Risk Advisory – Cyber Risk - Application Security – Senior Consultant at Deloitte

Job Description
The main purpose of the job is to support the Engagement Manager in delivery of services remotely or at client premises on delegated engagements.

Focus on the delivery of client engagements and shares knowledge and experience with others

Ability to produce high quality deliverables and support junior team members.

Specialised Technical Capabilities:

Supports the Development and Implementation on of Cyber Risk Solutions:

  Ability to develop and execute strategies, architectures, and roadmaps to provide client with need-based, value-adding, and cost-effective Cyber risk solutions

•      Ability to analyse the client’s cyber security infrastructures to enable targeted and data-driven enhancements
•      Keeps in mind the client’s business needs when developing assessment frameworks to ensure effective, targeted, and actionable analyses
•      Applies multiple security testing methodologies and techniques to assess client’s security infrastructures and identify / evaluate vulnerabilities
•      Gathers data and determines priority criteria to build an integrated roadmap that addresses all facets of an Cyber Assessment or implementation
•      Assesses cyber security policies and procedures to analyse compliance with regulatory requirements and evaluate overall operational efficiency; provides clients with mitigating solutions
•      Is proficient with multiple domain-specific cyber security technology solutions and is able to effectively integrate them to meet and exceed client’s needs
•      Enables sustainability and continuous improvement of cyber security solutions by assessing and enhancing client’s cyber security governance infrastructures
•      Understands and applies cyber threat intelligence and profiling to the design and assessment of client systems
•      Tests the effectiveness of client’s cyber security technologies to identify and articulate opportunities for improvement across the digital, physical, and social elements of the client
•      Conducts complex business process assessments to help clients identify, analyse, and prioritize gaps and risks; applies findings to make recommended upgrades aligned to the overall strategy
•      Develops effective and sustainable technology and Cyber risk management strategies by tailoring leading Cyber frameworks on key clients’ business and technology needs
•      Understands the interaction of business and technology processes / risks and can explain it in business terms to both technical and non-technical audiences

Technical competencies:

•   Technical expert in one or more specific Cyber sub-offering area
•   Demonstrated project management skill
•   Consulting skills
•   Experience in drafting and presenting to clients
•   Good report writing skills
•   Sound financial knowledge and understanding
•   Business acumen
•   Bring technical and industry experience in Cyber Application sub offering (domain) to engage with clients and key stakeholders pragmatically.
•   Understands technical complexity at Network, Application, Database, Infrastructure and Cloud level.
•   Knowledge and appreciation of the wider Cyber Security issues and opportunities beyond the specific domain specialisation.
•   Able to scope Cyber engagements effectively and assign and manage an appropriate team to deliver against the engagement requirements.
•   Experience in areas of Risk Management, Audit Management and Fraud Management will be preferred.
•   Experience in Ruleset Customization, Remediation and Mitigation of Risks.
•   Understanding of different authorization tables, troubleshooting authorization issues, user access management.
•   Minimum two to three End to End implementations / Upgrades of SAP GRC.
•   Fair amount of business process understanding in areas of P2P, R2R, OTC.

  Experience in gathering business requirements, performing risk analysis and implementation of SAP Security Design.

•   Strong User role and authorizations design.
•   Strong S4/HANA authorisations implementation capability

   Good to have experience in working on CATT scripts.

•   Good understanding of SAP S4 Hana Implementation Cycle, in order to embed GRC scope / solutions.
•   Ability to give viewpoints on Sizing / Cloud Hosting / Integration with other applications.
•   On premises and in Cloud deployment experience.

Behavioural Competencies:

•   Excellent communication skills, both written and verbal
•   Effective engagement management
•   Able to deliver engagements on time and within budget
•   Proven ability to make decisions and the right judgement calls
•   Ability to provide leadership and guidance/coaching to junior member of the team
•  Ability to inspire and enthuse others to commitment and involvement taking accountability for larger engagements
•   Manages large engagement / multiple engagement deadlines holistically, identifying risks and escalating. 
•   Able to work under pressure
•   Ownership of deliverables driving team quality and risk management.

Qualifications
Minimum qualifications:

• Relevant Degree, Honours or post graduate diploma, professional qualifications e.g. B.Sc, BCom, or B.Ing/Eng or M.Sc.  Or one or more major industry / cyber certifications, diplomas, professional certifications

Desired qualifications:

Bachelor’s degree/postgraduate degree (Engineering/Computer Science/IT), relevant Cyber specific certifications are advantageous. Examples include:

•   CISM (Certified Information Security Manager)
•   CISSP (Certified Information Systems Security Professional)
•   ISO27001 Lead Auditor/Implementer Certificate
•   ISMP (Information Security Management Principles)
•   CCSP (Certified Cloud Security Professional)
•   Certified Ethical Hacker (CEH) – EC Council
•   ITIL – IT Infrastructure Library Foundation

Experience:

4+ years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required. Working experience within one or more of the Cyber Risk Domains (Sub-Offering) or professional services environment. Demonstrate strong understanding and experience in delivery of Cyber engagements across key industries.

•    Experience in areas of Risk Management, Audit Management and Fraud Management will be preferred.
•    Experience in Ruleset Customization, Remediation and Mitigation of Risks.
•    Understanding of different authorization tables, troubleshooting authorization issues, user access management.
•    Minimum 3-4 end to end implementations / Upgrades of SAP GRC.
•    Fair amount of business process understanding in areas of P2P, R2R, OTC.
•    Experience in gathering business requirements, performing risk analysis and implementation of SAP Security Design.
•    Good to have experience in working on CATT scripts.
•    Excellent in written and verbal communication skills.
•    Experience with SAP HANA, S/4 HANA implementation