Discovery Health | Security Architect
Discovery’s core purpose is to make people healthier and to enhance and protect their lives. We seek out and invest in exceptional individuals who understand and support our core purpose, and whose own values align with those of Discovery. Our fast-paced and dynamic environment enables smart, self-driven people to be their best. As global thought leaders, Discovery is passionate about innovating in order to not only achieve financial success, but to ignite positive and meaningful change within our society.
About Vitality Group
Vitality Group, a subsidiary of Discovery Limited offers a wellness platform program to global insurance companies that provides innovative health to foster healthier and happier lives. Vitality Group is responsible for the expansion of the Vitality Shared-Value Insurance business model beyond South Africa and the UK, serving to fully leverage the assets and intellectual property of Discovery beyond its primary markets.
Vitality Group operates a business providing wellness solutions to employer groups in the United States and partners with leading Insurers across the world to launch and grow Vitality Shared-Value Insurance in their markets. Vitality Group is also responsible for Discovery’s 25 percent equity investment in Ping An Health, the largest comprehensive medical insurer in China. Vitality Group’s businesses jointly reach more than 10 million members across 23 countries (Austria, Australia, Canada, China, France, Germany, Hong Kong, Japan, Malaysia, Pakistan, Philippines, Singapore, South Africa, South Korea, Sri Lanka, Thailand, the United Kingdom, the United States, New Zealand, Ecuador, Vietnam and the Netherlands).
The primary purpose of this role is to serve as security architect within the Vitality Group Information Security structure. This individual must ensure alignment of all VG Security capabilities aligned to the VG business using multiple architectural security models to ensure security objectives and controls are designed. The role involves both strategic and tactical reviews of architectures, products and projects to continuously improve the security posture
Areas of responsibility may include but not limited to
- Develops and manages security architecture for multiple IT functional areas (e.g., applications, systems, network and/or Web) across VG.
- Determine security architecture requirements by evaluating VG business strategies to mitigate emerging security threats.
- Identify security design gaps in existing and proposed architectures and recommend changes and enhancements.
- Possess strong / experienced application development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post production and the different risk elements associated with each step.
- Align security standards, frameworks and security with overall business and technology strategy.
- In conjunction with the Enterprise Architect, ensure the effective translation of the security architecture implemented into the solutions.
- Build vulnerability management capabilities into the current architecture.
- Collaborates with operations to develop requirements at network architecture layer.
- Develops and manages security architectures for Mobile and Web Application.
- Provides expert consultancy in the development of programs in line with budget allocation.
- Provides strategic and tactical direction and consultation on information security and compliance.
- Identifies and resolves root causes of security-related problems.
- Consults on teams to resolve issues that are identified by various internal and third party monitoring tools.
- Implements security improvements by assessing current situation, evaluating trends, anticipating requirements.
Personal Attributes and Skills
- Values Driven
- Learns on the Fly
- Instils Trust
- People Savvy
- Drives Results
- Problem Solver
Education and Experience
- Bachelor’s Degree or equivalent Diploma in business management or information technology BSC,BCOMM, Software Engineering
- Knowledge of information security governance frameworks and standards e.g. COBIT, ISO Series, NIST etc.
- Experience in a broad range of security technologies/products, standards and methodologies.
- Experience in the development of security plans, strategies, roadmaps, methodologies and frameworks.
- Solid understanding of security and network infrastructures
- Any of one of the below certifications:
- CISSP: Certified Information Systems Security Professional
- CRISC – Certified in Risk and Information Systems Control
- CISM: Certified Information Security Manager
- CompTIA Security+
- CEH: Certified Ethical Hacker
- GSEC: SANS GIAC Security Essentials.Experience:
- 10+ Years IT Experience
- 10+ Years’ experience in Information Security and Risk Management
- 7+ Years working experience in designing and constructing security architecture
- Experience with the use of standard security technology such as IAM, SIEM, Threat and Vulnerability Management, DLP, Cryptography
- 4+ Application Security experienceKnowledge:
- Strong technical knowledge of infrastructure, Operating Systems, third party software architecture and how it affects IT security and business needs.
- Cloud Security – IAM, NSG, ASG, ID Federation, VPN’s, IPSec
- Cloud Security – Policies, controls, procedures and technologies
- WAF Implementations
- OWASP top 10 mitigation approaches – Service based environments e.g. REST
- Mastery of Linux/Mac/Windows operating systems
- Network/Wireless Penetration Testing
- Ability to understand and modify code in a diverse range of programming languages and frameworks – OO Programming concepts
- Proficiency in cryptographic protocols and cipher suites
- Source code reviews.
- Familiarity with penetration testing methodology and standards
- Deep understanding of Secure SDLC
The Company’s approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.