Risk Advisory – Cyber Risk Senior Manager - with Data Privacy and Data Management experience
- 5 Magwa Cres, Waterval City, Midrand, 2066, South Africa
Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organization”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 312,000 people make an impact that matters at www.deloitte.com.
About the Division
The value that Deloitte Risk Advisory Africa creates for organisations is synonymous with operational excellence. Our five business areas work in unison to provide integrated solutions unique to the organisational requirements of any business.
In a world that is constantly changing, organisations need to adapt quickly to respond to new risks and take advantage of new opportunities. Deloitte's Risk Advisory practice advises organisations on how to effectively mitigate risk and make informed and intelligent risk decisions around business processes, technology and operations.
Click here to read more about our Risk Advisory practice.
What impact will you make?
Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration and high performance. As the undisputed leader in professional services, Deloitte is where you’ll find unrivalled opportunities to succeed and realize your full potential.
Main Purpose of Job
In a rapidly changing world where information has a significant value, supply chains are increasingly interconnected. In a world of uncertainty when doing business on a global basis, the resilience of operations has become a board level issue.
We are looking for a Cyber Security Senior Manager, with Data Privacy and data management expertise to support the business leadership in the implementation of strategic plan and the effective management of team/s. your role will include; building high performing teams to deliver in client engagements, translate broader business strategy into a compelling team vision and goals and applying deep knowledge of disruptive trends and competitor activity to drive continuous improvement.
You will provide our clients with a full spectrum of services encompassing business and technology resilience, focusing on development and implementation of cyber risk, data protection and privacy projects.
· Strong experience working with security intelligence, data analytics, security incident response, and forensic investigation teams
· Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques:
• Familiarity with threat modelling, development of attack plans;
• Familiarity with foundational information security frameworks such as ISO27001, NIST etc;
• Familiarity with how Managed Security Services, Security Operations and SIEM technologies can work within the Incident Response lifecycle;
· Willingness to operate as part of an ‘on-call roster’, travelling to assist our clients when required;
· Bring deep SME and industry experience in selected Cyber sub offering (domain) to engage with clients and key stakeholders pragmatically.
· Understands technical complexity at Network, Application, Database, Infrastructure and Cloud level.
· Understand and interpret complex resilience related business challenges and ability to respond by conceiving innovative solutions for clients.
· Strong on design and delivery of end-to-end resilience including Business Continuity, Disaster Recovery or Crisis Management or incident response solutions which are enabled by technology and can think independently and creatively when formulating solutions.
· Solid experience with Archiving Solutions, Data Replications, Disaster Recovery Technology
· Cloud Back-Up and Archiving Solutions (integration between Cloud and on premises)
· Experience with BCM and Incident Recovery tools is desirable
· Expert Understanding of: Personal Data Protection, Statutory / Regulatory Health check, Annual Compliance Services, Intellectual Property Law, Consumer Protection
· Knowledge of cyber risk and data management frameworks and ability to conduct pilots to realize quick wins
· Skilled in drafting and presenting client proposals
· Exceptional communication skills, both written and verbal
· Able deliver multiple engagements on time and within budget
· Proven ability to make decisions and the right judgement calls in complex projects and situations
· Creates a culture of trust, ownership and accountability across teams and projects
· On the job coaching for managers and professional staff and taking accountability for multiple large engagements
· Manages large engagement / multiple engagement deadlines holistically, identifying risks and escalating
· Drives continuous improvement
· Custodian of the business, shaping offerings that we need to proactively take to the market
Relevant Degree, Honours or Post Graduate Diploma professional qualifications (Law, Commence, Engineering, Computer Science or IT) e.g. LLB/CA (SA), BSc, BCom, or B.Eng or MSc
Advanced certifications, diplomas, professional certifications, advanced degrees in Information Technology or BCom Degree, Risk Management, Sustainability, Disaster Management - examples include:
• Qualification with the BCM Institute – CBCI, FBCI, MBCI
• ISO22301 Lead Auditor/Implementer Certificate
• Cisco Unity Systems Engineer
• ITIL – IT Infrastructure Library Foundation
• Computer security incident response team (CSIRT) engineer
and/or or suitable hands-on or product specific (e.g., Microsoft Azure, Amazon AWS, etc.) experience is required.
Qualifications in data management practices such as CDMP (Certified Data Management Professional).
Practice within the Privacy domain
· 10 - 12 years working experience
· Senior Management experience
· Leadership initiatives
· data management, data modelling, data architecture, data governance, master data management, meta data management and wider data analytics experience
· Cross functional management experience (Legal/Cyber/Data Management) is advantageous
7 years in a client facing role; 3 of these in a management role:
· Experience in Business Continuity Management including Crisis Management, Disaster Recovery Management and Cyber Incident Response. To assist client’s senior stakeholders understand the scope and limitations of their cyber resilience programs relative to leading practices, industry trends, and regulatory expectations. Privacy implementation according to POPIA and/or GDPR. Laws related to Information Security, Cyber Security, Data Protection and/or Privacy
· Sector specific experience in key sectors such as financial services, oil and gas, mining, retail, telecoms and technology would be considered advantageous