Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organization”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 312,000 people make an impact that matters at www.deloitte.com

The role:

For the role of GRC Manager, we are  looking for a candidate with IT Governance and overall Governance, risk management, internal /external audit, technology enablement or compliance background or affinity. Our projects are typically agile projects therefore experience with this methodology is a prerequisite. The candidate needs to be result orientated, motivate a team, resilient, creative, innovative, understanding and determined. 

Focus on the delivery of Cloud / IT Audit /Assurance and Cloud IT Advisory related engagements. 

Builds a Foundational Expertise: 

• Ability to form a core technology and data risk skillset through proactively conducting research, and participating to internal and external initiatives 

• Understands and applies the major program management approaches and practices (e.g., SDLC, ITIL) 

• Develops a strong knowledge of technology and data management frameworks (e.g., Technology Risk, Data Risk, Cyber Risk Maturity Model) by conducting independent research, and attending workshops, seminars and training programs 

• Becomes familiar with technology and data risk, as well as industry-specific regulations; keeps up to date with emerging trends 

• Specialised advisory areas including: 

• Cloud Technology 

• Cloud Governance and Compliance 

• Agile / DevSecOps 

• Network, Infrastructure and Applications 

• Enterprise architecture 

• Data management 

• Incident and problem management 

• Change and release management 

• Identity and Access management 

• Business Resilience and Availability 

• Risk management 

Executes Cloud / IT Audit / Assurance and Cloud / IT Advisory Engagements: 

• Ability to deliver high quality assurance engagements by identifying risks, performing testing, researching governing regulations, and developing reports 

• Uses industry leading frameworks and tools to analyze client’s documentation and identify risks that require control assurance 

• Tests validity of client’s historical financial and non-financial information, leveraging relevant standards (e.g. ISO 27001), as appropriate 

• Articulates client’s regulatory framework by leveraging Deloitte’s proprietary approaches and applicable audit standards and guidelines 

• Develops assurance reports to accurately present risks, related controls, and the effectiveness of those controls 

• Ensures findings and recommendations are aligned with the audit objectives by keeping in mind the engagement business context when performing technical work during the assessment process to ensure all risk facets are considered.

Desired Qualifications:

Relevant Degree, Honours, post graduate diploma or relevant working experience.  

Workings towards a professional qualification: 

• Cloud Security Certification  

• CCSP (Certified Cloud Security Professional) 

• CCAK (Certificate of Cloud Auditing Knowledge) 

• Cloud Audit Certification  

• CISA (Certified Information Systems Auditor) 

• Professional level certification in GCP, Azure and/or AWS 

Desired Experience:

• Experience in a client facing role demonstrate an understanding of large-scale information technology application systems, infrastructure, business processes and security standards. 

• Demonstrate an understanding of IT audit methodology and its application in major client industries. 

• 3 years in a client facing role 

• 3 years of experience with one or more years of Cloud specific experience, with role(s) in a professional, consulting services, public and/or private sector organizations is required. 

• 3 years of experience  in technology consulting and/or Advisory 

• Review Cloud Reference Architecture to deliver consistent, standardized Advisory engagements for Identity and Access Management, Data Protection, Secure DevOps, Security Operations, and other security domains.

Technical competencies: 

• Demonstrated knowledge and technical skills on “core operating systems” e.g. Windows, UNIX, etc. 

• Demonstrated knowledge and experience in performance of business process and automated controls testing on the more common applications 

• Developing knowledge of ERP systems like SAP 

• A good understanding of how to link risks and controls to ensure test steps and controls and risks all speak to each other; ability to research “unknown” systems or audit in-house developed systems, i.e. problem-solving/logic capabilities 

• Developing Digital fluency and knowledge on Emerging technologies, including Cloud, RPA, AI, etc. 

• Developing skills in Agile and DevOps. 

• Developing further Industry experience (FSI, TMT, CB, ER&I, etc.) 

• Strong in the field of current cloud technologies and their applications within a business context. 

• Understand and interpret complex cloud-related business challenges. Understanding of Cloud Security Reference Architectures and Frameworks  

• Conceptualising patterns between Cloud and on-premises security solutions. 

• Solutions Architect experience preferable. 

• Managing risk in public, private and hybrid cloud solutions 

• Utilizing and applying knowledge of Cloud solutions across IaaS, PaaS & SaaS into projects, such as AWS, Google and Azure. 

• Laws and regulations related to Information Security, Data Protection and/or Privacy especially where relevant to the Cloud 

• Good technical capability and technical certifications in the following areas:  

• Cloud Security engineering/design/operations: 

• Amazon Web Services (AWS), Google Cloud (GCP) and/or Microsoft Azure 

• Ability to identify patterns, and analyse and improve processes and controls 

• IT System and networks design, build and administration 

• Project Management including Agile Project Management  

• DevOps toolsets (CI/CD pipeline) and corresponding DevSecOps capabilities 

• Microservices, containerisation, serverless computing/FaaS 

• Related Technical fundamentals at that point in time and what the market is procuring 

  Behavioural Competencies: 

• Demonstrates ability to work efficiently and meet all deadlines consistently 

• Displays initiative 

• Takes accountability for delivery of own work as per instruction 

• Active participation and proactive attitude to service delivery 

• Works well within a team and with client management 

* Please note that this job advertisement provides a summary of the capabilities required and all candidates shortlisted will receive a full list of capabilities.

Hybrid policy

“Deloitte Africa has successfully launched the Hybrid Working model. Aligned with this model is our commitment to maintain an environment for personnel, clients and visitors that is safe and, as far as reasonably practicable, free from health risks.

At Deloitte, we want everyone to feel they can be themselves and to thrive at work—in every country, in everything we do, every day. We aim to create a workplace where everyone is treated fairly and with respect, including reasonable accommodation for persons with disabilities. We seek to create and leverage our diverse workforce to build an inclusive environment across the African continent.