Jobs at Deloitte

Job Description
The main purpose of the job is to support the Engagement Manager in delivery of services remotely or at client premises on delegated engagements.

Focus on the delivery of client engagements and shares knowledge and experience with others

Ability to produce high quality deliverables and support junior team members.

Specialised Technical Capabilities:

Supports the Development and Implementation on of Cyber Risk Solutions:

  Ability to develop and execute strategies, architectures, and roadmaps to provide client with need-based, value-adding, and cost-effective Cyber risk solutions

•      Ability to analyse the client’s cyber security infrastructures to enable targeted and data-driven enhancements
•      Keeps in mind the client’s business needs when developing assessment frameworks to ensure effective, targeted, and actionable analyses
•      Applies multiple security testing methodologies and techniques to assess client’s security infrastructures and identify / evaluate vulnerabilities
•      Gathers data and determines priority criteria to build an integrated roadmap that addresses all facets of an Cyber Assessment or implementation
•      Assesses cyber security policies and procedures to analyse compliance with regulatory requirements and evaluate overall operational efficiency; provides clients with mitigating solutions
•      Is proficient with multiple domain-specific cyber security technology solutions and is able to effectively integrate them to meet and exceed client’s needs
•      Enables sustainability and continuous improvement of cyber security solutions by assessing and enhancing client’s cyber security governance infrastructures
•      Understands and applies cyber threat intelligence and profiling to the design and assessment of client systems
•      Tests the effectiveness of client’s cyber security technologies to identify and articulate opportunities for improvement across the digital, physical, and social elements of the client
•      Conducts complex business process assessments to help clients identify, analyse, and prioritize gaps and risks; applies findings to make recommended upgrades aligned to the overall strategy
•      Develops effective and sustainable technology and Cyber risk management strategies by tailoring leading Cyber frameworks on key clients’ business and technology needs
•      Understands the interaction of business and technology processes / risks and can explain it in business terms to both technical and non-technical audiences

Technical competencies:

•   Technical expert in one or more specific Cyber sub-offering area
•   Demonstrated project management skill
•   Consulting skills
•   Experience in drafting and presenting to clients
•   Good report writing skills
•   Sound financial knowledge and understanding
•   Business acumen
•   Bring technical and industry experience in Cyber Application sub offering (domain) to engage with clients and key stakeholders pragmatically.
•   Understands technical complexity at Network, Application, Database, Infrastructure and Cloud level.
•   Knowledge and appreciation of the wider Cyber Security issues and opportunities beyond the specific domain specialisation.
•   Able to scope Cyber engagements effectively and assign and manage an appropriate team to deliver against the engagement requirements.
•   Experience in areas of Risk Management, Audit Management and Fraud Management will be preferred.
•   Experience in Ruleset Customization, Remediation and Mitigation of Risks.
•   Understanding of different authorization tables, troubleshooting authorization issues, user access management.
•   Minimum two to three End to End implementations / Upgrades of SAP GRC.
•   Fair amount of business process understanding in areas of P2P, R2R, OTC.

  Experience in gathering business requirements, performing risk analysis and implementation of SAP Security Design.

•   Strong User role and authorizations design.
•   Strong S4/HANA authorisations implementation capability

   Good to have experience in working on CATT scripts.

•   Good understanding of SAP S4 Hana Implementation Cycle, in order to embed GRC scope / solutions.
•   Ability to give viewpoints on Sizing / Cloud Hosting / Integration with other applications.
•   On premises and in Cloud deployment experience.

Behavioural Competencies:

•   Excellent communication skills, both written and verbal
•   Effective engagement management
•   Able to deliver engagements on time and within budget
•   Proven ability to make decisions and the right judgement calls
•   Ability to provide leadership and guidance/coaching to junior member of the team
•  Ability to inspire and enthuse others to commitment and involvement taking accountability for larger engagements
•   Manages large engagement / multiple engagement deadlines holistically, identifying risks and escalating. 
•   Able to work under pressure
•   Ownership of deliverables driving team quality and risk management.

Qualifications
Minimum qualifications:

• Relevant Degree, Honours or post graduate diploma, professional qualifications e.g. B.Sc, BCom, or B.Ing/Eng or M.Sc.  Or one or more major industry / cyber certifications, diplomas, professional certifications

Desired qualifications:

Bachelor’s degree/postgraduate degree (Engineering/Computer Science/IT), relevant Cyber specific certifications are advantageous. Examples include:

•   CISM (Certified Information Security Manager)
•   CISSP (Certified Information Systems Security Professional)
•   ISO27001 Lead Auditor/Implementer Certificate
•   ISMP (Information Security Management Principles)
•   CCSP (Certified Cloud Security Professional)
•   Certified Ethical Hacker (CEH) – EC Council
•   ITIL – IT Infrastructure Library Foundation

Experience:

4+ years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required. Working experience within one or more of the Cyber Risk Domains (Sub-Offering) or professional services environment. Demonstrate strong understanding and experience in delivery of Cyber engagements across key industries.

•    Experience in areas of Risk Management, Audit Management and Fraud Management will be preferred.
•    Experience in Ruleset Customization, Remediation and Mitigation of Risks.
•    Understanding of different authorization tables, troubleshooting authorization issues, user access management.
•    Minimum 3-4 end to end implementations / Upgrades of SAP GRC.
•    Fair amount of business process understanding in areas of P2P, R2R, OTC.
•    Experience in gathering business requirements, performing risk analysis and implementation of SAP Security Design.
•    Good to have experience in working on CATT scripts.
•    Excellent in written and verbal communication skills.
•    Experience with SAP HANA, S/4 HANA implementation

go to method of application »

Job Description
The main purpose of the job is to support the engagement Manager/Senior Manager in the delivery of services on delegated client engagement/ projects.

Focus on the delivery of client engagements and shares knowledge and experience with others

Able to produce high quality deliverables and support junior team members. 

Specialised Technical Capabilities:

Supports the Development and Implementation on of Cyber Risk Solutions:

  Demonstrates an understanding of designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure, manufacturing sectors, power and utilities, oil & gas, chemical, and/or consumer products manufacturing. Possess an understanding of ICS/OT fundamentals, including but not limited to:

•      Understanding OT related systems such as control systems (DCS) and supervisory control & data acquisition (SCADA) systems.
•      Understanding of Network and communication protocols common in ICS environments.
•      Understanding of ICS design considerations with emphasis on human and environmental safety, and the availability/reliability and security of the operational environment.
•      Understanding and Knowledge of leading IT and OT security practices.
•      Ability to apply relevant standards such as NIST 800-82 and IEC 63443
•      Preparation and maintenance of policies, procedures and standards governing the security operations for ICS systems and networks.
•      Demonstrates knowledge and/or proven record of success in security technologies such as firewalls, IDS/IPS, endpoint security solutions, access control systems, and other related security technologies within ICS Environment:
•      In depth understanding of operating systems, network/system architecture, and architecture design aligned to engineering design methodologies.
•      In depth understanding with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS).
•      Aptitude to apply and utilise security tools and solutions to conduct risk assessment and understanding of the threat landscape on OT systems.
•     Ability to learn new tools and techniques to automate manual effort and leverage digital solutions where possible.
•      Understanding of IT and OT network communication protocols (e.g. TCP/IP, UDP. DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.)
•      Understanding of Industrial Internet of Things (IIoT) and Cloud services and their security implications in ICS,
•      Understanding of OT and IT technology convergence and data interchange techniques, and their associated security techniques; and,
•      Understanding of threats, vulnerabilities, and exploits in OT/ICS environments and appropriate mitigation techniques.

Good technical capability and technical certifications would be advantageous

•   Certified Information Systems Security Professional (CISSP) [ISC2]
•   SABSA (Sherwood Applied Business Security Architecture)
•   GICSP (Global Industrial Cybersecurity professional)
•   Certified SCADA security Architect - CSSA
•   Ability to identify patterns, and analyse and improve processes (business analysis)
•   Software development and engineering including DevSecOps: fundamentals and experience
•   Project Management including Agile Project Management (SAFE Agile, etc.)

Behavioural Competencies:

•   Excellent communication skills, both written and verbal
•   Aptitude for learning new methods, techniques and tools
•   Be able to demonstrate learning agility to new and emerging cyber threat
•   Consistently delivers high quality work.
•   Ability to meet deadlines (reliable and dependable)
•   Able to Multi-task
•   Proven initiatives in providing guidance to junior members of the project team
•   Demonstrates readiness to take decisions
•   Displays initiatives and takes accountability for delivery of work
•   Assumes manager responsibility on delivery of assignments where required under pressurised circumstances
•   Able to work under pressure
•   Ability to prioritize competing responsibilities as per their urgency and importance, ability to multi-task on various client engagements

Qualifications
Minimum qualifications:

• Relevant Degree, Honours or post graduate diploma, professional qualifications e.g., BSc Engineering (Electrical, mechanical, industrial, computer, electronics), BCom, or B. Ing/Eng or MSc

Desired qualifications:

Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security - examples include:

•   CISM (Certified Information Security Manager)
•   CISSP (Certified Information Systems Security Professional)
•   ISMP (Information Security Management Principles)
•   CCSP (Certified Cloud Security Professional)
•   Certified Ethical Hacker – EC Council
•   ISO27001 Lead Auditor/Implementer Certificate
•   SABSA Chartered Security Architect
•   (TOGAF) The Open Group Architecture Framework
•   Cisco Unity Systems Engineer
•   ITIL – IT Infrastructure Library Foundation

Experience:

3+ years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required.

•   At least two years of those being exposed to industrial processes and or plant environment
•   Demonstrates thorough knowledge and/or proven record of success designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure and/or manufacturing sectors, such as power and utilities, oil & gas, chemical, and consumer products manufacturing.
•   Possess an understanding of ICS/OT fundamentals, including but not limited to:
•   Understanding of Distributed control systems (DCS) and supervisory control & data acquisition (SCADA), Manufacturing Execution Systems (MES) and related architectures and components.
•   Understanding of Network and communication protocols common in OT/ICS environments.
•   Familiarity with Safety Instrumented Systems (SIS)
•   Understanding of ICS design considerations with emphasis on human/environmental safety, availability/reliability and security of the operational environment.
•   Understanding and Knowledge of leading IT and OT security practices and IT/OT convergence principles and secure data exchange techniques; and,
•   Preparation and maintenance of policies, procedures and standards governing operations for ICS systems and networks.

  Experience with the one or more of the following:

•       ISA/IEC 62443
•       NIST Cyber Security Framework for Critical Infrastructures (CSF)
•       NIST SP-800-82 and SP-800-53
•       ISO/IEC 27001/2
•       ISA 95/ Purdue Functional Model for Operational Technology

go to method of application »

Job Description

Deloitte’s Risk Advisory practice is looking to engage with impactful, creative, and suitably experienced contractors for an exciting global opportunity! You will gain international exposure working with our clients and team of subject matter experts and gain invaluable experience as you build your skills and experience.

Please be aware that these opportunities are specifically designed to provide specialist solutions to global clients remotely. In some instances, there may be a need to travel however we will discuss these with all interested candidates where appropriate.

We are looking for specialists to fill the following available contracting positions:

·       IT Audit Consultants to Manager Contractors

·       IT Risk Consultants to Manager Contractors

Qualifications

Appropriate Bachelor’s Degree in the following fields:

·       Computer Science/ Information Technology or,

·       Mathematics/ Statistics or,

·       Internal Auditing or,

·       Engineering or,

·       Law or,

·       Commerce/Accounting/Cost/Auditing/Marketing/Economics

Preference in certifications,

·       CA(SA) or CIA or CISA or CISM or SAP or Oracle certifications

 

Experience:

IT Audit

-      Minimum of 5 years of experience

-      Recent Big4 experience (max. 2 years ago) and minimum of 3 yr experience

-      SOX/PCAOB experience is required, hence they should also complete the Deloitte IT Specialist training with Deloitte SA

-      Min 1 year experience auditing SAP or Oracle

-      Available (minimum of 6 months over the period of Sept till end of Jan). If not available, any other period upon mutual agreement

-      Being able to read Dutch

 

IT Risk

-      Minimum of 5 years of experience

-      Recent Big4 experience (max. 2 years ago) and minimum of 3 yr experience

-      Oracle experience - proven experience and management skills in ERP implementation, defining and implementing RACM OR

-      Proven experience and management skills in ERP implementation, defining and implementing RACM, remediation projects, interim CISO roles, etc.

-      Available (usually minimum of 6 months or if different to be mutually agreed upon)

go to method of application »

Job Description
The main purpose of the job is to support the Senior Manager/ Director in the delivery of services on delegated client engagement/ projects.

Focus on the management and delivery of client engagements, as well as sales and practice development.

Develop high-performing people and teams, leading and supporting them to make an impact that matters, and setting the direction to deliver exceptional client service. 

Specialised Technical Capabilities:

Plans and Manages Cyber Solutions:

•   Ability to guide teams through the design and implementation of cyber solutions in chosen Cyber sub-offering/s that reduce vulnerability, strengthen cyber security posture / controls and optimize organizational efficiency
•      Combines industry knowledge and domain experience to help client identify, assess, and manage Cyber risk
•      Oversees teams in design, implementation, transformation and resilience of identity and access management solutions.
•      Leverages an in-depth knowledge of market-specific products and solutions to enhance impact of recommended solutions
•      Proactively tailor’s implementation strategies to help ensure client’s environments are receptive to the impending change
•      Assess, Lead, define, design and implement end to-end modern on-premises and cloud based Cyber Solutions
•      Helps client define a holistic future state cyber posture to address gaps with relevant domain (sub-offering) standards and frameworks
•      Keeps in mind relevant frameworks, industry standards and the overall client’s business strategy when planning cyber assessments
•      Designs cyber solutions (e.g., ICS, Cloud Security, Strategy, vulnerability management, identity and access management) that strengthen controls on key assets, enable compliance, while increasing operational efficiency and reducing cost
•      Helps client adopt a long-term view of cyber risk management by advising on leading practices to align cyber risk with risk appetite, key industry issues, and strategic business priorities
•      Owns end-to-end delivery of cyber strategy programs across large accounts
•      Leverages a strong industry knowledge to advise clients on current and potential changes in regulations, cyber threats, and other key trends
•      Stays current on market trends and regulations, and anticipates risk / opportunities; advises client accordingly

Sales and Business Development:

  Ability to apply profitability management and sales fundamentals to support projects and pursuits

•      Understands the fundamentals of engagement profitability management and uses Deloitte sales tools, such as pricing and revenue management systems, on all engagements
•      Contributes to the development of Statements of Work (SOW), engagement budgeting, and pricing model development and develops budget, scope and staffing recommendations based on understanding of the client’s budget and project economics
•      Identifies opportunities to sell Deloitte services on current and proposed engagements where appropriate
•      Scans for business development / add-on sales opportunities; organizes these efforts under the direction of others

Technical competencies:

•   Proven winning business, staff development, exceptional delivery, business development, continuous improvement.
•   Bring deep technical (SME) and industry experience in selected Cyber sub offering (domain) to engage with clients and key stakeholders pragmatically.
•   Understands technical complexity at Network, Application, Database, Infrastructure and Cloud level.
•   Understand and interpret complex security-related business challenges and ability to respond by conceiving innovative information security/cyber solutions for clients.
•   Knowledge and appreciation of the wider Cyber Security issues and opportunities beyond the specific domain specialisation.
•   Able to scope Cyber engagements effectively and assign and manage an appropriate team to deliver against the engagement requirements.
•   Experience in the design, implementation, transformation and resilience of identity and access management solutions.
•   Experience and exposure to identity and access management solutions
•   Exposure to product solutions such as SailPoint, Savyint, CyberArk.
•   Exposure to resolution of issues with password management
•   Experience with remediation of orphan accounts and reconciliation, identity data consistency and synchronization monitoring: reconciliation, adoption
•   Experience with IAM system health and maintenance requirements
•   Experience with IAM support major incident management process and attend production call bridge for major incidents.
•   Experience with IAM product stabilization and enhancement
•   Experience with organizational change management with regard to identity and access management governance and adoption.
•   Solid understanding of compliance regulation POPIA and/or GDPR
•   Experience with Role Based Access Control
•   Experience and exposure to the following: Privileged Access Management (PAM), Privileged Identity Management (PIM), Privileged User Management (PUM)
•   Experience with major Cloud SP’s (Azure, AWS, Google) and Cloud integration
•   Access Identity Direct experience (MS AD, LDAP)
•   Experience with Role Based Access Governance
•   Experience with the following protocols: SAML (and similar), OpenID, OAUTH, FIDO, etc.
•   Experience with Cloud-based identity management solutions
•   Experience with ISO 27001 and/or other industry accepted security standards

Behavioural Competencies:

•   Excellent communication skills, both written and verbal
•   Effective engagement management
•   Able to deliver engagements on time and within budget
•   Proven ability to make decisions and the right judgement calls
•   Ability to provide leadership and guidance/coaching to junior member of the team
•   Ability to inspire and enthuse others to commitment and involvement taking accountability for larger engagements
•   Manages large engagement / multiple engagement deadlines holistically, identifying risks and escalating. 
•   Able to work under pressure
•   Ownership of deliverables driving team quality and risk management

Qualifications
Minimum qualifications:

• Relevant Degree, Honours or post graduate diploma, professional qualifications e.g. BSc, BCom, or B.Ing/Eng or MSc

Desired qualifications:

Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security - examples include:

•   CISM (Certified Information Security Manager)
•   CISA (Certified Information Systems Auditor)
•   ITIL
•   CISSP (Certified Information Systems Security Professional)
•   SailPoint, Savyint, CyberArk or similar product certifications or suitable hands-on experience is required.

Experience:

• 5 years in a client facing role; 3 of these in a management role
• 8- 10 years of progressive experience with role(s) in a professional, consulting services (including boutique security firm), public and/or private sector organisations is required.
• Experience in the design, implementation, transformation and resilience of identity and access management solutions