Cyber - Application Security - Independent Consultant

Company Description

Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax, and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organisation”) serves four out of five Fortune Global 500® companies. Learn how Deloitte makes an impact that matters at www.deloitte.com.

About the Division

The value that Deloitte Risk Advisory Africa creates for organisations is synonymous with operational excellence. Our five business areas work in unison to provide integrated solutions unique to the organisational requirements of any business.

In a world that is constantly changing, organisations need to adapt quickly to respond to new risks and take advantage of new opportunities. Deloitte's Risk Advisory practice advises organisations on how to effectively mitigate risk and make informed and intelligent risk decisions around business processes, technology, and operations. Click here to read more about our Risk Advisory practice.

Cyber and Strategic Risk

Helps clients address various aspects of Cyber and other strategic risks to their organisations in order to make risk informed strategic choices, prepare to respond to disruptions, assess and manage enterprise-level risks through their lifecycle, and strategize and respond to the risks associated with the reliability and protection of data, associated processes, and technology.

We provide advisory and managed services designed to help Senior Executives identify, assess, manage, and respond to risks and/or catastrophic unforeseen incidents that could undermine their competitive position and jeopardize their critical assets, reputation, and or financial standing.

Click here to see more about what our Cyber Risk team does.

Job Description

Focus on the delivery of client engagements as a Subject Matter Expert on SAP application security.

• Supports the Design and Implementation on of SAP Security Solutions 
• Ability to develop and execute strategies, architectures, and roadmaps to provide client with value-adding and cost-effective Application Security solutions.
•  Ability to analyse the client’s Application Security landscape to enable targeted and data-driven enhancements.
• Ability to design and implement SAP security solution based on client Application Security requirements.
• Ability to gather SAP Client requirements and convert them into value-adding Application Security solutions. 
• Ability to specifically design and implement SAP Authorisations and SAP GRC solutions, for on premise and cloud platforms.  
• Applies multiple security testing methodologies and techniques to assess client’s Application Security landscape and identify / evaluate vulnerabilities
• Assesses Application Security policies and procedures to analyse compliance with regulatory requirements and evaluate overall operational efficiency and provides clients with mitigating solutions
• Proficient with multiple domain-specific Application Security technology solutions and ability to effectively integrate them to meet and exceed client’s needs
• Enables sustainability and continuous improvement of Application Security solutions by assessing and enhancing client’s cyber security governance infrastructures
• Understands and applies cyber threat intelligence and profiling to the design and assessment of client application systems.
• Tests the effectiveness of client’s Application Security control to identify vulnerabilities and articulate opportunities for improvement across the digital, physical, and social elements of the client.
• Conducts complex business process assessments to help clients identify, analyse, and prioritize gaps and risks; applies findings to make recommended upgrades aligned to the overall strategy
• Develops effective and sustainable technology and Cyber risk management strategies by tailoring leading Cyber frameworks on key clients’ business and technology needs
• Understands the interaction of business and technology processes / risks and can explain it in business terms to both technical and non-technical audiences

Qualifications

• Relevant Diploma, Honours or post graduate diploma, professional qualifications

Desired qualifications:

• SAP Security Industry Certification 
• SAP GRC Business Objects Certification  
• CISM (Certified Information Security Manager)
• CISSP (Certified Information Systems Security Professional)
• ITIL – IT Infrastructure Library Foundation

Experience:

• Progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required. Working experience within the Application Security Offering, SAP.
• Minimum 3-4 end to end implementations / Upgrades of SAP GRC.
• Experience in gathering business requirements, performing risk analysis and implementation of SAP Security Design.
• Experience in areas of SAP Process Control, SAP Risk Management, SAP Audit Management and SAP Fraud Management will be preferred.
• Experience with SAP S/4 HANA on-premise and, S/4 HANA Cloud implementation.
• Experience in Ruleset Customization, Remediation and Mitigation of Risks.
• Understanding of different authorization tables, troubleshooting authorization issues, user access management.
• Fair amount of business process understanding in areas of P2P, R2R, OTC.
• Good to have experience in working on CATT scripts.
• Excellent in written and verbal communication skills.

Technical competencies:

• Fair amount of business process understanding in areas of P2P, R2R, OTC.
• Experience in gathering business requirements, performing risk analysis and implementation of SAP Security Design.
• Strong User role and authorizations design.
• Strong S4/HANA authorisations implementation capability
• Good to have experience in working on CATT scripts.
• Good understanding of SAP S4 Hana Implementation Cycle, in order to embed GRC scope / solutions.
• Ability to give viewpoints on Sizing / Cloud Hosting / Integration with other applications.
• On premises and in Cloud deployment experience.

Behavioural Competencies:

• Excellent communication skills, both written and verbal
• Effective time management skills 

Additional Information

At Deloitte, we want everyone to feel they can be themselves and to thrive at work—in every country, in everything we do, every day. We aim to create a workplace where everyone is treated fairly and with respect, including reasonable accommodation for persons with disabilities. We seek to create and leverage our diverse workforce to build an inclusive environment across the African continent.