CyberSecurity Consultant (Mid-level Manager - Emerging Technology / Risk Advisory)

SA - Midrand Information Security

16 Nov 2021

SA - Midrand

Information Security

Information Technology

Full Time

1

3 - 30 years

600000 - 750000 ZAR

My client is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories serves four out of five Fortune Global 500® companies.

About the Division

The value that the Risk Advisory creates for organisations is synonymous with operational excellence. My clients Risk Advisory practice advises organisations on how to effectively mitigate risk and make informed and intelligent risk decisions around business processes, technology and operations. Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration, and high performance. As the undisputed leader in professional services, this company is where you’ll find unrivalled opportunities to succeed and realise your full potential.

The main purpose of the job is:

  • Support the engagement Manager/Senior Manager in the delivery of services on delegated client engagement/ projects.
  • Focus on the delivery of client engagements and shares knowledge and experience with others
  • Produce high quality deliverables and support junior team members.

Specialised Technical Capabilities:

  • Development and Implementation of Cyber Risk Solutions
  • Demonstrates thorough knowledge or proven record of success designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure, manufacturing sectors, power and utilities, oil & gas, chemical, and/or consumer products manufacturing. Possess an understanding of ICS/OT fundamentals, including but not limited to:
  • Understanding OT related systems such as control systems (DCS), supervisory control & data acquisition (SCADA) systems.
  • Understanding of Network and communication protocols common in ICS environments.
  • Understanding of ICS design considerations with emphasis on human and environmental safety, and the availability/reliability and security of the operational environment.
  • Understanding and Knowledge of leading IT and OT security practices.
  • Ability to apply relevant standards such as NIST 800-82 and IEC 63443
  • Preparation and maintenance of policies, procedures and standards governing the security operations for ICS systems and networks.
  • Demonstrates knowledge and/or proven record of success in security technologies such as firewalls, IDS/IPS, endpoint security solutions, access control systems, and other related security technologies within ICS Environment:
  • In depth understanding of operating systems, network/system architecture, and architecture design aligned to engineering design methodologies.
  • In depth understanding with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS).
  • Aptitude to apply and utilise security tools and solutions to conduct risk assessment and understanding of the threat landscape on OT systems.
  • Ability to learn new tools and techniques to automate manual effort and leverage digital solutions where possible.
  • Understanding of IT and OT network communication protocols (e.g. TCP/IP, UDP. DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.)
  • Understanding of Industrial Internet of Things (IIoT) and Cloud services and their security implications in ICS,
  • Understanding of OT and IT technology convergence and data interchange techniques, and their associated security techniques; and,
  • Understanding of threats, vulnerabilities, and exploits in OT/ICS environments and appropriate mitigation techniques.

Technical certifications would be advantageous:

  • Certified Information Systems Security Professional (CISSP) [ISC2]
  • SABSA (Sherwood Applied Business Security Architecture)
  • GICSP (Global Industrial Cybersecurity professional)
  • Ability to identify patterns, and analyse and improve processes (business analysis)
  • Software development and engineering including DevSecOps: fundamentals and experience
  • Project Management including Agile Project Management (SAFE Agile, etc.)

Successful applicant should have the following characteristics:

  • Excellent communication skills, both written and verbal
  • Aptitude for learning new methods, techniques and tools
  • Be able to demonstrate learning agility to new and emerging cyber threat
  • Ability to meet deadlines & consistently produce high quality work
  • Proven initiatives in providing guidance to junior team members
  • Decision maker
  • Takes accountability
  • Can take on manager responsibility where required under pressurised circumstances
  • Remain calm under pressure
  • Able to prioritise and delegate
  •  Multi-tasking

Minimum qualifications:

Relevant Degree, honours or post graduate diploma, professional qualifications e.g., BSc Engineering (Electrical, mechanical, industrial, computer, electronics), BCom, or B. Ing/Eng or MSc

Desired qualifications:

  • CISM (Certified Information Security Manager)
  • Certified Ethical Hacker – EC Council
  • ISO27001 Lead Auditor/Implementer Certificate
  • Cisco Unity Systems Engineer
  • At least two years of those being exposed to industrial processes and or plant environment
  • ISA/IEC 62443
  • NIST Cyber Security Framework for Critical Infrastructures (CSF)
  • NIST SP-800-82 and SP-800-53
  • ISO/IEC 27001/2
  • ISA 95/ Purdue Functional Model for Operational Technology
  • Certified SCADA security Architect - CSSA

Experience:

3+ years of progressive experience in a professional, consulting services (including Boutique Security Firm), public and/or private sector organisations is required.

  • CISSP (Certified Information Systems Security Professional)
  • ISMP (Information Security Management Principles)
  • CCSP (Certified Cloud Security Professional)
  • SABSA Chartered Security Architect
  • (TOGAF) The Open Group Architecture Framework
  • ITIL – IT Infrastructure Library Foundation