The main purpose of the job is to support the engagement Manager/Senior Manager in the delivery of services on delegated client engagement/ projects.
Focus on the delivery of client engagements and shares knowledge and experience with others
Able to produce high quality deliverables and support junior team members.
Specialised Technical Capabilities:
Supports the Development and Implementation on of Cyber Risk Solutions:
· Demonstrates thorough knowledge and/or proven record of success designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure, manufacturing sectors, power and utilities, oil & gas, chemical, and/or consumer products manufacturing. Possess an understanding of ICS/OT fundamentals, including but not limited to:
o Understanding OT related systems such as control systems (DCS) and supervisory control & data acquisition (SCADA) systems.
o Understanding of Network and communication protocols common in ICS environments.
o Understanding of ICS design considerations with emphasis on human and environmental safety, and the availability/reliability and security of the operational environment.
o Understanding and Knowledge of leading IT and OT security practices.
o Ability to apply relevant standards such as NIST 800-82 and IEC 63443
o Preparation and maintenance of policies, procedures and standards governing the security operations for ICS systems and networks.
o Demonstrates knowledge and/or proven record of success in security technologies such as firewalls, IDS/IPS, endpoint security solutions, access control systems, and other related security technologies within ICS Environment:
o In depth understanding of operating systems, network/system architecture, and architecture design aligned to engineering design methodologies.
o In depth understanding with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS).
o Aptitude to apply and utilise security tools and solutions to conduct risk assessment and understanding of the threat landscape on OT systems.
o Ability to learn new tools and techniques to automate manual effort and leverage digital solutions where possible.
o Understanding of IT and OT network communication protocols (e.g. TCP/IP, UDP. DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.)
o Understanding of Industrial Internet of Things (IIoT) and Cloud services and their security implications in ICS,
o Understanding of OT and IT technology convergence and data interchange techniques, and their associated security techniques; and,
o Understanding of threats, vulnerabilities, and exploits in OT/ICS environments and appropriate mitigation techniques.
Good technical capability and technical certifications would be advantageous
· Certified Information Systems Security Professional (CISSP) [ISC2]
· SABSA (Sherwood Applied Business Security Architecture)
· GICSP (Global Industrial Cybersecurity professional)
· Certified SCADA security Architect - CSSA
· Ability to identify patterns, and analyse and improve processes (business analysis)
· Software development and engineering including DevSecOps: fundamentals and experience
· Project Management including Agile Project Management (SAFE Agile, etc.)
· Excellent communication skills, both written and verbal
· Aptitude for learning new methods, techniques and tools
· Be able to demonstrate learning agility to new and emerging cyber threat
· Consistently delivers high quality work.
· Ability to meet deadlines (reliable and dependable)
· Able to Multi-task
· Proven initiatives in providing guidance to junior members of the project team
· Demonstrates readiness to take decisions
· Displays initiatives and takes accountability for delivery of work
· Assumes manager responsibility on delivery of assignments where required under pressurised circumstances
· Able to work under pressure
· Ability to prioritize competing responsibilities as per their urgency and importance, ability to multi-task on various client engagements
Relevant Degree, Honours or post graduate diploma, professional qualifications e.g., BSc Engineering (Electrical, mechanical, industrial, computer, electronics), BCom, or B. Ing/Eng or MSc
Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security - examples include:
· CISM (Certified Information Security Manager)
· CISSP (Certified Information Systems Security Professional)
· ISMP (Information Security Management Principles)
· CCSP (Certified Cloud Security Professional)
· Certified Ethical Hacker – EC Council
· ISO27001 Lead Auditor/Implementer Certificate
· SABSA Chartered Security Architect
· (TOGAF) The Open Group Architecture Framework
· Cisco Unity Systems Engineer
· ITIL – IT Infrastructure Library Foundation
3+ years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required.
· Atleast two years of those being exposed to industrial processes and or plant environment
· Demonstrates thorough knowledge and/or proven record of success designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure and/or manufacturing sectors, such as power and utilities, oil & gas, chemical, and consumer products manufacturing.
· Possess an understanding of ICS/OT fundamentals, including but not limited to:
· Understanding of Distributed control systems (DCS) and supervisory control & data acquisition (SCADA), Manufacturing Execution Systems (MES) and related architectures and components.
· Understanding of Network and communication protocols common in OT/ICS environments.
· Familiarity with Safety Instrumented Systems (SIS)
· Understanding of ICS design considerations with emphasis on human/environmental safety, availability/reliability and security of the operational environment.
· Understanding and Knowledge of leading IT and OT security practices and IT/OT convergence principles and secure data exchange techniques; and,
· Preparation and maintenance of policies, procedures and standards governing operations for ICS systems and networks.
Experience with the one or more of the following:
o ISA/IEC 62443
o NIST Cyber Security Framework for Critical Infrastructures (CSF)
o NIST SP-800-82 and SP-800-53
o ISO/IEC 27001/2
o ISA 95/ Purdue Functional Model for Operational Technology
How you’ll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Centre. https://deloitte.zoomforth.com/du
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. https://www2.deloitte.com/global/en/pages/careers/articles/benefits.html
Deloitte is led by a purpose: to make an impact that matters. Every day, Deloitte people are making a real impact in the places they live and work. We pride ourselves on doing not only what is good for clients, but also what is good for our people and the communities in which we live and work—always striving to be an organization that is held up as a role model of quality, integrity, and positive change. Learn more about Deloitte’s impact on the world. https://www2.deloitte.com/global/en/pages/about-deloitte/articles/impact-that-matters.html
*Please note that this job advertisement provides a summary of the capabilities required and all candidates shortlisted will receive a full list of capabilities.