Risk Advisory - Cyber Risk - Manager

Company Description

Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organization”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 312,000 people make an impact that matters at www.deloitte.com. 

Who we are:  

Risk Advisory is home to our team of Cybersecurity specialists, an environment created with an innovation culture, made up of more than 1,700 professionals that help organisations to make intelligent decisions, in order to prevent and manage business and operational risks, along with those existing in technological, financial, and non-financial processes.  

Click here to read more about our Risk Advisory practice. 

Our Cyber Risk Advisory team is looking for professionals

Are you up for it?  

The Cyber Risk team wants to meet you!  

Job Description

Main Purpose of Job

Supports Senior Manager in delivery of services to / at client premises on delegated engagement / project.  Focus on the management and delivery of client engagements, as well as sales and practice development. Develop high-performing people and teams, leading and supporting them to make an impact that matters, and setting the direction to deliver exceptional client service.

Plans and Manages Cyber Security Solutions:

• Guide teams through the design and implementation of cyber security solutions that reduce vulnerability, strengthen controls and optimize organizational efficiency
• Assist client to define a holistic future state cyber security posture to address gaps with relevant standards and frameworks (e.g. NIST 8000-53, ISO27001, SANS Critical Security Controls)
• Keep in mind relevant frameworks, industry standards and the overall client’s business strategy when planning cyber security assessments
• Design cyber security solutions (e.g., vulnerability management, identity and access management, application protection) that strengthen controls on key assets, enable compliance, while increasing operational efficiency and reducing costs
• Lead complex technical assessments of client’s security infrastructures to identify / evaluate vulnerabilities, including considering the digital, physical, and social elements of the client, and reflecting relevant cyber threats to the client’s industry and profile
• Develop data-enabled roadmaps and defines criteria for prioritizing solutions to drive business value
• Design systems and mechanisms that enable continuous learning and improvement, while increasing efficiency, accountability, and governance capabilities
• Specialise in and build an internal expert brand within multiple domains, while maintaining a minimum level of expertise across many areas

Key Performance Areas

Strategic Impact:

• Support the Senior Manager on delivery of designated engagement / project, managing the implementation of the agreed deliverables 
• Track outputs against Service Level Agreement and report to Senior Manager on any unforeseen issues arising
• Seek to identify additional sales opportunities in client business
• Assist in the preparation of proposals/tenders and presentations on request
• Is a support resource in planning of sales presentations and client negotiation teams for new and retained business
• Develop market network in business and build relationships that generate leads
• Build relationships across Deloitte  service lines to understand broader offerings and seek opportunities for cross-selling
• Generate innovative solutions on projects / engagements in collaboration with team members to enhance / renew service offerings to client

Budgets/Profitability:

• Manage engagement budget through accurate budgeting,  cost control and profitability management
• Monitor that time and expenses on engagement are accurately recorded and submitted weekly
• Manage WIP on engagement and ensure billings are timeously done and collections followed up

Risk Strategy

• Ability to leverage a keen understanding of the client’s strategy to influence and advise client’s senior leadership on key risk decisions
• Demonstrates, through deliverables and discussions, an understanding of a C-suite perspective on risk-taking and risk-avoidance, and related cost-benefit trade-offs
• Articulates how a client’s strategy enables the allocation of capital and other resources based on strategically selected risk-reward trade-offs in light of business objectives and risk mitigation and management capabilities
• Defines scope and prioritizes types of risk assessment (e.g., strategic, operational, financial, project and compliance) to be performed and risk events to be monitored
• Helps client leadership understand risk appetite and tolerance for all risk areas, and defines appropriate Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to strategically guide the analysis

Risk Assessment and Mitigation:

• Ability to ensure an effective risk assessment compilation and mitigation plan execution in alignment with the enterprise risk framework, risk culture, and overall business strategy
• Prepares project plan to meet objectives within established budget and timeline and recognizes when plans should be adjusted to meet objectives
• Develops budget, scope and staffing recommendations based on understanding of client budget and project economics
• Communicates business objectives and desired outcomes to guide the work of others
• Fosters a team environment that builds accountability for and commitment to meeting engagement objectives
• Ensures that team’s work meets quality assurance standards and that all relevant risks have been identified and appropriately addressed
• Prioritizes tasks of the team based on relative importance, delegating to the right resource, based on role, experience, and skill level
• Recognizes potential independence or related issues and takes appropriate action, including consultation with subject matter experts as necessary

Delivery Excellence:

• Ability to lead projects and provide strategic direction across the account to deliver a superior client experience
• Prepares project plan to meet objectives within established budget and timeline and recognizes when plans should be adjusted to meet objectives
• Develops budget, scope and staffing recommendations based on understanding of client budget and project economics
• Communicates business objectives and desired outcomes to guide the work of others
• Fosters a team environment that builds accountability for and commitment to meeting engagement objectives
• Ensures that team’s work meets quality assurance standards and that all relevant risks have been identified and appropriately addressed
• Prioritizes tasks of the team based on relative importance, delegating to the right resource, based on role, experience, and skill level
• Recognizes potential independence or related issues and takes appropriate action, including consultation with subject matter experts as necessary

Reporting and Presentations:

• Ability to ensure reports and presentation are strategically aligned with the client’s goals and drive business success
• Provides a vision for deliverables; validates team’s analysis and recommendations in context of broader project
• Challenges team members to identify impactful insights to develop recommendations that most effectively support a client’s business objectives
• Ensures accuracy and validity of client’s reports by critically analyzing hypothesis, conclusions, and recommendations
• Maintains expert knowledge in the use of data, service line innovation, benchmarks, and business metrics to make critical decisions

Knows the Business and the Industry:

• Ability to advise the client to make decisions that positively impact return on investment; provides subject matter expertise on industry trends, innovation efforts, and leading practices
• Participates in business and / or industry groups to build knowledge of economic, industry, and market conditions
• Identifies relevant trends, practices, and market conditions that merit discussion with the client
• Discusses business trends and industry practices with confidence
• Builds personal brand and supports eminence building in chosen industry

Executive Presence:

• Ability to project confidence, establish credibility with, and influence clients at all levels
• Tells a story and advocates for a position with clarity and conviction
• Understands the larger ecosystem within which the client operates; uses to facilitate discussions about potential solutions to the client’s most pressing business problems
• Establishes and maintains relationships with clients beyond immediate project needs and uses to gain beneficial insights and drive impact; has a ‘seat at the table’
• Masters executive level written and oral communications; creates logically-structured, executive-facing deliverables
• Maintains a calm, professional demeanor when challenges arise

Qualifications

Qualifications:

• Postgraduate qualification (relevant to Service Area / Business Management, etc.)
• Bachelor / Honours Degree (Information Technology, Computer Science, Engineering)
• Qualifications such as CISSP, CCNA and CCNP
• A certification in security domain, such as CISA, CRISC
• Technical certifications e.g. MCSE, MCITP, MCTS, CCNP, CCNA, CCiE
• Certifications from leading vendors: e.g. Symantec, Sophos, and Microsoft

Experience:

• Minimum of 8-10 yrs. plus years’ experience in Cyber Security with experience in a client-facing consulting environment.
• 2 to 6 years experience in a management role

Technical Competencies

• Expert in field with sound industry and business knowledge
• Demonstrated leadership skills
• Sales skills
• Proven ability to manage and execute projects
• Experience in drafting and presenting client proposals
• Excellent report writing skills
• Good financial knowledge
• Sound business acumen
• Display an awareness of Security architecture
• Strong knowledge of Third Party management
• Technical skills such as Java, JavaScript, UNIX / Windows administration and scripting are preferred.
• An understanding of at least one of the leading IAM products (Sail point, Cyber Ark, ForgeRock or others)
• Well acquainted with LDAP, PKI, SSL, JNDI,
• Demonstrate an understanding of information security principles and best practise (e.g., ISO27001 and ISF Standards of Good Practice for Information Security
• Describe common IAM technologies (SAML, OAuth, Open ID)
• Perform application integration with the IAM solution
• Demonstrate experience in implementing IAM SDLC engagements projects, including requirements gathering, analysis, design, development, testing, deployment, and application support
• Competent in the following product suites:  
• CA R12 Identity Management   
• Sun Identity Management   
• IBM Tivoli Identity Management
• Oracle Identity Management
• Apply solutions and products in the following IT security areas:  Data
• Data Loss Prevention     
• Classification Solutions  
• Endpoint and network security                  
• Data encryption including endpoint, email and databases                                           
• Cryptography, PKI and centralized key management                                                     
• Oracle database, networking, messaging, web proxy technologies  
• Good working knowledge of networks and network architecture and integrations
• Understanding of information security principles and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security)  
• Perform SIEM solutions like HP Arc Sight, IBM QRadar, Splunk, Log Rhythm, RSA envision, etc. Able to size, design, configure, implement and assess platforms

Behavioural Competencies

• Excellent communication skills, both written and verbal
• Effective interpersonal and relationship building skills
• Good mentorship and coaching ability with desire to develop self and others
• Strong client delivery focus
• Adaptable, managing change and ambiguity with ease
• Focus on quality and risk
• Sound problem solving ability

Additional Information

*note that this position is a talent pool for short term hiring needs

How You Will Grow

At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there is always room to learn. We offer opportunities to help build world-class skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University Leadership Centre. https://deloitte.zoomforth.com/du

 Benefits

At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits.

Our Purpose

Deloitte is led by a purpose: To make an impact that matters. Every day, Deloitte people are making a real impact in the places they live and work. We pride ourselves in doing not only what is good for clients, but also what is good for our people and the communities in which we live and work—always striving to be an organization that is held up as a role model of quality, integrity, and positive change. Learn more about Deloitte’s impact.  https://www2.deloitte.com/global/en/pages/about-deloitte/articles/impact-that-matters.html

Recruiter Tips

We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do a research to know some background about our firm and the business area you are applying to.

At Deloitte, we want everyone to feel they can be themselves and to thrive at work—in every country, in everything we do, every day. We aim to create a workplace where everyone is treated fairly and with respect, including reasonable accommodation for persons with disabilities. We seek to create and leverage our diverse workforce to build an inclusive environment across the African continent.