About Jubilee Insurance

Jubilee Insurance was established in August 1937 as the first locally incorporated insurance company based in Mombasa. It has since expanded across the region to become the largest composite insurer in East Africa, offering Life, Pensions, General, and Medical Insurance. Today, Jubilee serves over 450,000 clients and has offices in Kenya, Uganda, Tanzania, Burundi, and Mauritius.

It is the only ISO-certified insurance group listed on all three East African stock exchanges:

• Nairobi Securities Exchange (NSE)
• Dar es Salaam Stock Exchange
• Uganda Securities Exchange

The regional offices are highly rated in leadership, quality, and risk management, with ratings of AA- in Kenya and Uganda, and A+ in Tanzania.

Role Purpose

Reporting directly to the IT Manager, the Cyber Security Analyst will be responsible for identifying potential threats and vulnerabilities within operational environments. Projects may include penetration testing and simulating physical breaches to identify security gaps.

Main Responsibilities

Strategy

• Develop and implement security strategies and protocols to protect against cyber threats and data breaches.
• Collaborate with stakeholders to assess risks and vulnerabilities, and design proactive security measures.
• Monitor emerging security trends, technologies, and best practices to improve the organization’s security posture.

Operational

• Monitor, detect, and respond to cybersecurity incidents and threats.
• Conduct vulnerability assessments and security audits across systems and networks.
• Implement and maintain endpoint, network, and cloud security controls.
• Support security awareness and training programs.
• Work with IT and business teams to ensure secure system design and deployment.
• Participate in developing and enforcing cybersecurity policies, standards, and procedures.
• Conduct risk assessments and support compliance with regulatory frameworks (ISO 27001, NIST, GDPR, or local data protection laws).
• Provide technical input during security reviews, penetration testing, and incident post-mortems.

Corporate Governance

• Ensure compliance with regulatory requirements, industry standards, and internal policies related to data protection and privacy.
• Develop and maintain documentation including policies, procedures, and incident response plans.
• Support internal teams on security-related matters and promote a culture of security awareness and compliance.

Qualifications & Requirements

• 3–4 years of experience in cybersecurity operations, risk management, or security engineering in a medium or large organization.
• Bachelor’s degree in Computer Science, Information Security, IT, or related field.
• Professional certifications such as CompTIA Security+, CEH, CISSP (Associate), CISM are highly desirable.
• Hands-on experience with SIEM tools, firewalls, endpoint protection, and vulnerability management systems.
• Strong understanding of network protocols, secure system architecture, and cloud security best practices.
• Knowledge of incident response and digital forensics is an added advantage.
• Familiarity with security policy development and secure infrastructure design and review.
• Working knowledge of virtualization, remote access, and secure mobile technologies.

Key Competencies

• Team player
• Analytical and problem-solving skills
• Strong attention to detail and ability to work under pressure
• Excellent communication and teamwork skills
• High ethical standards and integrity

• Develop and implement security strategies and protocols to protect against cyber threats and data breaches.
• Collaborate with stakeholders to assess risks and vulnerabilities, and design proactive security measures.
• Monitor emerging security trends, technologies, and best practices to improve the organization’s security posture.
• Monitor, detect, and respond to cybersecurity incidents and threats.
• Conduct vulnerability assessments and security audits across systems and networks.
• Implement and maintain endpoint, network, and cloud security controls.
• Support security awareness and training programs.
• Work with IT and business teams to ensure secure system design and deployment.
• Participate in developing and enforcing cybersecurity policies, standards, and procedures.
• Conduct risk assessments and support compliance with regulatory frameworks (ISO 27001, NIST, GDPR, or local data protection laws).
• Provide technical input during security reviews, penetration testing, and incident post-mortems.
• Ensure compliance with regulatory requirements, industry standards, and internal policies related to data protection and privacy.
• Develop and maintain documentation including policies, procedures, and incident response plans.
• Support internal teams on security-related matters and promote a culture of security awareness and compliance.

• Hands-on experience with SIEM tools, firewalls, endpoint protection, and vulnerability management systems
• Strong understanding of network protocols, secure system architecture, and cloud security best practices
• Knowledge of incident response and digital forensics
• Familiarity with security policy development and secure infrastructure design and review
• Working knowledge of virtualization, remote access, and secure mobile technologies
• Analytical and problem-solving skills
• Strong attention to detail and ability to work under pressure
• Excellent communication and teamwork skills
• High ethical standards and integrity

• Bachelor’s degree in Computer Science, Information Security, IT, or related field
• Professional certifications such as CompTIA Security+, CEH, CISSP (Associate), CISM are highly desirable