Cybersecurity Manager at BDO South Africa

The purpose of this job:

The role of the Cybersecurity Senior Manager includes contribution to technical insights relevant to client engagements and internal projects. Actively establish, maintain and strengthen internal and external relationships.  Identify potential business opportunities for BDO within existing engagements and the market, business development, management of projects and people within the Cybersecurity Department,  control WIP and manage debtors. The Cybersecurity Manager will be responsible for the following key activities to achieve the main objectives:

• Managing Client Relationships
• Planning of cybersecurity engagements
• Execution of cyber security programs and solutions 
• Managing the resources assigned to each project and control WIP
• Manage the day-to-day activities of any assignment (from planning, execution to reporting).
• Performance management (Cyber Strategy and Planning, Testing and Verification, GRC, Security Risk Management and Incident Response, Cybersecurity Solutions)

Requirements:

• Minimum of 4 years experience 
• Experience in assessing an implementing security and risk standards including ISO 2700X, NIST, ITIL, COBIT
• Expereince in security risk assessment and planning using different frameworks and tools
• Expereince in penetration testing on infrastructure, network, wep applications, and source code review
• Expereince in cloud security benchmarking, risk assessment and cyber solutions
• Manage security configurations reviews on operating systems, databases and network devices
• Experience in cybersecurity awareness training, VAPT, MDR, SOC/SIEM, etc.
• Bachelors Degree in Computer Science, Information Systems, or related training in Information Security
• Industry certification  (e.g., CompTIA Security+, CEH, CISSP, CISM, CISA, CRISC)

Business/ Brand Development/ Operational Excellence:

BDO Brand

• Develops effective networks/relationships inside and outside of the firm and maintains the contacts to identify opportunities. Provide key contacts per year (new or old) and evidence of contact activities i.e. meetings and outcomes.
• Identifies opportunities and grow existing client base, inclusive of the public sector, to a minimum of 1200k per annum. This includes cross selling BDO's other departments’ services into our contacts & clients.
• Compiles at least 12 technical proposals (min of 1 per month) proposals and/or tenders annually to meet current and/or prospective clients' expectations.Identifies at least 2 opportunities, write-ups or presentations in a year for the development of new products or promotion of current services and procedures.
• Understands and speaks knowledgeably about the Cyber Lab service line.
• Assists in the BEE activities/actions in both the BDO and Cyber arena (Staff, procurement & Clients)
• Ensures that a client satisfaction survey is completed after the completion of the engagement. (NPS Scoring and Rating)

Policies and Procedures

• Ensures personal and team adherence to BDO policies and procedures

Staff

• Manages team effectively on a day-to-day basis (staff, budgets, deadlines)

Finance:

Time sheets

• Reviews timesheets/WIP reports and travel claims on Maconomy every Monday by 12H00 and on the same day carries out formal follow-ups on staff who have not submitted their timesheets. 

Productivity

• Check productivity levels for self (60%), ensure they are meeting the set levels and communicate productivity levels to Managers weekly.

Audit

• Gives feedback to senior managers at audit debriefs or when required to do so, escalates problems to senior managers promptly
• Ensures the engagement letter is prepared at least 1 week before starting date of the audit and/or the Audit Committee whichever is first.

Budget

• Participates in the compilation of the Cyber department's annual budget.

Financial

• Ensure WIP is billed monthly.
• Debtors should be kept with a minimum of 30 days including write offs, & provisions. 
• Minimum of 65% recoverability on one’s portfolio. 
• Check productivity levels for self and staff ensure they are meeting the set levels and communicate productivity levels to staff on a monthly basis.

Quality and process:

Client

• Ensures all client background information is obtained and is filed on the server a week before the engagement commences.
• Obtain an understanding of the problem during the client meeting and ensure the problem is formally documented and filed eletrinically.
• Ensures that performance and documentation of work comply with the Cyber methodology through progressive/continuous review of work papers.
• IT reviews –Performance and documentation of work is per defined filing method.
• Ensures on-site presence at least 24hrs on an 80hrs assignment.

Staff

• Communicates all appropriate deadlines to  staff and monitor progress according to pre-established time lines through:
       The Debrief meeting
       Scope and Time Budgets
• Identifies engagement resource requirements and ensures that the most appropriate resources are assigned to specific assignment roles – update the planning board at least a month in advance for staff with upcoming assignments.
• Provide update as and when an assignment is confirmed however should be showing staff occupation every week

Reviews

• Ensures an effective audit programme is prepared a day after Process documentation is reviewed.
• Performs review of work papers within two days of receipt from staff with final Manager’s review done within a week after fieldwork is complete.
• Reviews the work papers as the work progresses and final file before closeout meeting
• Ensures the draft report is produced for Director review within a week after fieldwork reviews are complete.
• Ensures the draft report is produced for Director’s review and discussed with client at the closeout for any changes.
• Issues Final report, with client responses/comments addressed to the client, after Director’s approval within two weeks after the draft report issue date.
• Issue the final report within a month after the draft report depending on the nature of the investigations.
• Ensures the Audit File is up to the standard required for an external Quality Assurance Review according to the QAR Checklist.  
• Management of change control in respect off the quality procedures as set out in the Quality Manual.
• Ensures that the audit file is in the defined format.
• Should ensure the supporting documentation are filed.
• Judges the sensitivity of both client and management information and treats it appropriately

People, Development, Learning and Growth:

Relationship

Develops team spirit/building in the Department involving the team members:

• Involvement through Leading meetings
• Building relationships through social events
• Building Trust through transformation
• Developing successful teams by working together

Staff development

• Ensures that each individual's developmental needs as well as the needs of the client are considered through use of formal staff development plans. 
• Ensures staff appraisals are carried out:
       After major assignments (2wks+ assignments) and produce staff development plans, 
       Half yearly for the mandated HR appraisals within HR expected timelines.
• Develops team spirit/building in the Department involving the team members:
       Involvement through Leading meetings
       Building relationships through social events
       Building Trust through transformation
       Developing successful teams by working together
• Conducts effective on the job training, ensuring that training needs of the junior staff are appropriately addressed through knowledge impartation and use of coaching notes/review notes. Feedback will be given through 360 evaluations done yearly.
• Obtains feedback from staff and check that instructions are understood and observed – hold audit debriefs at start of audit and follow-up weekly.
• Leads by setting a personal example of excellence, acting as a role model, embodying behaviours consistent with the TEC vision and values that others respect and from which they learn. Feedback will be given through 360 evaluations done yearly.

Own development

Identify training needs/ gaps

• Arrange with Director for required training/ courses
• Remains technically up to date - maintenance of CPE/ CPD Hours and/or attending at least 4 relevant courses/ conferences/ seminars in a year