Deloitte Risk Advisory - Cyber Risk (Emerging Technologies) - Senior Manager Jobs in South Africa
Deloitte Risk Advisory - Cyber Risk (Emerging Technologies) - Senior Manager Jobs in South Africa
What impact will you make?Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration and high performance. As the undisputed leader in professional services, Deloitte is where you’ll find unrivalled opportunities to succeed and realize your full potential.
Living Our Purpose
Acts as a role model and inspires others to embrace and live our purpose and values
Talent Development: Actively contributes to building the talent pipeline; creates a talent experience that attracts, develops and retains top talent and high performing teams
Performance Drive: Creates opportunities to drive impact; anticipates client needs and delivers superior results by leveraging each person’s strengths to build high performing teams across businesses and borders
Influence: Builds deep relationships across a diverse network and uses a flexible influencing style to gain buy-in and drive impact
Strategic Direction: Translates broader strategy into a compelling team vision and goals; aligns the team and sets priorities to achieve objectives
Competitive Edge: Applies deep knowledge of disruptive trends and competitor activity to drive continuous improvement
Inspirational Leadership: Establishes a strong leadership brand and inspires followership through passion, integrity, and appreciation of others
Job Description
Main Purpose of Job
Supports the business leadership in the implementation of strategic plan and the effective management of team/s. Build high performing teams to deliver in client engagements.
Competencies:
Technical:
Proven winning business, staff development, exceptional delivery, business development, continuous improvement
Bring deep technical (SME) and industry experience in selected Cyber sub-offering (domain) to engage with clients and key stakeholders pragmatically.
Demonstrates thorough knowledge and/or proven record of success designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure, manufacturing sectors, power and utilities, oil & gas, chemical, and/or consumer products manufacturing. Possess an understanding of ICS/OT fundamentals, including but not limited to:
Understanding of Distributed control systems (DCS) and supervisory control & data acquisition (SCADA) systems;
Understanding of Network and communication protocols common in ICS environments;
Understanding of ICS design considerations with emphasis on human and environmental safety, and the availability/reliability and security of the operational environment;
Understanding and Knowledge of leading IT and OT security practices; and,
Preparation and maintenance of policies, procedures and standards governing the security operations for ICS systems and networks.
Demonstrates thorough knowledge and/or proven record of success in security technologies such as firewalls, IDS/IPS, endpoint security solutions, access control systems, and other related security technologies within ICS Environment:
In depth understanding of operating systems, network/system architecture, and IT architecture design;
In depth understanding with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS);
In depth understanding of infrastructure and network architecture and design, LAN/WAN implementation, and Windows/Linux environments;
Understanding of IT and OT network communication protocols (including TCP/IP, UDP. DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.) and ability to perform packet analysis;
Understanding of Industrial Internet of Things (IIoT) and Cloud services and their security implications in ICS,
Understanding of OT and IT technology convergence and data interchange techniques, and their associated security techniques; and,
Understanding of threats, vulnerabilities, and exploits in OT/ICS environments and appropriate mitigation techniques.
Good technical capability and technical certifications in the following areas:
Certified Information Systems Security Professional (CISSP) ISC2
SABSA (Sherwood Applied Business Security Architecture)
CISSP-ISSAP (Certified Information Systems Security Professional-Information Systems Security Architecture Professional) ISC2
ISMP (Information Security Management Principles)
GIAC Industrial Cyber Security Professional (GICSP) certification
GIAC Response and Industrial Defence (GRID) certification
Critical Information Infrastructure Protection (CIIP)
Ability to identify patterns, and analyse and improve processes (business analysis)
Software development and engineering including DevSecOps: fundamentals and experience
IT/OT System and networks design, build and administration
Project Management including Agile Project Management (SAFE Agile, etc.)
Programming Coding in variety of languages
Related Technical fundamentals at that point in time and what the market is procuring
Behavioural
Exceptional communication skills, both written and verbal
Able deliver multiple engagements on time and within budget
Proven ability to make decisions and the right judgement calls in complex projects and situations
Creates a culture of trust, ownership and accountability across teams and projects
On the job coaching for managers and professional staff and taking accountability for multiple large engagements
Manages large engagement / multiple engagement deadlines holistically, identifying risks and escalating
Drives continuous improvement
Custodian of the business, shaping offerings that we need to proactively take to the market
Qualifications
Minimum Qualifications
Relevant Degree, honours or post graduate diploma, professional qualifications e.g. B.Sc, B.Com, or B.Ing/Eng or M.Sc.
Desired Qualifications
Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security - examples include
CISM (Certified Information Security Manager)
CISSP (Certified Information Systems Security Professional)
ISMP (Information Security Management Principles)
GIAC Industrial Cyber Security Professional (GICSP) certification
Critical Information Infrastructure Protection (CIIP)
ISO27001 Lead Auditor/Implementer or suitable hands-on experience is required.
Minimum Experience
10 – 12 years’ working experience
Desired Experience
5 years in a client facing role; 4 of these in a management role
10 – 12 years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required.
Demonstrates thorough knowledge and/or proven record of success designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure and/or manufacturing sectors, such as power and utilities, oil & gas, chemical, and consumer products manufacturing.
Possess an understanding of ICS/OT fundamentals, including but not limited to:
Understanding of Distributed control systems (DCS) and supervisory control & data acquisition (SCADA), Manufacturing Execution Systems (MES) and related architectures and components;
Understanding of Network and communication protocols common in OT/ICS environments;
Familiarity with Safety Instrumented Systems (SIS)
Understanding of ICS design considerations with emphasis on human/environmental safety, availability/reliability and security of the operational environment;
Understanding and Knowledge of leading IT and OT security practices and IT/OT convergence principles and secure data exchange techniques; and,
Preparation and maintenance of policies, procedures and standards governing the security operations for ICS systems and networks.
In-depth understanding of operating systems, network/system architecture, and ICS and IT architecture design;
In-depth understanding of operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, Manufacturing Execution Systems (MES) and Distributed Control Systems (DCS), and related embedded systems;
Understanding of infrastructure and network architecture and design, LAN/WAN implementation, and Windows/Unix/Linux environments;
Understanding of IT and OT network communication protocols (including TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.) and ability to perform packet analysis;
Understanding of Industrial Internet of Things (IIoT) and Cloud services and their security implications in ICS,
Understanding of OT and IT technology convergence and data interchange techniques, and their associated security techniques; and,
Understanding of threats, vulnerabilities, and exploits in OT/ICS environments and appropriate mitigation techniques.
Experience with the following:
ISA/IEC 62443
NIST Cyber Security Framework for Critical Infrastructures (CSF)
NIST SP-800-82 and SP-800-53
ISO/IEC 27001/2
ISA 95/ Purdue Functional Model for Operational Technology
How to Apply
For more information and job application details, see; Deloitte Risk Advisory - Cyber Risk (Emerging Technologies) - Senior Manager Jobs in South Africa
Click here to post comments
Join in and write your own page! It's easy to do. How? Simply click here to return to NGO Jobs in Africa.
