AAR Insurance is one of the leading medical and general insurance providers in the region, committed to delivering innovative insurance solutions that meet the changing needs of our clients. As we continue to drive digital transformation and enhance data protection across our operations, we are seeking a dynamic and experienced Information Security Officer to lead the enterprise-wide cybersecurity agenda.
This is a strategic position that plays a critical role in securing both our cloud and on-premise environments. The successful candidate will work closely with senior leadership, IT, compliance, and legal teams to strengthen the organization’s security posture, implement robust cyber risk management frameworks, and ensure adherence to regulatory requirements within the insurance industry.
If you are passionate about cybersecurity, risk mitigation, and working in a fast-paced insurance environment, this opportunity is tailored for you.
Position: Information Security Officer
Job Type: Full-Time
Job Location: Head Office, Nairobi, Kenya
Reports To: Group Head of Technology
Application Deadline: 30th April 2025
Overall Purpose of the Job
The Information Security Officer (ISO) will be responsible for formulating and executing the organization’s information security strategy, ensuring compliance with regulatory frameworks, and defending the enterprise against evolving cyber threats. This position serves as the central point of contact for all cybersecurity-related matters within the AAR Insurance Group.
Key Responsibilities
Strategy Development & Implementation
- Design, implement, and maintain an enterprise-wide information security strategy aligned with business goals and regulatory expectations.
- Regularly review and update security policies, procedures, and controls to ensure relevance and effectiveness.
Cybersecurity Leadership
- Lead the cybersecurity function across all business units, promoting a culture of security and compliance.
- Establish enterprise-wide risk management programs to monitor, mitigate, and report on security risks.
Regulatory Compliance
- Ensure the organization complies with local and international data privacy regulations such as GDPR, HIPAA, and other industry-specific mandates.
- Collaborate with internal audit, legal, and compliance teams to meet regulatory requirements.
Security Operations
- Define and enforce security standards across cloud (AWS, Azure) and on-premise infrastructure.
- Implement and monitor controls related to IAM, network security, data encryption, and endpoint protection.
Threat Management
- Establish a threat intelligence program to proactively detect and respond to cyber threats.
- Oversee the development and testing of incident response plans and lead response activities during a breach.
Assessment & Reporting
- Coordinate internal and external audits, security assessments, and compliance reporting.
- Monitor and report on key performance indicators (KPIs) and risk metrics to senior management.
Technology Evaluation & Implementation
- Evaluate and adopt cutting-edge security technologies, including AI-powered threat detection, zero-trust architecture, and cloud-native security platforms.
- Provide due diligence support during IT projects, third-party engagements, mergers, and acquisitions.
Security Awareness
- Lead security training and awareness programs across the organization.
- Build a security-conscious workforce through regular communications and educational initiatives.
Vendor & Stakeholder Engagement
- Engage with third-party vendors and partners to ensure compliance with the company’s security standards.
- Serve as the cybersecurity advisor for executive leadership and key stakeholders.
Desired Expertise & Experience
While formal qualifications are not required for this job advertisement, strong experience in the following areas is essential:
- Information security leadership in cloud and hybrid environments.
- Experience with frameworks and compliance mandates such as GDPR, HIPAA, ISO 27001, and PCI DSS.
- Solid understanding of cybersecurity tools including firewalls, SIEM, IAM, and endpoint protection.
- Demonstrated success in managing security operations, incident response, and risk assessments.
- Proficiency in cloud security architecture (AWS, Azure) and DevSecOps.
- Strong communication, leadership, and stakeholder management skills.
- Hands-on involvement with penetration testing, vulnerability assessments, and threat hunting.
Why Join AAR Insurance?
At AAR Insurance, we foster innovation, accountability, and professional growth. By joining our team, you will work in a progressive environment where your cybersecurity expertise will drive real impact in protecting customer data and ensuring secure operations across the region.
We are an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
How to Apply
If you are ready to take on a strategic role in cybersecurity and meet the responsibilities outlined above, we invite you to apply.
Please submit your application letter and an updated CV to the following address:
Email: [email protected]
Deadline: 30th April 2025
For more information, please refer to the attached PDF.
Be part of a team that secures the future.
