Cybersecurity Consultant

My client is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories serves four out of five Fortune Global 500® companies.

**About the Division**

The value that the Risk Advisory creates for organisations is synonymous with operational excellence. My clients Risk Advisory practice advises organisations on how to effectively mitigate risk and make informed and intelligent risk decisions around business processes, technology and operations. Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration, and high performance. As the undisputed leader in professional services, this company is where you’ll find unrivalled opportunities to succeed and realise your full potential.

**The main purpose of the job is**:

- Support the engagement Manager/Senior Manager in the delivery of services on delegated client engagement/ projects.
- Focus on the delivery of client engagements and shares knowledge and experience with others
- Produce high quality deliverables and support junior team members.

**Specialised Technical Capabilities**:

- Development and Implementation of Cyber Risk Solutions
- Demonstrates thorough knowledge or proven record of success designing and implementing security solutions for industrial control Systems (ICS) in critical infrastructure, manufacturing sectors, power and utilities, oil & gas, chemical, and/or consumer products manufacturing. Possess an understanding of ICS/OT fundamentals, including but not limited to:

- Understanding OT related systems such as control systems (DCS), supervisory control & data acquisition (SCADA) systems.
- Understanding of Network and communication protocols common in ICS environments.
- Understanding of ICS design considerations with emphasis on human and environmental safety, and the availability/reliability and security of the operational environment.
- Understanding and Knowledge of leading IT and OT security practices.
- Preparation and maintenance of policies, procedures and standards governing the security operations for ICS systems and networks.
- Demonstrates knowledge and/or proven record of success in security technologies such as firewalls, IDS/IPS, endpoint security solutions, access control systems, and other related security technologies within ICS Environment:

- In depth understanding of operating systems, network/system architecture, and architecture design aligned to engineering design methodologies.
- In depth understanding with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS).
- Ability to learn new tools and techniques to automate manual effort and leverage digital solutions where possible.
- Understanding of IT and OT network communication protocols (e.g. TCP/IP, UDP. DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.)
- Understanding of Industrial Internet of Things (IIoT) and Cloud services and their security implications in ICS,
- Understanding of OT and IT technology convergence and data interchange techniques, and their associated security techniques; and,
- Understanding of threats, vulnerabilities, and exploits in OT/ICS environments and appropriate mitigation techniques.

**Technical certifications would be advantageous**:

- Certified Information Systems Security Professional (CISSP) [ISC2]
- SABSA (Sherwood Applied Business Security Architecture)
- GICSP (Global Industrial Cybersecurity professional)
- Ability to identify patterns, and analyse and improve processes (business analysis)
- Software development and engineering including DevSecOps: fundamentals and experience
- Project Management including Agile Project Management (SAFE Agile, etc.)

**Successful applicant should have the following characteristics**:

- Excellent communication skills, both written and verbal
- Aptitude for learning new methods, techniques and tools
- Be able to demonstrate learning agility to new and emerging cyber threat
- Ability to meet deadlines & consistently produce high quality work
- Proven initiatives in providing guidance to junior team members
- Decision maker
- Takes accountability
- Can take on manager responsibility where required under pressurised circumstances
- Remain calm under pressure
- Able to prioritise and delegate
- Multi-tasking

**Minimum qualifications**:
Relevant Degree, honours or post graduate diploma, professional qualifications e.g., BSc Engineering (Electrical, mechanical, industrial, computer, electronics), BCom, or B. Ing/Eng or MSc

**Desired qualifications**:

- CISM (Certified Information Security Manager)
- Certified Ethical Hacker - EC Council
- ISO27001 Lead Auditor/Implementer Certificate
- Cisco Unity Systems Engineer
- At least two years of those being expos