Vitality is an award winning, dynamic and vibrant financial services provider, with a ground-breaking vision for the future, where individuals are enabled to succeed and are rewarded and recognised for their contribution to our business. We’re the UK insurer and investment provider that rewards people for positive lifestyle choices. With 1.25m+ UK members and more than 25m globally, we’re out to make the world a healthier, happier place. This applies as much to our people as it does to our members.
Our CORE PURPOSE is to make people healthier and to enhance and protect their lives. From people to products and processes, we aspire to deliver on our purpose in everything we do.
Our VISION is to be the BEST financial services provider in the UK
We are looking for talented individuals who are committed to living our values and delivering an award winning service to our customers.
Overall Job Purpose
You will be joining a vibrant, exciting environment to lead on maturing the cyber security capabilities at Vitality. We are a values based organisation and our members are at the heart of everything we do.The primary purpose of the role is to support the CISO with the implementation of the Information Security Strategy,and protecting Vitality’s and its member’s data.You will be responsible for leading the Cyber Security Operations team; providing expert guidance to the wider IT teams; the assessment, delivery and management of technical controls and processes to reduce Cyber Security Risk; monitoring of systems and alerts;detection and management of Cyber incidents; development of cyber-response playbooks, first responder training, table top exercises, management of the CSIRT team.
Perform cyber risk assessments; develop reporting metrics to articulate risk posture to Senior Management
Be the key contact for, and lead on the management of Cyber Security incidents, performing and co-ordinating forensic investigations; mature the Cyber Incident detection and response capabilities
Engagement with internal stakeholder and external bodies as required; Vendors, forensic partners, regulatory bodies
Threat hunting; monitoring for emerging security threats
Provide expert professional advice across Vitality on Information and Cyber Security best practice; training and awareness sessions
Responsible for ensuring that Vitality IT assets are adequately protected from Cyber-attacks and malicious insiders
Penetration testing and vulnerability management governance and remediation.
Deliver key Information Security initiatives/projects, inline with InfoSec and Cyber Security strategy and Enterprise Risk Management Framework
Ensure compliance with Vitality’s ISMS, Regulatory requirements and Information Security best practice frameworks (e.g. ISO27001, GDPR, NIST, Cyber Essentials, ITIL) to ensure the Confidentiality, Integrity and Availability of Vitality Information Systems
Extensive experience working in Information/Cyber Security
Excellent verbal and written communication skills; ability to articulate technical knowledge to non-technical audience; production of policy/standards/project documentation
Appropriate level of technical knowledge, hands-on experience of configuring security tools
Demonstrable experience of designing, implementing and managing information security initiatives
Sound understanding of security frameworks (e.g. ISO27001/2, PCI DSS, NIST), Data Protection and regulatory compliance (e.g. FCA, ICO, PRA, GDPR)
Experience within the insurance, healthcare and/or financial services industries
Ability to conduct internal audits and write associated audit reports
Experience with the following would be an advantage: EDR, Vulnerability Management, Penetration testing, Threat Intelligence tools, SIEM,
Working for Vitality, you'll experience an exciting mix of creativity and innovation, within a framework of challenging objectives and a passion for delivering the best. We think work should be fun and sociable, and we want our people to get the most out of every day. Our people are chosen for their skills, knowledge, enthusiasm and attitude but above all, their belief that anything can be achieved.
As well as a highly competitive pay package, you’ll enjoy: complimentary breakfasts; regular onsite physical and mental wellness workshops; on-site health checks; annual flu jabs and access to our full range of partners and rewards. It’s what we call offering shared value, because a healthy, happy team is good for us, good for our members and good for you.