Vitality is a leading behavior change platform which uses the power of incentives, data and behavioral economics to make people healthier and enhance and protect their lives. Vitality has achieved global scale through successful partnerships with leading insurers and the most forward-thinking employers around the world. More than 20 million people in 30 markets engage in the Vitality program. Vitality Group is responsible for the global expansion of the Vitality Shared-Value Insurance model using the capabilities of Discovery and its network. Vitality was founded 20 years ago by Discovery Limited – a leading financial services company listed on the Johannesburg Stock Exchange.
We’re looking for a candidate that will effectively design and implement systems and protocols to protect Vitality’s systems and assets from cyber-attacks and improve the overall security risk landscape. The IT Security Analyst will work on the delivery of key annual compliance requirements such as PCI-DSS audits, SSAE SOC 2 Type 2 audits, Penetration testing and Disaster Recovery Exercises which will include collection of data sets and assisting with remediation outcomes. You will also be required to help with new and existing client’s security reviews and provide knowledge as a consultant to all areas of business seeking input on security services. This position will be located in Downtown Chicago.
- Coordinate with the IT engineering team, harden systems and ensure systems are up to date.
- Perform internal cyber security audits and facilitate external audits.
- Work with 3rd party vendors to run vulnerability scans and pen tests as well as assist in developing remediation projects based on the findings.
- Conduct peer cyber security reviews before applications, systems, or integrations go live.
- Facilitate timely delivery of PCI_DSS and SSAE 18 SOC 2 Type audits.
- Develop, train, communicate, and maintain current information security policies and procedures.
- Collect and schedule annual Penetration testing and manage the remediation process for any findings.
- Perform interactive exercises to measure the effectiveness of our systems and training.
- Analyze and apply applicable information from intelligence reports.
- Monitor the environment for suspicious activity utilizing various security tools and log consolidators.
- Contribute to the design and participate in disaster recovery and business continuity plans.
- Conduct legal hold actions and perform investigations when required.
- Review information security awareness training and track completion and effectiveness for all team members.
- Document and classify security events and incidents. Act as the first responder to triage and remediate events.
- At least 1 year of experience or more in the security industry, in an technical IT capacity, or in an IT Security role is preferred
- Bachelor’s degree in Cyber Security, Computer Information Science, Computer Science, or other closely related field
- Candidates with certifications in CISSP, CASP, Sec+, CEH, CISM, and CRISC are desired
- Experience or a good understanding with security and governance frameworks such as NIST, HITRUST, COBIT, C2M2, etc.
- Experience and a strong understanding of SOC and PCI audits is preferred
- Knowledgeable in cryptographic communication and storage protocols
- Knowledgeable in networking design and protocols
- Experience with security and governance frameworks such as NIST, COBIT, C2M2, etc
- Experience with system hardening and penetration testing and mapping software
Vitality is an equal opportunity employer. All employment decisions are based on qualifications, merit and business needs.