Information Security Officer at Discovery Limited

Job Purpose

The primary purpose of this role is to serve as a senior security officer within the Vitality Group Information Security structure. This individual works closely with the Vitality Group Information Security Manager to serve as a 2IC and backup. This role includes responsibility for Information security strategies and programs, policies, security risk management, assurance, security architectural guidance/vetting and the delivery of internal security consultation services to Vitality Group business, IT, and partner markets. The role also includes leading and managing the security governance for Vitality Group. The role also includes the responsibility for managing Security Operations, providing review and oversight to a number of security controls, and providing operational insight to address the management of cyber threats. This is hands-on position, which will require strong technical expertise in many security technologies.
Key Outputs may include but are not limited to:

• Provide assistance and input into the VG Information Security Strategy, Function and Operations.
• Engage with VG COO and CIO and departmental heads to ensure that the Information Security Program is aligned to business and systems developments
• Develop VG specific policy, standards and process that is aligned to the VG Strategy
• Identify and assess VG Information Security related risks, identification of controls implemented and the co-ordination and reporting of management actions to address
• Assist with appropriate training and awareness programs or initiatives for all VG staff
• Provide regular reporting and active participation in relevant information security forums and committees.
• Provide operational oversight on security controls to address cyber threats
• Manage and maintain a working relationship with TI Infosec operations teams, VG security architects, development, network, server and web teams
• Engage with VG C-Suite to develop an Information Security Strategy aligned to VG Strategy
• Engage with VG Governance to establish how Information Security Governance serves as an input to corporate governance
• Engage with VG Legal to understand what the program needs to drive in order to meet Legal, Compliance and Regulatory Requirements
• Engage with Group CISO to understand what policies will affect VG business capability
• Engage with TI InfoSec to establish Standards and Guidelines that affect the VG Business Capability
• Engage with Group Risk to ensure that VG risk managed to acceptable levels within risk appetite of the business
• Engage with TI Infosec to establish how VG is protected from threats and vulnerabilities.
• Developing and implementing a comprehensive plan to secure our computing network.
• Documenting any security breaches and assessing their damage.
• Educating colleagues about security software and best practices for information security.

Required
Work Experience

• Minimum of 5 years’ experience in information security and/or IT risk management and compliance.

Preferred (would Be Advantageous)

• Information Security industry-standard certifications such as CRISC, CISA, CISM or CISSP would be advantageous
• Security experience within a large complex corporate environment

Required
Education / Qualifications / Accreditations with Professional Body

• Knowledge of information security governance frameworks and standards eg. COBIT, ISO Series, NIST etc.
• Experience in a broad range of security technologies/products, standards and methodologies.
• Experience in the development of security plans, strategies, roadmaps, methodologies and frameworks.
• A Bachelor’s Degree in a related area such as Computer Science, Information Security and Risk Management
• 5+ Years IT , Information Security and Risk Management

Preferred (would Be Advantageous)

• Global Data Privacy Requirements

Required
Technical Skills or Knowledge

• Familiarity with the use of standard security technology solutions and processes
• such as: access control, user provisioning, active directory, MFA, SIEM, vulnerability management,
• Cloud Access, Security Brokers, Data Loss prevention solutions, anti-virus, single sign on, and Cryptography.
• Knowledge of common web technologies, enterprise and network architecture.
• Secure development life cycle methodologies.

Preferred (would Be Advantageous)

• Programming languages or other scripting languages.