Risk Advisory – Cyber Strategy - Security Architect – Senior Consultant
- Full-time
- Service Line: Risk Advisory
Company Description
Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organisation”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 312,000 people make an impact that matters at www.deloitte.com.
About the Division
The value that Deloitte Risk Advisory Africa creates for organisations is synonymous with operational excellence. Our five business areas work in unison to provide integrated solutions unique to the organisational requirements of any business.
In a world that is constantly changing, organisations need to adapt quickly to respond to new risks and take advantage of new opportunities. Deloitte's Risk Advisory practice advises organisations on how to effectively mitigate risk and make informed and intelligent risk decisions around business processes, technology and operations.
Click here to read more about our Risk Advisory practice.
What impact will you make?
Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration and high performance. As the undisputed leader in professional services, Deloitte is where you’ll find unrivalled opportunities to succeed and realise your full potential.
Job Description
The main purpose of the job is to support the engagement Manager in the delivery of services on delegated client engagement/ projects.
Focus on the delivery of client engagements and shares knowledge and experience with others
Able to produce high quality deliverables and support junior team members.
Specialised Technical Capabilities:
Supports the Development and Implementation on of Cyber Risk Solutions:
· Ability to develop and execute strategies, architectures, and roadmaps to provide client with need-based, value-adding, and cost-effective Cyber risk solutions
o Ability to analyse the client’s cyber security infrastructures to enable targeted and data-driven enhancements
o Keeps in mind the client’s business needs when developing assessment frameworks to ensure effective, targeted, and actionable analyses
o Applies multiple security testing methodologies and techniques to assess client’s security infrastructures and identify / evaluate vulnerabilities
o Gathers data and determines priority criteria to build an integrated roadmap that addresses all facets of a Cyber Assessment or implementation
o Assesses cyber security policies and procedures to analyse compliance with regulatory requirements and evaluate overall operational efficiency; provides clients with mitigating solutions
o Is proficient with multiple domain-specific cyber security technology solutions and can effectively design the integration of them to meet and exceed client’s needs
o Enables sustainability and continuous improvement of cyber security solutions by assessing and enhancing client’s cyber security governance infrastructures
o Understands and applies cyber threat intelligence and profiling to the design and assessment of client systems
o Tests the effectiveness of client’s cyber security technologies to identify and articulate opportunities for improvement across the digital, physical, and social elements of the client
o Conducts complex business process assessments to help clients identify, analyse, and prioritize gaps and risks; applies findings to make recommended upgrades aligned to the overall strategy
o Develops effective and sustainable technology and Cyber risk management strategies by tailoring leading Cyber frameworks on key clients’ business and technology needs
o Understands the interaction of business and technology processes / risks and can explain it in business terms to both technical and non-technical audiences
Technical competencies:
· Knowledge and appreciation of the wider Cyber Security issues and opportunities beyond the specific domain specialisation
· Display an understanding of Security architecture
· Understanding and experience with developing architecture artefacts using modelling methods such as ArchiMate™, UML, BPMN and/or others
· Awareness of Enterprise Architecture and understanding of Enterprise Security Architecture
· Strong knowledge of Third-Party management
· Technical skills such as Java, Javascript, Unix / Windows system administration and scripting are preferred.
· An understanding of at least one of the leading IAM products (Sailpoint, CyberArk, Forgerock or others)
· Well acquainted with LDAP, PKI, SSL, JNDI,
· Apply solutions and products in the following IT security areas: Data
· Data Leak Prevention
· Classification Solutions
· Endpoint and network security
· Data encryption including endpoint, email and databases
· Cryptography, PKI and centralized key management
· Database, networking, messaging, web proxy technologies
· Good working knowledge of networks and network architecture and integrations
· Understanding of information security principles and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security)
Good technical capability and technical certifications in the following areas:
· Software / solution architecture, design and development
· Secure architecture and engineering principles
· Development and open source technology experience
· Understands the integration points of Cyber sub offering with broader Digital Risk, Cyber Risk and enterprise consulting offerings in line with market demand.
· Apply deep knowledge of disruptive trends and competitor activity to drive continuous improvement.
· Certified Information Security Manager (CISM)
· Certified Information Systems Security Professional (CISSP) [ISC2]
· SABSA (Sherwood Applied Business Security Architecture)
· CISSP-ISSAP (Certified Information Systems Security Professional-Information Systems Security Architecture Professional) [ISC2]
· Cloud Security:
o AWS Security
o Azure Security Engineer
o Google Cloud and Apigee Security
o SalesForce, Mulesoft and other SaaS solution specific security learning
o SalesForce, Mulesoft and other SaaS solution specific security learning
· Information and Cyber Security Frameworks: ISO/IEC 27001/2; NIST SP800-53; NIST CSF; CYBOK
· ISO 27001 Lead Implementer/Auditor
· SWIFT CSP (Cyber Security Programme)
· IoT: internet of things security
· CCISO (Certified Chief Information Security Officer) [EC Council]
· Ability to identify patterns, and analyse and improve processes (business analysis)
· Software development and engineering including DevSecOps: fundamentals and experience
· IT System and networks design, build and administration
· Project Management including Agile Project Management (SAFE Agile, etc.)
· Microservices, containerisation, DevOps toolsets (CI/CD pipeline)
· Software Programming/Coding in variety of languages
· Related Technical fundamentals at that point in time and what the market is procuring
Behavioural Competencies:
· Excellent communication skills, both written and verbal
· Consistently delivers high quality work.
· Ability to meet deadlines (reliable and dependable)
· Able to Multi-task
· Proven initiatives in providing guidance to junior members of the project team
· Demonstrates readiness to take decisions
· Displays initiatives and takes accountability for delivery of work
· Assumes manager responsibility on delivery of assignments where required under pressurised circumstances
· Able to work under pressure
· Ability to prioritize competing responsibilities as per their urgency and importance, ability to multi-task on various client engagements
Qualifications
Minimum qualifications:
Relevant Degree, Honours or post graduate diploma, professional qualifications e.g. BSc, BCom, or B.Ing/Eng or MSc
Desired qualifications:
Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security - examples include:
· CISM (Certified Information Security Manager)
· CISSP (Certified Information Systems Security Professional)
· ISMP (Information Security Management Principles)
· CCSP (Certified Cloud Security Professional)
· Certified Ethical Hacker – EC Council
· ISO27001 Lead Auditor/Implementer Certificate
· SABSA Chartered Security Architect
· (TOGAF) The Open Group Architecture Framework
· Cisco Unity Systems Engineer
· ITIL – IT Infrastructure Library Foundation
Experience:
4+ years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required.
· Experience in;
o Software / solution architecture, modelling, design and development
o Secure architecture and engineering principles
o Designing network layer security solution
o Web and mobile application security, including mobile gateway security and multi-channel security
o PCI standards and Payments
o Software development and open source technology experience
o Privacy implementation according to POPIA and/or GDPR
o Laws related to Information Security, Cyber Security, Data Protection and/or Privacy
Additional Information
How you’ll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Centre. https://deloitte.zoomforth.com/du
Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. https://www2.deloitte.com/global/en/pages/careers/articles/benefits.html
Our purpose
Deloitte is led by a purpose: to make an impact that matters. Every day, Deloitte people are making a real impact in the places they live and work. We pride ourselves on doing not only what is good for clients, but also what is good for our people and the communities in which we live and work—always striving to be an organization that is held up as a role model of quality, integrity, and positive change. Learn more about Deloitte’s impact on the world. https://www2.deloitte.com/global/en/pages/about-deloitte/articles/impact-that-matters.html
*Please note that this job advertisement provides a summary of the capabilities required and all candidates shortlisted will receive a full list of capabilities.
At Deloitte, we want everyone to feel they can be themselves and to thrive at work—in every country, in everything we do, every day. We aim to create a workplace where everyone is treated fairly and with respect, including reasonable accommodation for persons with disabilities. We seek to create and leverage our diverse workforce to build an inclusive environment across the African continent.