Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organization”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 312,000 people make an impact that matters at www.deloitte.com

About the Division 

The value that Deloitte Risk Advisory Africa creates for organisations is synonymous with operational excellence. Our five business areas work in unison to provide integrated solutions unique to the organisational requirements of any business.

In a world that is constantly changing, organisations need to adapt quickly to respond to new risks and take advantage of new opportunities. Deloitte's Risk Advisory practice advises organisations on how to effectively mitigate risk and make informed and intelligent risk decisions around business processes, technology and operations.

Click here to read more about our Risk Advisory practice.

What impact will you make?

Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration and high performance. As the undisputed leader in professional services, Deloitte is where you’ll find unrivalled opportunities to succeed and realize your full potential.

Senior Manager: Talent Standards 

Living Our Purpose: Acts as a role model and inspires others to embrace and live our purpose and values

Talent Development: Actively contributes to building the talent pipeline; creates a talent experience that attracts, develops and retains top talent and high performing teams

Performance Drive: Creates opportunities to drive impact; anticipates client needs and delivers superior results by leveraging each person’s strengths to build high performing teams across businesses and borders

Influence: Builds deep relationships across a diverse network and uses a flexible influencing style to gain buy-in and drive impact

Strategic Direction: Translates broader strategy into a compelling team vision and goals; aligns the team and sets priorities to achieve objectives

Competitive Edge: Applies deep knowledge of disruptive trends and competitor activity to drive continuous improvement

Inspirational Leadership: Establishes a strong leadership brand and inspires followership through passion, integrity, and appreciation of others

Main Purpose of Job

Supports the business leadership in the implementation of strategic plan and the effective management of team/s. Build high performing teams to deliver in client engagements.

Competencies:

Technical:

· Proven winning business, staff development, exceptional delivery, business development, continuous improvement

· Bring deep technical (SME) and industry experience in selected Cyber sub-offering (domain) to engage with clients and key stakeholders pragmatically.

· Demonstrates thorough knowledge and/or proven record of success designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure, manufacturing sectors, power and utilities, oil & gas, chemical, and/or consumer products manufacturing. Possess an understanding of ICS/OT fundamentals, including but not limited to:

    o Understanding of Distributed control systems (DCS) and supervisory control & data acquisition (SCADA) systems;

    o Understanding of Network and communication protocols common in ICS environments;

    o Understanding of ICS design considerations with emphasis on human and environmental safety, and the availability/reliability and security of the operational environment;

   o Understanding and Knowledge of leading IT and OT security practices; and,

   o Preparation and maintenance of policies, procedures and standards governing the security operations for ICS systems and networks.

Demonstrates thorough knowledge and/or proven record of success in security technologies such as firewalls, IDS/IPS, endpoint security solutions, access control systems, and other related security technologies within ICS Environment:

· In depth understanding of operating systems, network/system architecture, and IT architecture design;

· In depth understanding with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS);

· In depth understanding of infrastructure and network architecture and design, LAN/WAN implementation, and Windows/Linux environments;

· Understanding of IT and OT network communication protocols (including TCP/IP, UDP. DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.) and ability to perform packet analysis;

· Understanding of Industrial Internet of Things (IIoT) and Cloud services and their security implications in ICS,

· Understanding of OT and IT technology convergence and data interchange techniques, and their associated security techniques; and,

· Understanding of threats, vulnerabilities, and exploits in OT/ICS environments and appropriate mitigation techniques.

Good technical capability and technical certifications in the following areas: 

· Certified Information Systems Security Professional (CISSP) [ISC2]

· SABSA (Sherwood Applied Business Security Architecture)

· CISSP-ISSAP (Certified Information Systems Security Professional-Information Systems Security Architecture Professional) [ISC2]

· ISMP (Information Security Management Principles)

· GIAC Industrial Cyber Security Professional (GICSP) certification

· GIAC Response and Industrial Defence (GRID) certification

· Critical Information Infrastructure Protection (CIIP)

· Ability to identify patterns, and analyse and improve processes (business analysis)

· Software development and engineering including DevSecOps: fundamentals and experience

· IT/OT System and networks design, build and administration

· Project Management including Agile Project Management (SAFE Agile, etc.)

· Programming Coding in variety of languages

· Related Technical fundamentals at that point in time and what the market is procuring

Behavioural

· Exceptional communication skills, both written and verbal

· Able deliver multiple engagements on time and within budget

· Proven ability to make decisions and the right judgement calls in complex projects and situations

· Creates a culture of trust, ownership and accountability across teams and projects

· On the job coaching for managers and professional staff and taking accountability for multiple large engagements

· Manages large engagement / multiple engagement deadlines holistically, identifying risks and escalating

· Drives continuous improvement

. Custodian of the business, shaping offerings that we need to proactively take to the market

Minimum Qualifications

Relevant Degree, honours or post graduate diploma, professional qualifications e.g. B.Sc, B.Com, or B.Ing/Eng or M.Sc.

Desired Qualifications

Advanced certifications, diplomas, professional certifications, advanced degrees in  Cyber or information security - examples include:

· CISM (Certified Information Security Manager)

· CISSP (Certified Information Systems Security Professional)

· ISMP (Information Security Management Principles)

· GIAC Industrial Cyber Security Professional (GICSP) certification

· Critical Information Infrastructure Protection (CIIP)

· ISO27001 Lead Auditor/Implementer or suitable hands-on experience is required.

Minimum Experience

10 – 12 years’ working experience

Desired Experience

5 years in a client facing role; 4 of these in a management role

10 – 12 years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required.

Demonstrates thorough knowledge and/or proven record of success designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure and/or manufacturing sectors, such as power and utilities, oil & gas, chemical, and consumer products manufacturing. Possess an understanding of ICS/OT fundamentals, including but not limited to:

· Understanding of Distributed control systems (DCS) and supervisory control & data acquisition (SCADA), Manufacturing Execution Systems (MES) and related architectures and components;

· Understanding of Network and communication protocols common in OT/ICS environments;

· Familiarity with Safety Instrumented Systems (SIS)

· Understanding of ICS design considerations with emphasis on human/environmental safety, availability/reliability and security of the operational environment;

· Understanding and Knowledge of leading IT and OT security practices and IT/OT convergence principles and secure data exchange techniques; and,

· Preparation and maintenance of policies, procedures and standards governing the security operations for ICS systems and networks.

Demonstrates thorough knowledge and/or proven record of success in security technologies such as firewalls, IDS/IPS, endpoint security solutions, access control systems, and other related security technologies and concepts within the OT/ICS environment, including the following:

· In-depth understanding of operating systems, network/system architecture, and ICS and IT architecture design;

· In-depth understanding of operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, Manufacturing Execution Systems (MES) and Distributed Control Systems (DCS), and related embedded systems;

· Understanding of infrastructure and network architecture and design, LAN/WAN implementation, and Windows/Unix/Linux environments;

· Understanding of IT and OT network communication protocols (including TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.) and ability to perform packet analysis;

· Understanding of Industrial Internet of Things (IIoT) and Cloud services and their security implications in ICS,

· Understanding of OT and IT technology convergence and data interchange techniques, and their associated security techniques; and,

· Understanding of threats, vulnerabilities, and exploits in OT/ICS environments and appropriate mitigation techniques.

Experience with the following:

· ISA/IEC 62443

· NIST Cyber Security Framework for Critical Infrastructures (CSF)

· NIST SP-800-82 and SP-800-53

· ISO/IEC 27001/2

· ISA 95/ Purdue Functional Model for Operational Technology

How you’ll grow

At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Centre. https://deloitte.zoomforth.com/du 

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. https://www2.deloitte.com/global/en/pages/careers/articles/benefits.html

Our purpose

Deloitte is led by a purpose: to make an impact that matters. Every day, Deloitte people are making a real impact in the places they live and work. We pride ourselves on doing not only what is good for clients, but also what is good for our people and the communities in which we live and work—always striving to be an organization that is held up as a role model of quality, integrity, and positive change. Learn more about Deloitte’s impact on the world. https://www2.deloitte.com/global/en/pages/about-deloitte/articles/impact-that-matters.html

*Please note that this job advertisement provides a summary of the capabilities required and all candidates shortlisted will receive a full list of capabilities.