Risk Advisory - Cyber Strategy - Manager
- 27 Somerset Rd, Green Point, Cape Town, 8051, South Africa
Deloitte is the largest private professional services network in the world. Every day, approximately 220,000 professionals in more than 150 countries demonstrate their commitment to a single vision: to be the standard of excellence, while working towards one purpose – to make an impact that matters.
In South Africa, Deloitte is one of the leading professional services organisations, specialising in providing Audit, Tax, Consulting, Risk Advisory and Corporate Finance services. We serve clients in a variety of industries from financial services, to consumer business, energy, mining and manufacturing, tourism and the public sector, and we provide powerful business solutions to some of the world's most well-known and respected companies, including more than 80 percent of the Fortune 100.
Our professionals are unified by a collaborative culture that fosters integrity, outstanding value to markets and clients, commitment to each other, and strength from cultural diversity. They are dedicated to strengthening corporate responsibility, building public trust, and making a positive impact in their communities. We understand that our professionals hold interests outside of the workspace and we aim to encourage work/life balance, supporting them in all aspects of their lives.
Our talented professionals and our clients understand the link between a strong learning and development programme and the ability for Deloitte to deliver on its promise of consistent, high-quality service delivery worldwide.
Whatever your age, gender or culture, take your career to the next level with the talents and capabilities you will develop at Deloitte.
About the Division
The value that Deloitte Risk Advisory Africa creates for organisations is synonymous with operational excellence. Our five business areas work in unison to provide integrated solutions unique to the organisational requirements of any business.
Our 5 areas are as follows:
* Governance Regulatory & Risk – GRR services help organisations protect and enhance value by managing risks and opportunities, addressing compliance and supporting management and board oversight, including internal audit, through out-of-the-box solutions with the view to turning risks into value-creating opportunities.
* Data Analytics – By understanding decision-makers’ roles to maximise analytics value, Deloitte turns everyday information into useful and actionable insights.
* Forensic – Deloitte Forensic professionals are a diverse group with a wide and varied range of proficiencies, comprising forensic accountants, legal and law enforcement specialists, and business intelligence experts, all utilising state-of-the-art forensic technology.
* Cyber & Technology Risk – CTR assists organisations in building value, by taking a Risk-Intelligent approach to managing financial, technology and business risks. We leverage our global network and in-depth industry knowledge, to assist organisations in mitigating the risks associated with internal systems, business processes, projects, applications, data and third-party reliance.
Cyber Risk Services provides industry-tailored solutions, using demonstrated methodologies and tools in a consistent manner, with the goal of enabling on-going, secure, and reliable operations across the enterprise.
Our professionals need to have the acumen to handle complex situations and multiple responsibilities simultaneously, balancing long-term projects with the urgency of immediate operational demands. We are committed to establishing and empowering the firm by establishing an environment of continuous learning and enriching career opportunities.
What impact will you make?
Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration and high performance. As the undisputed leader in professional services, Deloitte is where you will find unrivalled opportunities to succeed and realize your full potential.
Main Purpose of Job
Supports Senior Manager in delivery of services to / at client premises on delegated engagement / project. Focus on the management and delivery of client engagements, as well as sales and practice development. Develop high-performing people and teams, leading and supporting them to make an impact that matters, and setting the direction to deliver exceptional client service.
- Expert in field with sound industry and business knowledge
- Demonstrated leadership skills
- Sales skills
- Proven ability to manage and execute projects
- Experience in drafting and presenting client proposals
- Excellent report writing skills
- Good financial knowledge
- Sound business acumen
- Application of NIST SP 800-53, ISO 27000-series, and CoBIT.
- Understand IT and network technologies, including traditional networks, Cloud, MPLS, VPN, Wireless networking; domain structures, user authentication, and digital signatures.
- Performs security monitoring, detection, and analysis systems from both operational and architectural standpoints inclusive of Network Security, SIEM, Endpoint Security, and Vulnerability Management
Designs and Manages Cyber Strategy Programs:
- Ability to enable clients to proactively manage cyber risks by designing and overseeing implementation of executive level
- Cyber risk programs
- Keeps in mind client’s business and risk priorities to design cyber risk strategies and actionable transformation roadmaps that enable business growth and cost optimization, while reducing risk
- Guides clients through the definition of cyber strategic objectives that are prioritized based on gap assessment results, enterprise strategic goals, and the overall enterprise risk framework
- Enables the design of holistic cyber current state assessments to help clients effectively prioritize cyber threats, evaluate related controls, and measure maturity of cyber risk management capabilities
- Works with client to build support, remove organizational barriers and acquire necessary resources to support the cyber transformation
- Designs architectures across different cyber security domains and develops actionable roadmaps to enable effective implementations of cyber strategy programs
- Builds a strong technical knowledge of multiple security operations practices (e.g., secure monitoring, engineering, architectures, patch management)
- Excellent communication skills, both written and verbal
- Effective interpersonal and relationship building skills
- Good mentorship and coaching ability with desire to develop self and others
- Strong client delivery focus
- Adaptable, managing change and ambiguity with ease
- Focus on quality and risk
- Sound problem solving ability
Key Performance Areas
- Support the Senior Manager on delivery of designated engagement / project, managing the implementation of the agreed deliverables
- Track outputs against Service Level Agreement and report to Senior Manager on any unforeseen issues arising
- Seek to identify additional sales opportunities in client business
- Assist in the preparation of proposals/tenders and presentations on request
- Is a support resource in planning of sales presentations and client negotiation teams for new and retained business
- Develop market network in business and build relationships that generate leads
- Build relationships across Deloitte service lines to understand broader offerings and seek opportunities for cross-selling
- Generate innovative solutions on projects / engagements in collaboration with team members to enhance / renew service offerings to client
- Manage engagement budget through accurate budgeting, cost control and profitability management
- Monitor that time and expenses on engagement are accurately recorded and submitted weekly
- Manage WIP on engagement and ensure billings are timeously done and collections followed up
- Ability to leverage an in-depth understanding of the client’s strategy to plan and drive the
- Development of impactful and sustainable risk management solutions
- Demonstrates, through deliverables and discussions, an understanding of a Csuite perspective on risk-taking and risk-avoidance, and related cost-benefit trade-offs
- Articulates how a client’s strategy enables the allocation of capital and other resources based on strategically selected risk-reward trade-offs in light of business objectives and risk mitigation and management capabilities
- Defines scope and prioritizes types of risk assessment (e.g., strategic, operational, financial, project and compliance) to be performed and risk events to be monitored
- Helps client leadership understand risk appetite and tolerance for all risk areas, and defines appropriate Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to strategically guide the analysis
Risk Assessment and Mitigation:
- Ability to advise client on
- Establishing or improving end-to-end risk management systems,
- Processes, and frameworks to enhance strategic alignment with business goals, enable effective decision making and response, and monitor regulatory compliance
- Leverages a strong understanding of client’s industry, regulatory requirements, strategy and objectives to prioritize risk events to be monitored and define risk assessment plans
- Guides teams through the development and implementation of risk assessment processes, leveraging both qualitative and quantitative techniques (e.g., benchmarking, probabilistic and non-probabilistic methods) that lead to a comprehensive view of risk areas
- Reviews risk assessments results and challenges team to identify hidden patterns and effectively prioritize mitigation plans
- Leads teams through the development of mitigation plans that are action oriented, efficient, and aligned with the client’s risk tolerance and risk appetite levels
- Advises client’s leadership on leading practices for risk assessment governance to enable effective oversight and optimal execution
- Ability to plan and execute a project to deliver a superior client experience
- Prepares project plan to meet objectives within established budget and timeline and recognizes when plans should be adjusted to meet objectives
- Develops budget, scope and staffing recommendations based on understanding of client budget and project economics
- Communicates business objectives and desired outcomes to guide the work of others
- Fosters a team environment that builds accountability for and commitment to meeting engagement objectives
- Ensures that team’s work meets quality assurance standards and that all relevant risks have been identified and appropriately addressed
- Prioritizes tasks of the team based on relative importance, delegating to the right resource, based on role, experience, and skill level
- Recognizes potential independence or related issues and takes appropriate action, including consultation with subject matter experts as necessary
Reporting and Presentations:
- Ability to increase quality,
- Accuracy, and impact of reports and presentations by leveraging critical thinking, experience, and judgment
- Provides a vision for deliverables; validates team’s analysis and recommendations in context of broader project
- Challenges team members to identify impactful insights to develop recommendations that most effectively support a client’s business objectives
- Ensures accuracy and validity of client’s reports by critically analyzing hypothesis, conclusions, and recommendations
- Maintains expert knowledge in the use of data, service line innovation, benchmarks, and business metrics to make critical decisions
Qualifications & Experience Required
Degree Postgraduate qualification (relevant to Service Area / Business Management, etc.)MS or BSC degree in Computer Science Information Assurance, Information Security, Cyber Security, or related field (or related curriculum) One or more major industry certifications required - examples include CISA, CISSP, CEH, GIAC, or other comparable certifications and/or suitable hands-on experience is require
5 years working experience, 3 years in a client-facing role 8-10 years of progressive experience with role(s) in a major law enforcement, intelligence, public and/or private sector security organization is required.
Additional Specialised Competencies
Knows the Business and the Industry:
- Ability to build an in-depth knowledge of the client’s business and stay up-to-date on industry
- Activities, marketplace trends, innovation efforts, and leading practices
- Participates in business and / or industry groups to build knowledge of economic, industry, and market conditions
- Identifies relevant trends, practices, and market conditions that merit discussion with the client
- Discusses business trends and industry practices with confidence
- Builds personal brand and supports eminence building in chosen industry
- Ability to develop relationships, establish credibility with, and instill confidence in clients
- Tells a story and advocates for a position with clarity and conviction
- Understands the larger ecosystem within which the client operates; uses to facilitate discussions about potential solutions to the client’s most pressing business problems
- Establishes and maintains relationships with clients beyond immediate project needs and uses to gain beneficial insights and drive impact; has a ‘seat at the table’
- Masters executive level written and oral communications; creates logically structured, executive-facing deliverables
- Maintains a calm, professional demeanor when challenges arise