as formal and informal training and coaching. Develop and maintain an understanding of relevant technology, external regulation, and industry best practices through ongoing education, attending conferences, and reading specialist media.

Skills

Action Planning, Adaptive Thinking, Backlog Management, Cloud Computing, Cloud Infrastructure Management, Data Compilation, Data Management, Information Technology (IT) Support, IT Installations, Local Area Network (LAN) Management, Network Monitoring, Software Testing, Test Case Management, WAN Networking, Web Platform Development Software

Competencies

Communicates Effectively

Cultivates Innovation

Decision Quality

Drives Results

Ensures Accountability

Optimizes Work Processes

Tech Savvy

Education

NQF Level 3 & NQF Level 2 - Below school leaving

Closing Date

06 June 2025 , 23:59

The Old Mutual Story!

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0

Tags: Antivirus Application security Banking CASP+ CEH CISA CISM CISSP Cloud Compliance CompTIA Computer Science CRISC Encryption Endpoint security Firewalls GCIH GCTI GIAC Governance IAM Linux Monitoring Network security Offensive security OSCP Pentesting Security strategy SIEM SSCP Strategy Threat intelligence UNIX VPN Vulnerabilities Vulnerability management Windows

Perks/benefits: Career development Conferences Flex hours Team events

Region: Africa
Country: Kenya

More jobs like this

« Back to job search To the top ↑

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.

Security Operations Engineer jobsProduct Security Engineer jobsSenior Cybersecurity Engineer jobsSenior Security Analyst jobsSystems Administrator jobsCybersecurity Editor jobsSenior Information Security Analyst jobsCybersecurity Content Editor jobsCyber Security Specialist jobsInformation Security Manager jobsIT Security Analyst jobsSenior Network Security Engineer jobsChief Information Security Officer jobsSenior Information Security Engineer jobsSecurity Consultant jobsInformation System Security Officer (ISSO) jobsIT Security Engineer jobsSecurity Specialist jobsSenior Product Security Engineer jobsInformation Systems Security Engineer jobsCyber Threat Intelligence Analyst jobsSenior Cyber Security Engineer jobsSecurity Operations Analyst jobsSenior Software Engineer jobsCyber Security Architect jobs
TS/SCI jobsEDR jobsJava jobsCEH jobsEncryption jobsThreat detection jobsSplunk jobsSDLC jobsTop Secret jobsTerraform jobsMalware jobsIDS jobsSOC 2 jobsRMF jobsSQL jobsIPS jobsFinance jobsForensics jobsDocker jobsCompTIA jobsIntrusion detection jobsActive Directory jobsOWASP jobsITIL jobsVPN jobs
Ansible jobsCRISC jobsIT infrastructure jobsTCP/IP jobsClearance Required jobsHIPAA jobsGIAC jobsDoDD 8570 jobsOSCP jobsIndustrial jobsSOAR jobsMITRE ATT&CK jobsBanking jobsCCSP jobsDNS jobsZero Trust jobsSOX jobsData Analytics jobsJira jobsArtificial Intelligence jobsCISO jobsJavaScript jobsNIST 800-53 jobsMachine Learning jobsGCIH jobs