Risk Advisory – Cyber Strategy - Security Architect – Senior Consultant at Deloitte

Job Description

• The main purpose of the job is to support the engagement Manager in the delivery of services on delegated client engagement/ projects.
• Focus on the delivery of client engagements and shares knowledge and experience with others
• Able to produce high quality deliverables and support junior team members. 

Specialised Technical Capabilities:

Supports the Development and Implementation on of Cyber Risk Solutions:

•   Ability to develop and execute strategies, architectures, and roadmaps to provide client with need-based, value-adding, and cost-effective Cyber risk solutions
•      Ability to analyse the client’s cyber security infrastructures to enable targeted and data-driven enhancements
•      Keeps in mind the client’s business needs when developing assessment frameworks to ensure effective, targeted, and actionable analyses
•      Applies multiple security testing methodologies and techniques to assess client’s security infrastructures and identify / evaluate vulnerabilities
•      Gathers data and determines priority criteria to build an integrated roadmap that addresses all facets of a Cyber Assessment or implementation
•      Assesses cyber security policies and procedures to analyse compliance with regulatory requirements and evaluate overall operational efficiency; provides clients with mitigating solutions
•      Is proficient with multiple domain-specific cyber security technology solutions and can effectively design the integration of them to meet and exceed client’s needs
•      Enables sustainability and continuous improvement of cyber security solutions by assessing and enhancing client’s cyber security governance infrastructures
•      Understands and applies cyber threat intelligence and profiling to the design and assessment of client systems
•      Tests the effectiveness of client’s cyber security technologies to identify and articulate opportunities for improvement across the digital, physical, and social elements of the client
•      Conducts complex business process assessments to help clients identify, analyse, and prioritize gaps and risks; applies findings to make recommended upgrades aligned to the overall strategy
•      Develops effective and sustainable technology and Cyber risk management strategies by tailoring leading Cyber frameworks on key clients’ business and technology needs
•     Understands the interaction of business and technology processes / risks and can explain it in business terms to both technical and non-technical audiences

Technical competencies:

•   Knowledge and appreciation of the wider Cyber Security issues and opportunities beyond the specific domain specialisation
•   Display an understanding of Security architecture
•   Understanding and experience with developing architecture artefacts using modelling methods such as ArchiMate™, UML, BPMN and/or others
•   Awareness of Enterprise Architecture and understanding of Enterprise Security Architecture
•  Strong knowledge of Third-Party management
•   Technical skills such as Java, Javascript, Unix / Windows system administration and scripting are preferred.
•   An understanding of at least one of the leading IAM products (Sailpoint, CyberArk, Forgerock or others)
•   Well acquainted with LDAP, PKI, SSL, JNDI,
•   Apply solutions and products in the following IT security areas:  Data
•   Data Leak Prevention     
•   Classification Solutions  
•   Endpoint and network security
•   Data encryption including endpoint, email and databases
•   Cryptography, PKI and centralized key management
•   Database, networking, messaging, web proxy technologies  
•   Good working knowledge of networks and network architecture and integrations
•   Understanding of information security principles and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security)  

Good technical capability and technical certifications in the following areas:

•   Software / solution architecture, design and development
•   Secure architecture and engineering principles
•   Development and open source technology experience
•   Understands the integration points of Cyber sub offering with broader Digital Risk, Cyber Risk and enterprise consulting offerings in line with market demand.
•   Apply deep knowledge of disruptive trends and competitor activity to drive continuous improvement.
•   Certified Information Security Manager (CISM)
•   Certified Information Systems Security Professional (CISSP) [ISC2]
•   SABSA (Sherwood Applied Business Security Architecture)
•   CISSP-ISSAP (Certified Information Systems Security Professional-Information Systems Security Architecture Professional) [ISC2]

  Cloud Security:

•      AWS Security
•      Azure Security Engineer
•      Google Cloud and Apigee Security
•      SalesForce, Mulesoft and other SaaS solution specific security learning
•      SalesForce, Mulesoft and other SaaS solution specific security learning

  Information and Cyber Security Frameworks: ISO/IEC 27001/2; NIST SP800-53; NIST CSF; CYBOK

•   ISO 27001 Lead Implementer/Auditor
•  SWIFT CSP (Cyber Security Programme)
•   IoT: internet of things security
•  CCISO (Certified Chief Information Security Officer) [EC Council]
•   Ability to identify patterns, and analyse and improve processes (business analysis)
•   Software development and engineering including DevSecOps: fundamentals and experience
•   IT System and networks design, build and administration
•   Project Management including Agile Project Management (SAFE Agile, etc.)
•   Microservices, containerisation, DevOps toolsets (CI/CD pipeline)
•   Software Programming/Coding in variety of languages
•   Related Technical fundamentals at that point in time and what the market is procuring

Behavioural Competencies:

•   Excellent communication skills, both written and verbal
•   Consistently delivers high quality work.
•   Ability to meet deadlines (reliable and dependable)
•   Able to Multi-task
•   Proven initiatives in providing guidance to junior members of the project team
•   Demonstrates readiness to take decisions
•   Displays initiatives and takes accountability for delivery of work
•   Assumes manager responsibility on delivery of assignments where required under pressurised circumstances
•   Able to work under pressure
•   Ability to prioritize competing responsibilities as per their urgency and importance, ability to multi-task on various client engagements

Qualifications
Minimum qualifications:

• Relevant Degree, Honours or post graduate diploma, professional qualifications e.g. BSc, BCom, or B.Ing/Eng or MSc

Desired qualifications:

Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security - examples include:

•   CISM (Certified Information Security Manager)
•   CISSP (Certified Information Systems Security Professional)
•   ISMP (Information Security Management Principles)
•   CCSP (Certified Cloud Security Professional)
•   Certified Ethical Hacker – EC Council
•   ISO27001 Lead Auditor/Implementer Certificate
•   SABSA Chartered Security Architect
•   (TOGAF) The Open Group Architecture Framework
•   Cisco Unity Systems Engineer
•   ITIL – IT Infrastructure Library Foundation

Experience:

• 4+ years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required.

  Experience in;

•      Software / solution architecture, modelling, design and development
•      Secure architecture and engineering principles
•      Designing network layer security solution
•      Web and mobile application security, including mobile gateway security and multi-channel security
•      PCI standards and Payments
•     Software development and open source technology experience
•      Privacy implementation according to POPIA and/or GDPR
•      Laws related to Information Security, Cyber Security, Data Protection and/or Privacy