Reporting to the ICT Manager, the Information Security Officer must be a self-driven person who will be responsible for establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected.
The ISO should be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as report on ongoing performance.

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
• Develop, maintain and publish up-to-date information security policies, standards and guidelines.
• Conduct risk assessments and recommend mitigating controls.
• Identify and evaluate security risks, proposing strategies to mitigate vulnerabilities.
• Develop incident response and disaster recovery plans, ensuring timely response to security breaches. Lead investigations of security incidents and data breaches.
• Ensure compliance with industry standards (e.g., Data Protection Act, GDPR, PCI-DSS) and regulatory requirements.
• Conduct regular audits and risk assessments to identify areas for improvement
• Promote a security-conscious culture within the organization.
• Oversee user access rights to ensure appropriate levels of access are granted based on roles.
• Implement and manage identity and access management solutions.
• Design secure network architectures, enforcing firewalls, VPNs, intrusion detection, and prevention systems.
• Ensure secure configurations of hardware and software Evaluate and manage third-party vendors to ensure they adhere to security policies.
• Conduct security assessments on new vendors or partners. Conduct regular audits and assessments to ensure compliance with security policies and procedures.
• Prepare and present security reports to management, highlighting risks, incidents, and recommendations for improvement
• Undertake any other tasks as assigned.

• Highly analytical problem solving with the ability to apply original and innovative thinking.
• A high level of oral and communication skills in order to communicate effectively with Executives, Senior Managers, Colleagues and other Stakeholders
• Team player with excellent interpersonal skills

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field.
• Minimum of 5 years of experience in IT security, including security policy development, risk management, and incident response.
• Relevant certifications (e.g., Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), CISA, CISM, ISO 27001 Certified are highly desirable
• Experience with security technologies and tools such as NAC, Firewalls, WAAP, IDS/IPS, antivirus software, and encryption tools.
• Good understanding of the BFSI industry (Banking, Financial Services and Insurance) and knowledge of how Information Technology contributes to success of Financial Institutions.
• Familiarity with security frameworks and standards (e.g., ISO/IEC 27001, NIST).
• Experience in the BFSI (Banking, Financial Services and Insurance) sector will be an added advantage.

Qualified candidates are requested to forward their applications including comprehensive C.Vs to the Group Human Resources Manager through Email: hr_recruitment@madison.co.ke with the Role as the Subject of the email and not later than 29th November, 2024.