Deloitte: Risk Advisory – Cyber Risk – Emerging Technologies – Manager

Deloitte

Company Description

Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organization”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 312,000 people make an impact that matters at www.deloitte.com

About the Division 

The value that Deloitte Risk Advisory Africa creates for organisations is synonymous with operational excellence. Our five business areas work in unison to provide integrated solutions unique to the organisational requirements of any business.

In a world that is constantly changing, organisations need to adapt quickly to respond to new risks and take advantage of new opportunities. Deloitte’s Risk Advisory practice advises organisations on how to effectively mitigate risk and make informed and intelligent risk decisions around business processes, technology and operations.

Click here to read more about our Risk Advisory practice.

What impact will you make?

Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration and high performance. As the undisputed leader in professional services, Deloitte is where you’ll find unrivalled opportunities to succeed and realize your full potential.

Manager: Talent Standards 

Living Our Purpose: Acts as a role model, embracing and living our purpose and values, and recognizing others for the impact they make

Talent Development: Develops high-performing people and teams through challenging and meaningful opportunities

Performance Drive: Delivers exceptional client service; maximizes results and drives high performance from people while fostering collaboration across businesses and borders

Influence: Influences clients, teams, and individuals positively, leading by example and establishing confident relationships with increasingly senior people

Strategic Direction: Understands key objectives for clients and Deloitte, aligns people to objectives and sets priorities and direction

Job Description

Main Purpose of Job

Supports Senior Manager or Directors in delivery of services to / at client premises on delegated engagement / project.  Focus on the management and delivery of client engagements, as well as sales and practice development.

Key Performance Areas:

1.  Strategic Impact

2.   Budgets/Profitability

3.   Differentiator

Core Professional & Technical

4. Risk Assessment and Mitigation

5. Delivery Excellence

6. Reporting and Presentation

7. Knows the Business and the Industry

8. Executive Presence

9. Sales and Business Development

10. Global Mindset

Specialised Technical capabilities

Input:

Plans and Manages Cyber Solutions: Ability to guide teams through the design and implementation of cyber solutions in chosen Cyber sub-offering/s that reduce vulnerability, strengthen cyber security posture / controls and optimize organizational efficiency

Measurables:

· Combines industry knowledge and domain experience to help client identify, assess, and manage Cyber risk

· Oversees teams in assessing complex technical assessments of client’s ICS infrastructures to identify / evaluate vulnerabilities, including considering the digital, physical, and social elements of the client, and reflecting relevant cyber threats to the client’s industry and profile

· Leverages an in-depth knowledge of market-specific products and solutions to enhance impact of recommended solutions

· Proactively tailors implementation strategies to help ensure client’s environments are receptive to the impending change

· Assess, Lead, define, design and implement end to-end modern on-premises and cloud based Cyber Solutions

· Helps client define a holistic future state cyber posture to address gaps with relevant domain (sub-offering) standards and frameworks

· Keeps in mind relevant frameworks, industry standards and the overall client’s business strategy when planning cyber assessments

· Designs cyber  solutions (e.g., ICS, Cloud Security, Strategy, vulnerability management, identity and access management) that strengthen controls on key assets, enable compliance, while increasing operational efficiency and reducing cost

· Helps client adopt a long-term view of cyber risk management by advising on leading practices to align cyber risk with risk appetite, key industry issues, and strategic business priorities

· Owns end-to-end delivery of cyber strategy programs across large accounts

· Leverages a strong industry knowledge to advise clients on current and potential changes in regulations, cyber threats, and other key trends

· Builds a brand within a chosen domain (sub-offering) and industry and is regarded internally and externally as a subject matter expert

· Stays current on market trends and regulations, and anticipates risk / opportunities; advises client accordingly

Qualifications

Minimum Qualifications

Relevant Degree, honours or post graduate diploma, professional qualifications e.g. B.Sc, BCom, or B.Ing/Eng or M.Sc.

Desired Qualifications

Advanced certifications, diplomas, professional certifications, advanced degrees in  Cyber or information security – examples include:

· CISM (Certified Information Security Manager)

· CISSP (Certified Information Systems Security Professional)

· ISMP (Information Security Management Principles)

· GIAC Industrial Cyber Security Professional (GICSP) certification

· Critical Information Infrastructure Protection (CIIP) or suitable hands-on experience is required.

Minimum Experience

8 – 10 years working experience

Desired Experience

5 years in a client facing role; 3 of these in a management role

8 – 10 years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required.

Demonstrates thorough knowledge and/or proven record of success designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure and/or manufacturing sectors, such as power and utilities, oil & gas, chemical, and consumer products manufacturing. Possess an understanding of ICS/OT fundamentals, including but not limited to:

· Understanding of Distributed control systems (DCS) and supervisory control & data acquisition (SCADA) architecture;

· Understanding of Network and communication protocols common in ICS environments;

· Understanding of ICS design considerations with emphasis on human safety and the availability/security of operating environment;

· Understanding and Knowledge of leading IT and OT security practices; and,

· Preparation and maintenance of policies, procedures and standards governing the security operations for ICS systems and networks.

Demonstrates thorough knowledge and/or proven record of success in security technologies such as firewalls, IDS/IPS, endpoint security solutions, access control systems, and other related security technologies and concepts within the OT/ICS environment, including the following:

· In-depth understanding of operating systems, network/system architecture, and ICS and IT architecture design;

· In-depth understanding of operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, Manufacturing Execution Systems (MES) and Distributed Control Systems (DCS), and related embedded systems;

· Understanding of infrastructure and network architecture and design, LAN/WAN implementation, and Windows/Unix/Linux environments;

· Understanding of IT and OT network communication protocols (including TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.) and ability to perform packet analysis;

· Understanding of Industrial Internet of Things (IIoT) and Cloud services and their security implications in ICS,

· Understanding of OT and IT technology convergence and data interchange techniques, and their associated security techniques; and,

·  Understanding of threats, vulnerabilities, and exploits in OT/ICS environments and appropriate mitigation techniques.

Experience with the following:

· ISA/IEC 62443

· NIST Cyber Security Framework for Critical Infrastructures (CSF)

· NIST SP-800-82 and SP-800-53

· ISO/IEC 27001/2

· ISA 95/ Purdue Functional Model for Operational Technology

Additional Information

Competencies:

Technical:

· Proven winning business, staff development, exceptional delivery, business development, continuous improvement.

· Bring deep technical (SME) and industry experience in selected Cyber sub offering (domain) to engage with clients and key stakeholders pragmatically.

· Demonstrates thorough knowledge and/or proven record of success designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure and/or manufacturing sectors, such as power and utilities, oil & gas, chemical, and consumer products manufacturing. Possess an understanding of ICS/OT fundamentals, including but not limited to:

o Understanding of Distributed control systems (DCS) and supervisory control & data acquisition (SCADA) systems;

o Understanding of Network and communication protocols common in ICS environments;

o Understanding of ICS design considerations with emphasis on human and environmental safety, and the availability/reliability and security of the operational environment;

o Understanding and Knowledge of leading IT and OT security practices; and,

o  Preparation and maintenance of policies, procedures and standards governing the security operations for ICS systems and networks.

Demonstrates thorough knowledge and/or proven record of success in security technologies such as firewalls, IDS/IPS, endpoint security solutions, access control systems, and other related security technologies within ICS Environment::

· In depth understanding of operating systems, network/system architecture, and IT architecture design;

· In depth understanding with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS);

· In depth understanding of infrastructure and network architecture and design, LAN/WAN implementation, and Windows/Linux environments;

· Understanding of IT and OT network communication protocols (including TCP/IP, UDP. DNP3, Modbus, IEC 61850, OPC, OPC UA, and PROFINET) and ability to perform packet analysis; and,

· Understanding of Industrial Internet of Things (IIoT) and Cloud services and their security implications in ICS,

· Understanding of OT and IT technology convergence and data interchange techniques, and their associated security techniques; and,

· Understanding of threats, vulnerabilities, and exploits in OT/ICS environments and appropriate mitigation techniques.

Good technical capability and technical certifications in the following areas:

· Certified Information Security Manager (CISM)

· Certified Information Systems Security Professional (CISSP) [ISC2]

· SABSA (Sherwood Applied Business Security Architecture)

· CISSP-ISSAP (Certified Information Systems Security Professional-Information Systems Security Architecture Professional) [ISC2]

· ISMP (Information Security Management Principles)

· GIAC Industrial Cyber Security Professional (GICSP) certification

· GIAC Response and Industrial Defence (GRID) certification

· Critical Information Infrastructure Protection (CIIP)

· Related Technical fundamentals at that point in time and what the market is procuring

 Behavioural

· Excellent communication skills, both written and verbal

· Effective engagement management

· Able to deliver engagements on time and within budget

· Proven ability to make decisions and the right judgement calls

· Ability to provide leadership and guidance/coaching to junior member of the team

· Ability to inspire and enthuse others to commitment and involvement taking accountability for larger engagements

· Manages large engagement / multiple engagement deadlines holistically, identifying risks and escalating.

· Able to work under pressure

· Ownership of deliverables driving team quality and risk management.

*Please note that this job advertisement provides a summary of the capabilities required and all candidates shortlisted will receive a full list of capabilities.



Leave us your email address and we'll send you all of the new jobs and details