Risk Advisory – Cyber Risk - Application Security – Manager

  • Deloitte
  • Midrand, South Africa
  • 17/11/2021
Full time

Description

The main purpose of the job is to support the Senior Manager/Director in delivery of services to/at client premises on delegated engagements

Focus on the management and delivery of client engagements, as well as sales and practice development.

Develop high-performing people and teams, leading and supporting them to make an impact that matters, and setting the direction to deliver exceptional client service

Specialised Technical Capabilities:

Plans and Manages Cyber Solutions:

·  Ability to guide teams through the design and implementation of cyber solutions in chosen Cyber sub-offering that reduce vulnerability, strengthen controls and optimize organizational efficiency

   o  Combines industry knowledge and domain experience to help client identify, assess, and manage Cyber risk

   o  Leverages an in-depth knowledge of market-specific products and solutions to enhance impact of recommended solutions

   o  Proactively tailors implementation strategies to help ensure client’s environments are receptive to the impending change

   o  Assess, Lead, define, design and implement end to-end modern on-premises and cloud based Cyber Solutions

   o  Helps client define a holistic future state cyber posture to address gaps with relevant domain (sub-offering) standards and frameworks

   o  Keeps in mind relevant frameworks, industry standards and the overall client’s business strategy when planning cyber assessments

   o  Designs cyber solutions (e.g., ICS, Cloud Security, Strategy, vulnerability management, identity and access management) that strengthen controls on key assets, enable compliance, while increasing operational efficiency and reducing cost

   o  Helps client adopt a long-term view of cyber risk management by advising on leading practices to align cyber risk with risk appetite, key industry issues, and strategic business priorities

   o  Owns end-to-end delivery of cyber strategy programs across large accounts

   o  Leverages a strong industry knowledge to advise clients on current and potential changes in regulations, cyber threats, and other key trends

   o  Stays current on market trends and regulations, and anticipates risk / opportunities; advises client accordingly

Technical competencies:

·  Proven winning business, staff development, exceptional delivery, business development, continuous improvement.

·  Bring deep technical (SME) and industry experience in Cyber Application sub offering (domain) to engage with clients and key stakeholders pragmatically.

·  Understands technical complexity at Network, Application, Database, Infrastructure and Cloud level.

·  Understand and interpret complex security-related business challenges and ability to respond by conceiving innovative information security/cyber solutions for clients.

·  Knowledge and appreciation of the wider Cyber Security issues and opportunities beyond the specific domain specialization.

·  Able to scope Cyber engagements effectively and assign and manage an appropriate team to deliver against the engagement requirements.

·  Experience in areas of Risk Management, Audit Management and Fraud Management will be preferred.

·  Experience in Ruleset Customization, Remediation and Mitigation of Risks.

·  Understanding of different authorization tables, troubleshooting authorization issues, user access management.

·  Minimum two to three End to End implementations / Upgrades of SAP GRC.

·  Fair amount of business process understanding in areas of P2P, R2R, OTC.

·  Experience in gathering business requirements, performing risk analysis and implementation of SAP Security Design.

·  Strong User role and authorizations design.

·  Strong S4/HANA authorizations implementation capability

·  Good to have experience in working on CATT scripts.

·  Good understanding of SAP S4 Hana Implementation Cycle, in order to embed GRC scope / solutions.

·  Ability to give viewpoints on Sizing / Cloud Hosting / Integration with other applications.

·  On premises and in Cloud deployment experience.

Behavioural Competencies:

·  Excellent communication skills, both written and verbal

·  Effective engagement management

·  Able to deliver engagements on time and within budget

·  Proven ability to make decisions and the right judgement calls

·  Ability to provide leadership and guidance/coaching to junior member of the team

·  Ability to inspire and enthuse others to commitment and involvement taking accountability for larger engagements

·  Manages large engagement / multiple engagement deadlines holistically, identifying risks and escalating. 

·  Able to work under pressure

·  Ownership of deliverables driving team quality and risk management.

Qualifications

Minimum qualifications:

Relevant Degree, Honours or post graduate diploma, professional qualifications e.g. B.Sc, BCom, or B.Ing/Eng or M.Sc.

Desired qualifications:

CA(SA), BSC Engineering or similar BSC degree, MBA, equivalent Honours degree and professional certification.

Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security - examples include:

·  CISM (Certified Information Security Manager)

·  CISSP (Certified Information Systems Security Professional)

·  SAP or other large ERP system knowledge and certifications

Experience:

5 years in a client facing role; 3 of these in a management role

8-10 years of progressive experience with role(s) in a professional, consulting services (including boutique security firm), public and/or private sector organisations is required.

·  Experience in areas of Risk Management, Audit Management and Fraud Management will be preferred.

·  Experience in Ruleset Customization, Remediation and Mitigation of Risks.

·  Understanding of different authorization tables, troubleshooting authorization issues, user access management.

·  Minimum 3-4 end to end implementations / Upgrades of SAP GRC.

·  Fair amount of business process understanding in areas of P2P, R2R, OTC.

·  Experience in gathering business requirements, performing risk analysis and implementation of SAP Security Design.

·  Good to have experience in working on CATT scripts.

·  Excellent in written and verbal communication skills.

.   Experience with SAP HANA, S/4 HANA implementation

Additional Information

How you’ll grow

At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Centre. https://deloitte.zoomforth.com/du 

Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. https://www2.deloitte.com/global/en/pages/careers/articles/benefits.html

Our purpose

Deloitte is led by a purpose: to make an impact that matters. Every day, Deloitte people are making a real impact in the places they live and work. We pride ourselves on doing not only what is good for clients, but also what is good for our people and the communities in which we live and work—always striving to be an organization that is held up as a role model of quality, integrity, and positive change. Learn more about Deloitte’s impact on the world. https://www2.deloitte.com/global/en/pages/about-deloitte/articles/impact-that-matters.html

*Please note that this job advertisement provides a summary of the capabilities required and all candidates shortlisted will receive a full list of capabilities.

We do not ask for any fees (refundable or non-refundable) at any stage of the job application and or recruitment process. We, therefore, appeal to job seekers not to respond to any such requests.

No