Risk Advisory – Cyber Risk- Emerging Technology – Assistant Manager

The main purpose of the job is to support the engagement Manager/Senior Manager in the delivery of services on delegated client engagement/ projects.

Focus on the delivery of client engagements and shares knowledge and experience with others

Able to produce high quality deliverables and support junior team members.

Specialised Technical Capabilities:

• Supports the Development and Implementation on of Cyber Risk Solutions:
• Possess an understanding of ICS/OT fundamentals, including but not limited to:
• Understanding OT related systems such as; control systems (DCS) and supervisory control & data acquisition (SCADA) systems.
• Understanding of communication protocols common in ICS environments.
• Understanding of Purdue levels
• Understanding of human and environmental safety, and the availability/reliability and security of the operational environment.
• Understanding and Knowledge of leading IT and OT security practices.
• Ability to Familiarity apply relevant standards such as NIST 800-82 and IEC 63443
• Preparation and maintenance of policies, procedures and standards governing the security operations for ICS systems and networks.
• Understanding of operating systems, network/system architecture, and architecture design aligned to engineering design methodologies.
• Aptitude to apply and utitilise security tools and solutions to conduct risk assessment and understanding of the threat landscape on OT systems.
• Ability to learn new tools and techniques to automate manual effort and leverage digital solutions where possible.
• General understanding of Industrial Internet of Things (IIoT) and Cloud services and their security implications in ICS,
• Understanding of OT and IT technology convergence and data interchange techniques, and their associated security techniques; and,
• Understanding of threats to OT/ICS environments and appropriate mitigation techniques.
• Good technical capability and technical certifications would be advantageous
• Certified Information Systems Security Professional (CISSP) [ISC2]
• SABSA (Sherwood Applied Business Security Architecture)
• GICSP (Global Industrial Cybersecurity professional)
• Certified SCADA security Architect – CSSA
• Ability to identify patterns, and analyse and improve processes (business analysis)
• Software development and engineering including DevSecOps: fundamentals and experience
• Project Management including Agile Project Management (SAFE Agile, etc.)

Behavioural Competencies:

• Excellent communication skills, both written and verbal
• Aptitude for learning new methods, techniques and tools
• Be able to demonstrate learning agility to new and emerging cyber threat
• Consistently delivers high quality work.
• Ability to meet deadlines (reliable and dependable)
• Able to Multi-task
• Proven initiatives in providing guidance to junior members of the project team
• Demonstrates readiness to take decisions
• Displays initiatives and takes accountability for delivery of work
• Assumes manager responsibility on delivery of assignments where required under pressurised circumstances
• Able to work under pressure
• Ability to prioritize competing responsibilities as per their urgency and importance, ability to multi-task on various client engagements

Qualifications

Minimum qualifications:

• Relevant Degree, Honours or post graduate diploma, professional qualifications e.g., BSc Engineering (Electrical, mechanical, industrial, computer, electronics), BCom, or B. Ing/Eng or MSc

Desired qualifications:

Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security – examples include:

• CISM (Certified Information Security Manager)
• CISSP (Certified Information Systems Security Professional)
• ISMP (Information Security Management Principles)
• CCSP (Certified Cloud Security Professional)
• Certified Ethical Hacker – EC Council
• ISO27001 Lead Auditor/Implementer Certificate
• SABSA Chartered Security Architect
• (TOGAF) The Open Group Architecture Framework
• Cisco Unity Systems Engineer
• ITIL – IT Infrastructure Library Foundation

Experience:

• 3+ years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required.
• At least two years of those being exposed to industrial processes and or plant environment
• Demonstrates thorough knowledge and/or proven record of success designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure and/or manufacturing sectors, such as power and utilities, oil & gas, chemical, and consumer products manufacturing.

Possess an understanding of ICS/OT fundamentals, including but not limited to:

• Understanding of Distributed control systems (DCS) and supervisory control & data acquisition (SCADA),
• Manufacturing Execution Systems (MES) and related architectures and components.
• Understanding of Network and communication protocols common in OT/ICS environments.
• Familiarity with Safety Instrumented Systems (SIS)
• Understanding of ICS design considerations with emphasis on human/environmental safety, availability/reliability and security of the operational environment.
• Understanding and Knowledge of leading IT and OT security practices and IT/OT convergence principles and secure data exchange techniques; and,
• Preparation and maintenance of policies, procedures and standards governing operations for ICS systems and networks.

Other Opportunities You Might Like:

• Administration Manager
• Accounts Payable Administrator
• Admin Supervisor