PRINCIPAL CYBERSECURITY OFFICER

ABOUT THE COMPANY

The Insurance Regulatory Authority is a statutory government agency established under the Insurance Act (Amendment) 2006, CAP 487 of the Laws of Kenya to regulate, supervise and develop the insurance industry. It is governed by a Board of Directors which is vested with the fiduciary responsibility of overseeing operations of the Authority and ensuring that they are consistent with provisions of the Insurance Act.

JOB SUMMARY

DIRECTORATE: Directorate of SupervisionDEPARTMENT: Cybersecurity SupervisionGRADE/LEVEL: IRA 5IMMEDIATE SUPERVISOR: Assistant Director, Cybersecurity SupervisiorJob Specifications Duties and responsibilities at this level will entail:Six (6) years cumulative relevant work experience, three (3) years of which should have been at the grade of Senior Cybersecurity Officer or in a comparable and relevant position.Bachelor’s degree in any of the following: Electrical Engineering, information technology, information systems security, software engineering, or equivalent qualification from a recognized institution.Master’s degree in any of the following: Electrical Engineering, information technology, information systems security, software engineering, or equivalent qualification from a recognized institution.

RESPONSIBILITIES

Job SpecificationsThe duties and responsibilities will entail:Coordinating implementation and periodic review of approved cybersecurity policies and standards.Coordinating cybersecurity incident management and supervising operational response activities.Supervising day-to-day operations of the Insurance Industry Cybersecurity Operations Centre.Researching on new and emerging technological and regulatory trends in relation to Cybersecurity management.Coordinating gathering and dissemination of technical information on cybersecurity incidents, vulnerabilities, security fixes and other security information, as well as issuing alerts and warnings.supervising cybersecurity incident management activities within the insurance industry, including review of response effectiveness.Coordinating cybersecurity analysis and forensic investigations.Supervising compliance with approved cybersecurity systems and Critical Infrastructure Protection (CIP) requirements by regulated entities.Ensuring quality assurance of the Insurance Industry Cybersecurity Operations Centre.Reviewing and disseminating of insurance industry cybersecurity posture reports,Coordinating cybersecurity advocacy, awareness, and capacity building in the insurance industry,Reviewing effectiveness of cybersecurity systems.Reviewing backup schedules of cybersecurity monitoring and management systems.Liaising with other SOCs, and industry stakeholders on matters of Cybersecurity monitoring and management.Reviewing specifications for acquisition of cyber security systems.Coordinating implementation of cyber-security systems.Coordinating implementation of the Critical Infrastructure Protection (CPI) framework.Developing, implementing and reviewing Computer Incident Response (CIR) Manual and Standard Operating Manual.Coordinating the development, monitoring implementation and regular review of the insurance industry Cybersecurity Policies.Conducting partnerships and collaboration with cyber security stakeholders locally, regionally, and globally.Professional qualifications in any of the following:Cisco Certified Network Associate (CCNA);Certified Information Systems Auditor (CISA);Certified Information Security Manager (CISM);Certified Information Systems Security Professional (CISSP);Certified Ethical Hacker (CEH);Any other equivalent qualification from a recognized institution.Management Course lasting not less than four (4) weeks from a recognized institution.Membership to a relevant professional body where applicable and in good standing.Competencies and skillsCommunication skillsInterpersonal skillsAnalytical skillsReport writing skillsPresentation skillsConflict management skillsNegotiation skillsHOW TO APPLYThe interested applicants to submit their applications online by filling the form provided on the IRA website.All applications must be received by close of business at 5.00 pm on Monday, 16th February, 2026.COMPLIANCE REQUIREMENTIn accordance with The Employment (Amendment) Act, 2022, the Authority will require candidates it will enter into a written contract of service with to comply with Chapter Six of the Constitution by submitting mandatory compliance and clearance certificates from the relevant entities.Insurance Regulatory Authority is an Equal Opportunity Employer committed to diversity, gender equality and persons with disabilities (PWDs) are encouraged to apply. Any form of canvassing will lead to automatic disqualification and only shortlisted candidates will be contacted for interviews.IRA IS ISO 9001:2015 CERTIFIED

REQUIRED SKILLS

Information security, Risk analysis, System and network security, Fraud risk assessment and management, Risk management, System (IT) auditing, Security operations, System administration

REQUIRED EDUCATION

Bachelor's degree