Risk Advisory – Cyber Cloud – DevSecOps – Senior Consultant to Manager level

Company Description

Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organisation”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 312,000 people make an impact that matters at www.deloitte.com.

About the Division

The value that Deloitte Risk Advisory Africa creates for organisations is synonymous with operational excellence. Our five business areas work in unison to provide integrated solutions unique to the organisational requirements of any business.

In a world that is constantly changing, organisations need to adapt quickly to respond to new risks and take advantage of new opportunities. Deloitte's Risk Advisory practice advises organisations on how to effectively mitigate risk and make informed and intelligent risk decisions around business processes, technology and operations.

Click here to read more about our Risk Advisory practice.

Job Description

The main purpose of the job is to support the Engagement Manager in delivery of services remotely or at client premises on delegated engagements.

Focus on the delivery of client engagements and shares knowledge and experience with others

Ability to produce high quality deliverables and support junior team members.

Specialised Technical Capabilities:

• Supports the Development, Implementation and Operation of Cyber Risk Solutions to enable Security in DevOps as part of Agile solution delivery:
• Ability to develop and execute strategies, architectures, and roadmaps to provide client with need-based, value-adding, and cost-effective Cyber risk solutions
• Ability to analyse the client’s cyber security infrastructures to enable targeted and data-driven enhancements
• Keeps in mind the client’s business needs when developing assessment frameworks to ensure effective, targeted, and actionable analyses
• Applies multiple security testing methodologies and techniques to assess client’s security infrastructures and identify / evaluate vulnerabilities
• Gathers data and determines priority criteria to build an integrated roadmap that addresses all facets of a Cyber Assessment or implementation
• Assesses cyber security policies and procedures to analyse compliance with regulatory requirements and evaluate overall operational efficiency; provides clients with mitigating solutions
• Is proficient with multiple domain-specific cyber security technology solutions and can effectively integrate them to meet and exceed client’s needs
• Enables sustainability and continuous improvement of cyber security solutions by assessing and enhancing client’s cyber security governance infrastructures
• Understands and applies cyber threat intelligence and profiling to the design and assessment of client systems
• Tests the effectiveness of client’s cyber security technologies to identify and articulate opportunities for improvement across the digital, physical, and social elements of the client
• Conducts complex business process assessments to help clients identify, analyse, and prioritize gaps and risks; applies findings to make recommended upgrades aligned to the overall strategy
• Develops effective and sustainable technology/tools and Cyber risk management strategies by tailoring leading Cyber frameworks on key clients’ business and technology needs
• Understands the interaction of business and technology processes / risks and can explain it in business terms to both technical and non-technical audiences
• Provide advice on security best practices, and guide clients in developing and implementing security policies aligned to the cloud platforms and that specifically direct secure development and deployment pipelines
• Evaluate and recommend emerging security products that enable and optimise secure DevOps on-premises and in-cloud.
• Be able to perform Dynamic Application Security Testing (DAST) and or Static Application Security Testing (SAST) scans in addition to defining, implementing and reviewing the security configuration of DevOps environments
• Understanding and ability to operate successfully in the context of IT processes for configuration, change and release management.

Technical competencies:

• Technical expert in one or more specific Cyber sub-offering area
• Demonstrated project management skill
• Consulting skills
• Experience in drafting and presenting to clients
• Ability to build strong working relationships with peers and client personnel
• Good report writing skills
• Sound financial knowledge and understanding
• Business acumen
• Bring technical and industry experience in the Cyber Cloud sub offering (domain) to engage with clients and key stakeholders pragmatically.
• Understands technical complexity at Network, Application, Database, Infrastructure and Cloud level.
• Understand and interpret complex security-related business challenges and ability to respond by conceiving innovative information security/cyber solutions for clients.
• Knowledge and appreciation of the wider Cyber Security issues and opportunities beyond the specific domain specialisation.
• Able to scope Cyber engagements effectively and assign and manage an appropriate team to deliver against the engagement requirements.
• Applying Cloud Security Reference Architecture to deliver consistent, standardized solutions for Identity & Access Management, Data Protection, Secure DevOps, Security Operations, and other security domains.
• Delivering solutions for integration between Cloud and on-premises security solutions.
• Solutions Architect experience.
• Demonstrated ability to manage engagements that encompass the wider RA services and collaborating and coordinating solution design work with other Cyber sub Solution Architects in Infrastructure, IT Strategy, Service Delivery, etc.
• Utilizing and applying knowledge of Cloud solutions across IaaS, PaaS & SaaS into projects, such as AWS, Azure, OpenStack, Cloud Foundry, Salesforce, Microsoft Office 365, Box etc.
• Utilizing and applying knowledge of enterprise security and Cloud security specific solutions into projects such as: IAM/IDaaS, CASB, Identity Governance, Cloud SOC/SIEM, Key Management & Encryption.
• Laws and regulations related to Information Security, Cyber Security, Data Protection and/or Privacy especially where relevant to the Cloud.

Behavioural Competencies:

• Excellent communication skills, both written and verbal
• Effective engagement management
• Able to deliver engagements on time and within budget
• Proven ability to make decisions and the right judgement calls
• Ability to provide leadership and guidance/coaching to junior member of the team
• Ability to inspire and enthuse others to commit and get involved taking accountability for larger engagements
• Manages large engagement / multiple engagement deadlines holistically, identifying risks and escalating. 
• Able to work under pressure
• Ownership of deliverables driving team quality and risk management

Qualifications

Minimum qualifications:

Relevant Degree, Honours or post graduate diploma, professional qualifications e.g. B.Sc, BCom, or B.Ing/B.Sc Eng. or M.Sc.

Desired qualifications:

Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security - examples include:

· CISM (Certified Information Security Manager)

· CISSP (Certified Information Systems Security Professional)

· ISMP (Information Security Management Principles)

· Cloud engineering Cloud Security

· CCSP (Certified Cloud Security Professional) for AWS + Azure + GCP

· Working knowledge in Palo Alto, Prisma., Netskope

· Amazon and/or Microsoft certified Solutions Architect.

· ITIL (IT Infrastructure Library)

Experience:

5+ years of progressive experience with 3 or more years of Cloud specific experience, with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required. Demonstrate strong understanding and experience in delivery of Cyber engagements across key industries.

• Familiar with Agile project delivery
• Be able to build, run and review automated tests along the development lifecycle (Test driven development)
• Security standards and governance frameworks
• Security testing methods for various CI/CD pipelines and target technology deployment, containers (e.g. Kubernetes), microservices, in-cloud and on-premises
• Infrastructure and network as code
• Deployment pipeline as code
• Experience in translating clients' risk, security, and compliance requirements into specific Cloud security solutions and design patterns.
• Applying Cloud Security Reference Architecture to deliver consistent, standardized solutions.
• Delivering solutions for integration between Cloud and on-premises security solutions.
• Experience delivering complex security solutions,
• Collaborating and coordinating solution design work with other Cyber sub Solution Architects in Infrastructure, IT Strategy, Service Delivery, etc.
• Managing/operating public, private and hybrid cloud solutions.
• Utilising and applying knowledge of Cloud solutions across IaaS, PaaS & SaaS into projects, such as AWS or Azure, OpenStack or Cloud Foundry, Salesforce, Microsoft Office 365, Box etc.
• Utilizing and applying knowledge of enterprise security and Cloud security specific solutions into projects such as: IAM/IDaaS, CASB, Identity Governance, Cloud SOC/SIEM, Key Management & Encryption.
• Utilising and applying security testing knowledge
• Utilising and applying knowledge of DevOps technologies, Azure DevOps, Atlassian, Jira, etc.,
• Solutions Architecture experience and/or Security Architecture experience; and
• Experience designing and/or delivering complex security solutions, such as Identity & Access Management, Data Protection and DLP, SIEM, and network segmentation and defence.
• Have experience with conducting vulnerability assessments/scans
• Develop and deploy security as code

Additional Information

*Please note that this job advertisement provides a summary of the capabilities required and all candidates shortlisted will receive a full list of capabilities.

At Deloitte, we want everyone to feel they can be themselves and to thrive at work—in every country, in everything we do, every day. We aim to create a workplace where everyone is treated fairly and with respect, including reasonable accommodation for persons with disabilities. We seek to create and leverage our diverse workforce to build an inclusive environment across the African continent.