Discovery Health | Information Security Officer 2021

Discovery Health | Information Security Officer 2021

About DiscoveryDiscovery’s core purpose is to make people healthier and to enhance and protect their lives. We seek out and invest in exceptional individuals who understand and support our core purpose, and whose own values align with those of Discovery. Our fast-paced and dynamic environment enables smart, self-driven people to be their best. As global thought leaders, Discovery is passionate about innovating in order to not only achieve financial success but to ignite positive and meaningful change within our society.

About Vitality Group

Vitality Group, a subsidiary of Discovery Limited offers a wellness platform program to global insurance companies that provide innovative health to foster healthier and happier lives. Vitality Group is responsible for the expansion of the Vitality Shared-Value Insurance business model beyond South Africa and the UK, serving to fully leverage the assets and intellectual property of Discovery beyond its primary markets.

 

Vitality Group operates a business providing wellness solutions to employer groups in the United States and partners with leading Insurers across the world to launch and grow Vitality Shared-Value Insurance in their markets. Vitality Group is also responsible for Discovery’s 25 percent equity investment in Ping An Health, the largest comprehensive medical insurer in China. Vitality Group’s businesses jointly reach more than 10 million members across 22 countries (Austria, Australia, Canada, China, France, Germany, Hong Kong, Japan, Malaysia, Pakistan, Philippines, Singapore, South Africa, South Korea, Sri Lanka, Thailand, the United Kingdom, the United States, New Zealand, Ecuador and Vietnam).

Job Purpose

The primary purpose of this role is to serve as a senior security officer within the Vitality Group Information Security structure. This individual works closely with the Vitality Group Information Security Manager to serve as a 2IC and backup. This role includes responsibility for Information security strategies and programs, policies, security risk management, assurance, security architectural guidance/vetting, and the delivery of internal security consultation services to Vitality Group business, IT, and partner markets. The role also includes leading and managing the security governance for Vitality Group. The role also includes the responsibility for managing Security Operations, providing review and oversight to a number of security controls, and providing operational insight to address the management of cyber threats. This is a hands-on position, which will require strong technical expertise in many security technologies.

Key Outputs may include but are not limited to:

  1. Provide assistance and input into the VG Information Security Strategy, Function, and Operations.
  2. Engage with VG COO and CIO and departmental heads to ensure that the Information Security Program is aligned to business and systems developments
  3. Develop VG specific policy, standards and process that is aligned to the VG Strategy
  4. Identify and assess VG Information Security related risks, identification of controls implemented and the co-ordination and report of management actions to address
  5. Assist with appropriate training and awareness programs or initiatives for all VG staff
  6. Provide regular reporting and active participation in relevant information security forums and committees.
  7. Provide operational oversight on security controls to address cyber threats
  8. Manage and maintain a working relationship with TI Infosec operations teams, VG security architects, development, network, server and web teams
  9. Engage with VG C-Suite to develop an Information Security Strategy aligned to VG Strategy
  10. Engage with VG  Governance to establish how Information Security Governance serves as an input to corporate governance
  11. Engage with VG Legal to understand what the program needs to drive in order to meet Legal, Compliance and Regulatory Requirements
  12. Engage with Group CISO to understand what policies will affect VG business capability
  13. Engage with TI InfoSec to establish Standards and Guidelines that affect the VG Business Capability
  14. Engage with Group Risk to ensure that VG risk-managed to acceptable levels within the risk appetite of the business
  15. Engage with TI Infosec to establish how VG is protected from threats and vulnerabilities.
  16. Developing and implementing a comprehensive plan to secure our computing network.
  17. Documenting any security breaches and assessing their damage.
  18. Educating colleagues about security software and best practices for information security.

 

Work Experience
Required Minimum of 5 years’ experience in information security and/or IT risk management and compliance.

 

Preferred (would be advantageous) Information Security industry-standard certifications such as CRISC, CISA, CISM or CISSP would be advantageous

Security experience within a large complex corporate environment

 

 

Education / Qualifications / Accreditations with Professional Body
Required Knowledge of information security governance frameworks and standards eg. COBIT, ISO Series, NIST etc.

Experience in a broad range of security technologies/products, standards, and methodologies.

Experience in the development of security plans, strategies, roadmaps, methodologies, and frameworks.

 

A Bachelor’s Degree in a related area such as Computer Science, Information Security, and Risk Management

5+ Years IT, Information Security and Risk Management

Preferred (would be advantageous) Global Data Privacy Requirements

 

 

Technical Skills or Knowledge
Familiarity with the use of standard security technology solutions and processes

such as: access control, user provisioning, active directory, MFA, SIEM, vulnerability management,

Cloud Access, Security Brokers, Data Loss prevention solutions, anti-virus, single sign-on, and Cryptography.

Knowledge of common web technologies, enterprise, and network architecture.

Secure development life cycle methodologies.

 
Programming languages or other scripting languages.  

About Discovery

Discovery’s core purpose is to make people healthier and to enhance and protect their lives. We seek out and invest in exceptional individuals who understand and support our core purpose, and whose own values align with those of Discovery. Our fast-paced and dynamic environment enables smart, self-driven people to be their best. As global thought leaders, Discovery is passionate about innovating in order to not only achieve financial success but to ignite positive and meaningful change within our society.

About Vitality Group

 

Vitality Group, a subsidiary of Discovery Limited offers a wellness platform program to global insurance companies that provide innovative health to foster healthier and happier lives. Vitality Group is responsible for the expansion of the Vitality Shared-Value Insurance business model beyond South Africa and the UK, serving to fully leverage the assets and intellectual property of Discovery beyond its primary markets.

Vitality Group operates a business providing wellness solutions to employer groups in the United States and partners with leading Insurers across the world to launch and grow Vitality Shared-Value Insurance in their markets. Vitality Group is also responsible for Discovery’s 25 percent equity investment in Ping An Health, the largest comprehensive medical insurer in China. Vitality Group’s businesses jointly reach more than 20 million lives across 27 markets (Argentina, Austria, Australia, Canada, China, Ecuador, France, Germany, Hong Kong, Indonesia, Israel, Japan, Macao, Malaysia, Netherlands, New Zealand, Pakistan, Philippines, Saudi Arabia, Singapore, South Africa, South Korea, Sri Lanka, Thailand, the United Kingdom, the United States, and Vietnam).

 

Key Purpose

The primary purpose of this role is to serve as a senior security officer within the Vitality Group Information Security structure. This individual works closely with the Vitality Group Information Security Manager to serve as a 2IC and backup. This role includes responsibility for Information security strategies and programs, policies, security risk management, assurance, security architectural guidance/vetting, and the delivery of internal security consultation services to Vitality Group business, IT, and partner markets. The role also includes leading and managing the security governance for Vitality Group. The role also includes the responsibility for managing Security Operations, providing review and oversight to a number of security controls, and providing operational insight to address the management of cyber threats. This is a hands-on position, which will require strong technical expertise in many security technologies.

Areas of responsibility may include but not limited to

  1. Provide assistance and input into the VG Information Security Strategy, Function, and Operations.
  2. Engage with VG COO and CIO and departmental heads to ensure that the Information Security Program is aligned to business and systems developments
  3. Develop VG specific policy, standards and process that is aligned to the VG Strategy
  4. Identify and assess VG Information Security related risks, identification of controls implemented and the co-ordination and report of management actions to address
  5. Assist with appropriate training and awareness programs or initiatives for all VG staff
  6. Provide regular reporting and active participation in relevant information security forums and committees.
  7. Provide operational oversight on security controls to address cyber threats
  8. Manage and maintain a working relationship with TI Infosec operations teams, VG security architects, development, network, server, and web teams
  9. Engage with VG C-Suite to develop an Information Security Strategy aligned to VG Strategy
  10. Engage with VG  Governance to establish how Information Security Governance serves as an input to corporate governance
  11. Engage with VG Legal to understand what the program needs to drive in order to meet Legal, Compliance and Regulatory Requirements
  12. Engage with Group CISO to understand what policies will affect VG business capability
  13. Engage with TI InfoSec to establish Standards and Guidelines that affect the VG Business Capability
  14. Engage with Group Risk to ensure that VG risk-managed to acceptable levels within the risk appetite of the business
  15. Engage with TI Infosec to establish how VG is protected from threats and vulnerabilities.
  16. Developing and implementing a comprehensive plan to secure our computing network.
  17. Documenting any security breaches and assessing their damage.
  18. Educating colleagues about security software and best practices for information security.

 

Personal Attributes and Skills

  • Action Orientated
  • Business Insight
  • Financial Acumen
  • Values-Driven
  • Optimistic
  • Learns on the Fly
  • Resilient
  • Instils Trust
  • People Savvy
  • Drives Results
  • Problem Solver

 

 

Education and Experience

Education:

Required:

  • Knowledge of information security governance frameworks and standards eg. COBIT, ISO Series, NIST etc.
  • Experience in a broad range of security technologies/products, standards, and methodologies.
  • Experience in the development of security plans, strategies, roadmaps, methodologies, and frameworks.
  • A Bachelor’s Degree in a related area such as Computer Science, Information Security, and Risk Management

 

Experience:

  • Minimum of 5 years experience in information security and/or IT risk management and compliance.

Security experience within a large complex corporate environment

  • Information Security industry-standard certifications such as CRISC, CISA, CISM or CISSP would be advantageous
  • Familiarity with the use of standard security technology solutions and processes such as: access control, user provisioning, active directory, MFA, SIEM, vulnerability management, Cloud Access, Security Brokers, Data Loss prevention solutions, anti-virus, single sign-on, and Cryptography.
  • Knowledge of common web technologies, enterprise, and network architecture.
  • Secure development life cycle methodologies.

 

Knowledge:

  •  Global Data Privacy Requirements

Employment Equity 

The Company’s approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.

 

Apply now 

 

Find similar jobs:

Takealot | Online Shopping Assistant X1

Leave a Reply

Your email address will not be published. Required fields are marked *