Share this Job
Apply now »

Information Security Officer (Senior)

Business Unit:  Vitality Group
Function:  Information Security
Date:  05-Aug-2022

About Discovery

Discovery’s core purpose is to make people healthier and to enhance and protect their lives. We seek out and invest in exceptional individuals who understand and support our core purpose, and whose own values align with those of Discovery. Our fast-paced and dynamic environment enables smart, self-driven people to be their best. As global thought leaders, Discovery is passionate about innovating in order to not only achieve financial success, but to ignite positive and meaningful change within our society.


About Vitality Group


Vitality Group, a subsidiary of Discovery Limited is responsible for the expansion of the Vitality Shared-Value Insurance business model beyond South Africa and the UK, serving to fully leverage the assets and intellectual property of Discovery beyond its primary markets. The business forms equity or contractual partnerships with leading global insurers to integrate Vitality and shared value with partner’s insurance and financial services products in the markets where they operate. Vitality Group also operates a business providing wellness solutions to employer groups in the United States. Vitality Health International, a business unit within Vitality Group coordinates and focuses on resource allocation to Discovery’s emerging, global health insurance initiatives. Vitality Group is also responsible for Discovery’s 25 percent equity investment in Ping An Health, the largest comprehensive medical insurer in China.


To date, Vitality Group’s businesses jointly reach more than 27 million unique lives across 38 markets (Argentina, Austria, Australia, Brazil, Canada, Czech Republic, China, Democratic Republic of Congo, Ecuador, France, Germany, Ghana, Hong Kong, Indonesia, Italy, Japan, Kenya, Macao, Malaysia, Mexico, Netherlands, New Zealand, Nigeria, Pakistan, Philippines, Poland, Portugal, Saudi Arabia, Singapore, South Korea, Spain, Sri Lanka, Thailand, the United States, Vietnam and Zambia) as well as our primary markets in South Africa and the United Kingdom.


Key Purpose

The primary purpose of this role is to serve as a senior security specialist within the Vitality Group Information Security structure. This individual works closely with the Vitality Group Information Security Manager to serve as a 2IC and backup. This role includes responsibility for Information security strategies and programs, policies, security risk management, assurance, security architectural guidance/vetting and the delivery of internal security consultation services to Vitality Group business, IT, and partner markets. The role also includes leading and managing the security governance for Vitality Group. The role also includes the responsibility for managing Security Operations, providing review and oversight to a number of security controls, and providing operational insight to address the management of cyber threats. This is hands-on position, which will require strong technical expertise in many security technologies.


Areas of responsibility may include but not limited to


  • Provide assistance and input into the VG Information Security Strategy, Function and Operations.
  • Engage with VG COO and CIO and departmental heads to ensure that the Information Security Program is aligned to business and systems developments.
  • Develop VG specific policy, standards and process that is aligned to the VG Strategy
  • Identify and assess VG Information Security related risks, identification of controls implemented and the co-ordination and reporting of management actions to address.
  • Assist with appropriate training and awareness programs or initiatives for all VG staff.
  • Provide regular reporting and active participation in relevant information security forums and committees.
  • Provide operational oversight on security controls to address cyber threats.
  • Engage with VG C-Suite to develop an Information Security Strategy aligned to VG Strategy
  • Engage with VG Governance to establish how Information Security Governance serves as an input to corporate governance
  • Engage with VG Legal to understand what the program needs to drive in order to meet Legal, Compliance and Regulatory Requirements
  • Engage with Group CISO to understand what policies will affect VG business capability
  • Engage with TI InfoSec to establish Standards and Guidelines that affect the VG Business Capability
  • Engage with Group Risk to ensure that VG risk managed to acceptable levels within risk appetite of the business.
  • Engage with TI Infosec to establish how VG is protected from threats and vulnerabilities.
  • Engage with ALL Third Parties to establish their security posture and the potential risk and vulnerabilities introduced into the VG business environment as a result of third party relationships



Personal Attributes and Skills

  • Be Fast learner who takes initiative
  • Strong and professional communication
  • Attention to detail
  • Analyzing data and producing information and schedules
  • Presentation skills
  • Willing to work flexible hours
  • Ability to work under pressure
  • Adapting and responding to change
  • Energetic team player



Education and Experience

  • A Bachelor’s Degree in a related area such as Computer Science, Information Security and Risk Management
  • Information Security industry-standard certifications such as CRISC, CISA, CISM or CISSP would be advantageous.
  • Knowledge of information security governance frameworks and standards eg. COBIT, ISO Series, NIST etc.
  • Experience in a broad range of security technologies/products, standards and methodologies.
  • Experience in the development of security plans, strategies, roadmaps, methodologies and frameworks.


The Company’s approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.

Apply now »