Risk Advisory – Cyber Risk – Infrastructure Security – Senior Consultant/ Assistant Manager at Deloitte

The main purpose of the job is to support the business leadership in the implementation of strategic plans.
Focus on the management and delivery of client engagements, as well as sales and practice development.
Develop high-performing people and teams, leading and supporting them to make an impact that matters, and setting the direction to deliver exceptional client service.

Specialised Technical Capabilities:

Supports the Development and Implementation on of Cyber Risk Solutions:

• Ability to develop and execute strategies, architectures, and roadmaps to provide client with need-based, value-adding, and cost-effective Cyber risk solutions
• Ability to analyse the client’s cyber security infrastructures to enable targeted and data-driven enhancements
• Keeps in mind the client’s business needs when developing assessment frameworks to ensure effective, targeted, and actionable analyses
• Applies multiple security testing methodologies and techniques to assess client’s security infrastructures and identify / evaluate vulnerabilities
• Gathers data and determines priority criteria to build an integrated roadmap that addresses all facets of a Cyber Assessment or implementation
• Assesses cyber security policies and procedures to analyse compliance with regulatory requirements and evaluate overall operational efficiency; provides clients with mitigating solutions
• Is proficient with multiple domain-specific cyber security technology solutions and is able to effectively integrate them to meet and exceed client’s needs
• Enables sustainability and continuous improvement of cyber security solutions by assessing and enhancing client’s cyber security governance infrastructures
• Understands and applies cyber threat intelligence and profiling to the design and assessment of client systems
• Tests the effectiveness of client’s cyber security technologies to identify and articulate opportunities for improvement across the digital, physical, and social elements of the client
• Conducts complex business process assessments to help clients identify, analyse, and prioritize gaps and risks; applies findings to make recommended upgrades aligned to the overall strategy
• Develops effective and sustainable technology and Cyber risk management strategies by tailoring leading Cyber frameworks on key clients’ business and technology needs
• Understands the interaction of business and technology processes / risks and can explain it in business terms to both technical and non-technical audiences

Technical competencies:

• Technical expert in one or more specific Cyber sub-offering area
• Demonstrated project management skill
• Consulting skills
• Experience in drafting and presenting to clients
• Good report writing skills
• Sound financial knowledge and understanding
• Business acumen
• Bring deep technical (SME) and industry experience in selected Cyber sub offering (domain) to engage with clients and key stakeholders pragmatically.
• Excellent understanding of an IP address and how it works (IPv4 and IPv6)
• Deep knowledge ability to perform:
• security reviews of architecture and application designs
• mobile, complex application, infrastructure, as well as social engineering assessments and penetration testing
• Exploit vulnerabilities to gain access, and expand access to remote systems
• Assist with building, hardening, and maintaining systems used for penetration testing

0 Research cutting edge security topics and new attack vectors

• Demonstrates thorough knowledge and/or proven record of success in security technologies such as firewalls, IDS/IPS, endpoint security solutions, access control systems, and other related security technologies
• In depth understanding of operating systems, network/system architecture, and IT architecture design;
• In depth understanding of infrastructure and network architecture and design, LAN/WAN implementation, and Windows/Linux environments;
• Understanding of threats, vulnerabilities, and exploits in different environments and appropriate mitigation techniques.
• Understanding of relevant Cyber/Information/Cloud security related laws and regulations

Good technical capability and technical certifications in the following areas:

• An industry leading qualification such as CREST, OSCE, OSCW, Crest, Check
• CEH (Certified Ethical Hacker)
• OSCP (Offensive Security Certified Professional
• GCIH (GIAC Certified Incident Handler)
• Certified Information Systems Security Professional (CISSP)
• Information Systems Security Architecture Professional (CISSP-ISSAP)
• Information Systems Security Engineering Professional (CISSP-ISSEP)
• Information Systems Security Management Professional (CISSP-ISSMP)
• Ability to identify patterns, and analyse and improve processes (business analysis)
• Software development and engineering including DevSecOps: fundamentals and experience
• IT System and networks design, build and administration
• Project Management including Agile Project Management (SAFE Agile, etc.)
• Microservices, containerisation, server-less/FaaS and DevOps toolsets (CI/CD pipeline)
• Software Programming/Coding in variety of languages
• Related Technical fundamentals at that point in time and what the market is procuring

Behavioural Competencies:

• Excellent communication skills, both written and verbal
• Effective engagement management
• Able to deliver engagements on time and within budget
• Proven ability to make decisions and the right judgement calls
• Ability to provide leadership and guidance/coaching to junior member of the team
• Ability to inspire and enthuse others to commitment and involvement taking accountability for larger engagements
• Manages large engagement / multiple engagement deadlines holistically, identifying risks and escalating.
• Able to work under pressure
• Ownership of deliverables driving team quality and risk management.

Qualifications

Minimum qualifications:

Relevant Degree, Honours or post graduate diploma, professional qualifications e.g. B.Sc, BCom, or B.Ing/Eng or MSc

Desired qualifications:

Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security - examples include:

• CISM (Certified Information Security Manager)
• CISSP (Certified Information Systems Security Professional)
• An industry leading qualification such as CREST, OSCE, OSCW, Crest, Check
• CEH (Certified Ethical Hacker)
• OSCP (Offensive Security Certified Professional
• GCIH (GIAC Certified Incident Handler)
• Certified Information Systems Security Professional (CISSP) or suitable hands-on experience is required.

Experience:

5+ years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required. Working experience within one or more of the Cyber Risk Domains (Sub-Offering) or professional services environment. Demonstrate strong understanding and experience in delivery of Cyber engagements across key industries.

• Excellent understanding of an IP addressing and how it works (IPv4 and IPv6)
• Deep knowledge and experience with ability to perform:
• security reviews of architecture and application designs
• mobile, complex application, infrastructure, as well as social engineering assessments and penetration testing
• Exploit vulnerabilities to gain access, and expand access to remote systems
• Assist with building, hardening, and maintaining systems used for penetration testing
• Research cutting edge security topics and new attack vectors