Risk Advisory – Cyber Strategy - Security Architect – Manager
- Magwa Cres, Waterval City, Midrand, 2090, South Africa
Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organisation”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 312,000 people make an impact that matters at www.deloitte.com.
About the Division
The value that Deloitte Risk Advisory Africa creates for organisations is synonymous with operational excellence. Our five business areas work in unison to provide integrated solutions unique to the organisational requirements of any business.
In a world that is constantly changing, organisations need to adapt quickly to respond to new risks and take advantage of new opportunities. Deloitte's Risk Advisory practice advises organisations on how to effectively mitigate risk and make informed and intelligent risk decisions around business processes, technology and operations.
Click here to read more about our Risk Advisory practice.
What impact will you make?
Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration and high performance. As the undisputed leader in professional services, Deloitte is where you’ll find unrivalled opportunities to succeed and realise your full potential.
The main purpose of the job is to support the Senior Manager/ Director in the delivery of services on delegated client engagement/ projects.
Focus on the management and delivery of client engagements, as well as sales and practice development.
Develop high-performing people and teams, leading and supporting them to make an impact that matters, and setting the direction to deliver exceptional client service.
Specialised Technical Capabilities:
Plans and Manages Cyber Solutions:
· Ability to guide teams through the design and implementation of cyber solutions in chosen Cyber sub-offering/s that reduce vulnerability, strengthen cyber security posture / controls and optimize organizational efficiency
o Combines industry knowledge and domain experience to help client identify, assess, and manage Cyber risk
o Oversees teams in design, implementation, transformation and resilience of identity and access management solutions.
o Leverages an in-depth knowledge of market-specific products and solutions to enhance impact of recommended solutions
o Proactively tailor’s implementation strategies to help ensure client’s environments are receptive to the impending change
o Assess, Lead, define, design and implement end to-end modern on-premises and cloud based Cyber Solutions
o Helps client define a holistic future state cyber posture to address gaps with relevant domain (sub-offering) standards and frameworks
o Keeps in mind relevant frameworks, industry standards and the overall client’s business strategy when planning cyber assessments
o Designs cyber solutions (e.g., ICS, Cloud Security, Strategy, vulnerability management, identity and access management) that strengthen controls on key assets, enable compliance, while increasing operational efficiency and reducing cost
o Helps client adopt a long-term view of cyber risk management by advising on leading practices to align cyber risk with risk appetite, key industry issues, and strategic business priorities
o Owns end-to-end delivery of cyber strategy programs across large accounts
o Leverages a strong industry knowledge to advise clients on current and potential changes in regulations, cyber threats, and other key trends
o Stays current on market trends and regulations, and anticipates risk / opportunities; advises client accordingly
Sales and Business Development:
· Ability to apply profitability management and sales fundamentals to support projects and pursuits
o Understands the fundamentals of engagement profitability management and uses Deloitte sales tools, such as pricing and revenue management systems, on all engagements
o Contributes to the development of Statements of Work (SOW), engagement budgeting, and pricing model development and develops budget, scope and staffing recommendations based on understanding of the client’s budget and project economics
o Identifies opportunities to sell Deloitte services on current and proposed engagements where appropriate
o Scans for business development / add-on sales opportunities; organizes these efforts under the direction of others
· Bring deep technical (SME) and industry experience in selected Cyber sub-offering (domain) to engage with clients and key stakeholders pragmatically to solve their problems through security design and architecture.
· Proven winning business, staff development, exceptional delivery, business development, continuous improvement.
· Understands technical complexity at Network, Application, Database, Infrastructure and Cloud level.
· Understand and interpret complex security-related business challenges and ability to respond by conceiving innovative information security/cyber solutions for clients.
· Knowledge and appreciation of the wider Cyber Security issues and opportunities beyond the specific domain specialisation
· Able to scope Cyber engagements effectively and assign and manage an appropriate team to deliver against the engagement requirements
· Display an awareness of Security architecture
· Strong knowledge of Third Party management
· An understanding of at least one of the leading IAM products (Sailpoint, CyberArk, Forgerock or others)
· Well acquainted with LDAP, PKI, SSL, JNDI,
· Apply solutions and products in the following IT security areas: Data
· Data Leak Prevention
· Classification Solutions
· Endpoint and network security
· Data encryption including endpoint, email and databases
· Cryptography, PKI and centralized key management
· Database, networking, messaging, web proxy technologies
· Good working knowledge of networks and network architecture and integrations
· Understanding of information security principles and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security)
Good technical capability and technical certifications in the following areas:
· Software / solution architecture, design and development
· Secure architecture and engineering principles
· Development and open source technology experience
· Understands the integration points of Cyber sub offering with broader Digital Risk, Cyber Risk and enterprise consulting offerings in line with market demand.
· Apply deep knowledge of disruptive trends and competitor activity to drive continuous improvement.
· Certified Information Security Manager (CISM)
· Certified Information Systems Security Professional (CISSP) [ISC2]
· SABSA (Sherwood Applied Business Security Architecture)
· CISSP-ISSAP (Certified Information Systems Security Professional-Information Systems Security Architecture Professional) [ISC2]
· Cloud Security:
o Certified Cloud Security Professional [ISC2]
o AWS Security
o Azure Security Engineer
o Google Cloud and Apigee Security
o SalesForce, Mulesoft and other SaaS solution specific security learning
· SalesForce, Mulesoft and other SaaS solution specific security learning
· Information and Cyber Security Frameworks: ISO/IEC 27001/2; NIST SP800-53; NIST CSF; CYBOK
· ISO 27001 Lead Implementer/Auditor
· SWIFT CSP (Cyber Security Programme)
· IoT: internet of things security
· CCISO (Certified Chief Information Security Officer) [EC Council]
· Ability to identify patterns, and analyse and improve processes (business analysis)
· Software development and engineering including DevSecOps: fundamentals and experience
· IT System and networks design, build and administration
· Project Management including Agile Project Management (SAFE Agile, etc.)
· Microservices, containerisation, DevOps toolsets (CI/CD pipeline)
· Software Programming/Coding in variety of languages
· Related Technical fundamentals at that point in time and what the market is procuring
· Excellent communication skills, both written and verbal
· Effective engagement management
· Curiosity and drive to continually learn
· Able to deliver engagements on time and within budget
· Proven ability to make decisions and the right judgement calls
· Ability to provide leadership and guidance/coaching to junior member of the team
· Ability to inspire and enthuse others to commitment and involvement taking accountability for larger engagements
· Manages large engagement / multiple engagement deadlines holistically, identifying risks and escalating.
· Able to work under pressure
· Ownership of deliverables driving team quality and risk management.
Relevant Degree, Honours or post graduate diploma, professional qualifications e.g. BSc, BCom, or B.Ing/Eng or MSc
Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security - examples include:
· CISM (Certified Information Security Manager)
· CISSP (Certified Information Systems Security Professional)
· ISMP (Information Security Management Principles)
· CCSP (Certified Cloud Security Professional)
· Certified Ethical Hacker – EC Council
· ISO27001 Lead Auditor/Implementer Certificate
· SABSA Chartered Security Architect
· (TOGAF) The Open Group Architecture Framework
· Cisco Unity Systems Engineer
· ITIL – IT Infrastructure Library Foundation
5 years in a client facing role; 3 of these in a management role
8-10 years of progressive experience with role(s) in a professional, consulting services (including boutique security firm), public and/or private sector organisations is required.
· Experience in delivering Cyber strategy and transformation engagements / projects
· Experience in Cyber risk management and compliance. Recognize, analyse, and address third-party and regulatory compliance risks created by the development of new, complex, distributed networks in order to avoid potential threats to business-critical data and systems
· Experience in:
o Software / solution architecture, design and development
o Secure architecture and engineering principles
o Designing network layer security solution
o Web and mobile application security, including mobile gateway security and multi-channel security
o PCI standards and Payments
o Software development and open source technology experience
o Privacy implementation according to POPIA and/or GDPR
o Laws related to Information Security, Cyber Security, Data Protection and/or Privacy
How you’ll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Centre. https://deloitte.zoomforth.com/du
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. https://www2.deloitte.com/global/en/pages/careers/articles/benefits.html
Deloitte is led by a purpose: to make an impact that matters. Every day, Deloitte people are making a real impact in the places they live and work. We pride ourselves on doing not only what is good for clients, but also what is good for our people and the communities in which we live and work—always striving to be an organization that is held up as a role model of quality, integrity, and positive change. Learn more about Deloitte’s impact on the world. https://www2.deloitte.com/global/en/pages/about-deloitte/articles/impact-that-matters.html
*Please note that this job advertisement provides a summary of the capabilities required and all candidates shortlisted will receive a full list of capabilities.