Information Security Officer

About Discovery

Discovery’s core purpose is to make people healthier and to enhance and protect their lives. We seek out and invest in exceptional individuals who understand and support our core purpose, and whose own values align with those of Discovery. Our fast-paced and dynamic environment enables smart, self-driven people to be their best. As global thought leaders, Discovery is passionate about innovating in order to not only achieve financial success, but to ignite positive and meaningful change within our society.

About Vitality

Vitality is a global life and health insurer – transforming global insurance through Shared value powered by Vitality AI. More than 42 million lives have access to Vitality in 41 markets, across Europe, the Americas, Asia, Africa and Oceania. Our core purpose is to make people healthier and to enhance and protect their lives. We pioneered the ‘shared value’ insurance model, a unique approach based on the scientifically proven principles of behavioural economics. By changing behaviour, we make people healthier, reduce their risk of being hospitalised, and help them live longer. This generates value for our members, for businesses, and for wider society.

Key Purpose

The primary purpose of this role is to serve as a senior security specialist within the Vitality Group Information Security structure. This individual works closely with the Vitality Group Information Security Manager to serve as a 2IC and backup. This role includes responsibility for Information security strategies and programs, policies, security risk management, assurance, security architectural guidance/vetting and the delivery of internal security consultation services to Vitality Group business, IT, and partner markets. The role also includes leading and managing the security governance for Vitality Group. The role also includes the responsibility for managing Security Operations, providing review and oversight to a number of security controls, and providing operational insight to address the management of cyber threats. This is hands-on position, which will require strong technical expertise in many security technologies.

Areas of responsibility may include but not limited to

• Provide assistance and input into the VG Information Security Strategy, Function and Operations.

• Engage with VG COO and CIO and departmental heads to ensure that the Information Security Program is aligned to business and systems developments.

• Develop VG specific policy, standards and process that is aligned to the VG Strategy

• Identify and assess VG Information Security related risks, identification of controls implemented and the co-ordination and reporting of management actions to address

• Assist with appropriate training and awareness programs or initiatives for all VG staff

• Provide regular reporting and active participation in relevant information security forums and committees.

• Provide operational oversight on security controls to address cyber threats

• Engage with VG C-Suite to develop an Information Security Strategy aligned to VG Strategy
• Engage with VG  Governance to establish how Information Security Governance serves as an input to corporate governance
• Engage with VG Legal to understand what the program needs to drive in order to meet Legal, Compliance and Regulatory Requirements
• Engage with Group CISO to understand what policies will affect VG business capability
• Engage with TI InfoSec to establish Standards and Guidelines that affect the VG Business Capability
• Engage with Group Risk to ensure that VG risk managed to acceptable levels within risk appetite of the business
• Engage with TI Infosec to establish how VG is protected from threats and vulnerabilities.

• Engage with ALL Third Parties to establish their security posture and the potential risk and vulnerabilities introduced into the VG business environment as a result of third party relationships

Personal Attributes and Skills

• Be Fast learner who takes initiative
• Strong and professional communication
• Attention to detail
• Analyzing data and producing information and schedules
• Presentation skills
• Willing to work flexible hours
• Ability to work under pressure
• Adapting and responding to change
• Energetic team player

Education and Experience

• A Bachelor’s Degree in a related area such as Computer Science, Information Security and Risk Management

• Information Security industry-standard certifications such as CRISC, CISA, CISM or CISSP would be advantageous.

• Knowledge of information security governance frameworks and standards eg. COBIT, ISO Series, NIST, GDPR etc.
• Experience in a broad range of security technologies/products, standards and methodologies.
• Experience in the development of security plans, strategies, roadmaps, methodologies and frameworks.

EMPLOYMENT EQUITY   
                             
The Company’s approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.