Risk Advisory – Cyber Strategy- Security Architect – Assistant Manager

  • Deloitte
  • Midrand, South Africa
  • 17/11/2021
Full time


The main purpose of the job is to support the engagement Manager/Senior Manager in the delivery of services on delegated client engagement/ projects.

Focus on the delivery of client engagements and shares knowledge and experience with others

Able to produce high quality deliverables and support junior team members. 

Specialised Technical Capabilities:

Supports the Development and Implementation on of Cyber Risk Solutions:

·  Ability to develop and execute strategies, architectures, and roadmaps to provide client with need-based, value-adding, and cost-effective Cyber risk solutions

   o  Ability to analyse the client’s cyber security infrastructures to enable targeted and data-driven enhancements

   o  Keeps in mind the client’s business needs when developing assessment frameworks to ensure effective, targeted, and actionable analyses

   o  Applies multiple security testing methodologies and techniques to assess client’s security infrastructures and identify / evaluate vulnerabilities

   o  Gathers data and determines priority criteria to build an integrated roadmap that addresses all facets of an Cyber Assessment or implementation

   o  Assesses cyber security policies and procedures to analyse compliance with regulatory requirements and evaluate overall operational efficiency; provides clients with mitigating solutions

   o  Is proficient with multiple domain-specific cyber security technology solutions and is able to effectively integrate them to meet and exceed client’s needs

   o  Enables sustainability and continuous improvement of cyber security solutions by assessing and enhancing client’s cyber security governance infrastructures

   o  Understands and applies cyber threat intelligence and profiling to the design and assessment of client systems

   o  Tests the effectiveness of client’s cyber security technologies to identify and articulate opportunities for improvement across the digital, physical, and social elements of the client

   o  Conducts complex business process assessments to help clients identify, analyse, and prioritize gaps and risks; applies findings to make recommended upgrades aligned to the overall strategy

   o  Develops effective and sustainable technology and Cyber risk management strategies by tailoring leading Cyber frameworks on key clients’ business and technology needs

   o  Understands the interaction of business and technology processes / risks and can explain it in business terms to both technical and non-technical audiences

Technical competencies:

·  Understand and interpret complex security-related business challenges and ability to respond by conceiving innovative information security/cyber solutions for clients and to solve their problems through security design and architecture.

·  Knowledge and appreciation of the wider Cyber Security issues and opportunities beyond the specific domain specialisation

·  Display an awareness of Security architecture

·  Strong knowledge of Third-Party management

·  Technical skills such as Java, JavaScript, Unix / Windows system administration and scripting are preferred.

·  An understanding of at least one of the leading IAM products (Sailpoint, CyberArk, Forgerock or others)

·  Well acquainted with LDAP, PKI, SSL, JNDI,

·  Apply solutions and products in the following IT security areas:  Data

·  Data Leak Prevention     

·  Classification Solutions  

·  Endpoint and network security

·  Data encryption including endpoint, email and databases

·  Cryptography, PKI and centralized key management

·  Database, networking, messaging, web proxy technologies  

·  Good working knowledge of networks and network architecture and integrations

·  Understanding of information security principles and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security)  

Good technical capability and technical certifications in the following areas:

·  Software / solution architecture, design and development

·  Secure architecture and engineering principles

·  Development and open source technology experience

·  Understands the integration points of Cyber sub offering with broader Digital Risk, Cyber Risk and enterprise consulting offerings in line with market demand.

·  Apply deep knowledge of disruptive trends and competitor activity to drive continuous improvement.

·  Certified Information Security Manager (CISM)

·  Certified Information Systems Security Professional (CISSP) [ISC2]

·  SABSA (Sherwood Applied Business Security Architecture)

·  CISSP-ISSAP (Certified Information Systems Security Professional-Information Systems Security Architecture Professional) [ISC2]

·  Cloud Security:

   o  Certified Cloud Security Professional [ISC2]

   o  AWS Security

   o  Azure Security Engineer

   o  Google Cloud and Apigee Security

   o  SalesForce, Mulesoft and other SaaS solution specific security learning

   o  SalesForce, Mulesoft and other SaaS solution specific security learning

·  Information and Cyber Security Frameworks: ISO/IEC 27001/2; NIST SP800-53; NIST CSF; CYBOK

·  ISO 27001 Lead Implementer/Auditor

·  SWIFT CSP (Cyber Security Programme)

·  IoT: internet of things security

·  CCISO (Certified Chief Information Security Officer) [EC Council]

·  Ability to identify patterns, and analyse and improve processes (business analysis)

·  Software development and engineering including DevSecOps: fundamentals and experience

·  IT System and networks design, build and administration

·  Project Management including Agile Project Management (SAFE Agile, etc.)

·  Microservices, containerisation, DevOps toolsets (CI/CD pipeline)

· Software Programming/Coding in variety of languages

·  Related Technical fundamentals at that point in time and what the market is procuring

Behavioural Competencies:

·  Excellent communication skills, both written and verbal

·  Consistently delivers high quality work.

·  Ability to meet deadlines (reliable and dependable)

·  Able to Multi-task

·  Proven initiatives in providing guidance to junior members of the project team

·  Demonstrates readiness to take decisions

·  Displays initiatives and takes accountability for delivery of work

·  Assumes manager responsibility on delivery of assignments where required under pressurised circumstances

·  Able to work under pressure

·  Ability to prioritize competing responsibilities as per their urgency and importance, ability to multi-task on various client engagements


Minimum qualifications:

Relevant Degree, Honours or post graduate diploma, professional qualifications e.g. BSc, BCom, or B.Ing/Eng or MSc

Desired qualifications:

Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security - examples include:

·  CISM (Certified Information Security Manager)

·  CISSP (Certified Information Systems Security Professional)

·  ISMP (Information Security Management Principles)

·  CCSP (Certified Cloud Security Professional) Certified Ethical Hacker – EC Council

·  ISO27001 Lead Auditor/Implementer Certificate

·  SABSA Chartered Security Architect

·  (TOGAF) The Open Group Architecture Framework

·  Cisco Unity Systems Engineer

·  ITIL – IT Infrastructure Library Foundation


5+ years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required.

·  Experience in;

   o  Software / solution architecture, design and development

   o  Secure architecture and engineering principles

   o  Designing network layer security solution

   o  Web and mobile application security, including mobile gateway security and multi-channel security

   o  PCI standards and Payments

   o  Software development and open source technology experience

   o  Privacy implementation according to POPIA and/or GDPR

   o  Laws related to Information Security, Cyber Security, Data Protection and/or Privacy

Additional Information

How you’ll grow

At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Centre. https://deloitte.zoomforth.com/du 


At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. https://www2.deloitte.com/global/en/pages/careers/articles/benefits.html

Our purpose

Deloitte is led by a purpose: to make an impact that matters. Every day, Deloitte people are making a real impact in the places they live and work. We pride ourselves on doing not only what is good for clients, but also what is good for our people and the communities in which we live and work—always striving to be an organization that is held up as a role model of quality, integrity, and positive change. Learn more about Deloitte’s impact on the world. https://www2.deloitte.com/global/en/pages/about-deloitte/articles/impact-that-matters.html

*Please note that this job advertisement provides a summary of the capabilities required and all candidates shortlisted will receive a full list of capabilities.

We do not ask for any fees (refundable or non-refundable) at any stage of the job application and or recruitment process. We, therefore, appeal to job seekers not to respond to any such requests.