Application Security

Company Description
At Deloitte, our Purpose is to make an impact that matters for our clients, our people, and society. This is the lens for which our global strategy is set. It unites Deloitte professionals across geographies, businesses, and skills. It makes us better at what we do and how we do it. It enables us to deliver on our promises to stakeholders, while creating the lasting impact we seek.

Harnessing the talent of 450,000+ people located across more than 150 countries and territories, our size and scale puts us in a unique position to help change the world for the better—by bringing together the services we provide, the societal investments we make, and the collaborations we advance through our ecosystems.

Deloitte offers career opportunities across Audit & Assurance (A&A), Tax & Legal (T&L) and our Consulting services business, which is made up of Strategy, Risk & Transactions Advisory (SR&T) andTechnology & Transformation (T&T).

Are you ready to apply your knowledge and background to exciting new challenges? From learning to leadership, this is your chance to take your career to the next level.

Job Description
Want to help us create a secure cyber environment?
Who We Are
Cyber is home to our team of Cybersecurity specialists, an environment created with an innovation culture, made up of more than 1,700 professionals that help organisations to make intelligent decisions, in order to prevent and manage business and operational risks, along with those existing in technological, financial, and non-financial processes.

What We Are Looking For
7+ years of progressive experience with role(s) in a professional, consulting services (including Boutique Security Firm), public and/or private sector organizations is required. Working experience within the Application Security Offering or professional services environment. Demonstrate strong understanding and experience in delivery of Application Security engagements across key industries.

• Experience in areas of SAP Process Control, SAP Risk Management, SAP Audit Management and SAP Fraud Management will be preferred.
• Experience in Ruleset Customization, Remediation and Mitigation of Risks.
• Understanding of different authorization tables, troubleshooting authorization issues, user access management.
• Minimum 3-4 end to end implementations / Upgrades of SAP GRC.
• Experience in gathering business requirements, performing risk analysis and implementation of SAP Security Design.
• Excellent in written and verbal communication skills.
• Experience with SAP S/4 HANA on-premise and, S/4 HANA Cloud implementation.

Qualifications
Job Requirements
Specialised Technical Capabilities

• Ability to develop and execute strategies, architectures, and roadmaps to provide client with value-adding and cost-effective Application Security solutions.
• Ability to analyse the client's Application Security landscape to enable targeted and data-driven enhancements.
• Ability to design and implement SAP security solution based on client Application Security requirements.
• Ability to design and implement non-SAP security (i.e., Oracle, ServiceNow) solution based on client Application Security requirements.
• Ability to gather SAP Client requirements and convert them into value-adding Application Security solutions.
• Ability to specifically design and implement SAP Authorisations and SAP GRC solutions, for on premise and cloud platforms.
• Applies multiple security testing methodologies and techniques to assess client's Application Security landscape and identify / evaluate vulnerabilities
• Assesses Application Security policies and procedures to analyse compliance with regulatory requirements and evaluate overall operational efficiency and provides clients with mitigating solutions
• Proficient with multiple domain-specific Application Security technology solutions and ability to effectively integrate them to meet and exceed client's needs.
• Enables sustainability and continuous improvement of Application Security solutions by assessing and enhancing client's Cyber security governance infrastructures.
• Understands and applies cyber threat intelligence and profiling to the design and assessment of client application systems.
• Tests the effectiveness of client's Application Security control to identify vulnerabilities and articulate opportunities for improvement across the digital, physical, and social elements of the client.
• Conducts complex business process assessments to help clients identify, analyse, and prioritize gaps and risks; applies findings to make recommended upgrades aligned to the overall strategy
• Develops effective and sustainable technology and Cyber risk management strategies by tailoring leading Cyber frameworks on key clients' business and technology needs
• Understands the interaction of business and technology processes / risks and can explain it in business terms to both technical and non-technical audiences

Technical Competencies

• Bring technical and industry experience in Cyber Application Security sub offering (domain) to engage with clients and key stakeholders pragmatically.
• Understands technical complexity at Network, Application, Database, Infrastructure and Cloud level.
• Knowledge and appreciation of the wider Cyber Security issues and opportunities beyond the specific domain specialisation.
• Able to scope Cyber engagements effectively and assign and manage an appropriate team to deliver against the engagement requirements.
• Experience in areas of Risk Management, Audit Management and Fraud Management will be preferred.
• Experience in areas of SAP GRC Process Control and SAP GRC Access Control will be preferred.
• Experience in Ruleset Customization, Remediation and Mitigation of Risks.
• Understanding of different authorization tables, troubleshooting authorization issues, user access management.
• Minimum two to three End to End implementations / Upgrades of SAP GRC.
• Fair amount of business process understanding in SAP business process areas.
• Experience in gathering business requirements, performing risk analysis and implementation of SAP Security Design.
• Strong User role and authorizations design.
• Strong S4/HANA authorisations implementation capability
• Good understanding of SAP S4 Hana Implementation Cycle, in order to embed GRC scope / solutions.
• Ability to give viewpoints on Sizing / Cloud Hosting / Integration with other applications.
• On premises and in Cloud deployment experience.
• Ownership of deliverables driving team quality and risk management.

Minimum Qualifications

• Relevant Degree, Honours or post graduate diploma, professional qualifications e.g. B.Sc, BCom, or B.Ing/Eng or M.Sc. Or one or more major industry / cyber certifications, diplomas, professional certifications (SAP).

Desired Qualifications

• Bachelor's degree/postgraduate degree (Engineering/Computer Science/IT), relevant Cyber specific certifications are advantageous. Examples include:
• SAP Security Industry Certification
• SAP GRC Business Objects Certification
• CISM (Certified Information Security Manager)
• ITIL – IT Infrastructure Library Foundation

Additional Information
Note: The list of tasks / duties and responsibilities contained in this document is not necessarily exhaustive. Deloitte may ask the employee to carry out additional duties or responsibilities, which may fall reasonably within the ambit of the role profile, depending on operational requirements.
Be careful of Recruitment Scams:
Fraudsters or employment scammers often pose as legitimate recruiters, employers, recruitment consultants or job placement firms, advertising false job opportunities through email, text messages and WhatsApp messages. They aim to cheat jobseekers out of money or to steal personal information.

To help you look out for potential recruitment scams, here are some Red Flags:

• Upfront Payment Requests:Deloitte will never ask for any upfront payment for background checks, job training, or supplies.
• Requests for Personal Information:Be wary if you are asked for sensitive personal information, especially early in the recruitment process and without a clear need for it. Fraudulent links or contractual documents may require the provision of sensitive personal data or copy documents (e.g., government issued numbers or identity documents, passports or passport numbers, bank account statements or numbers, parent's data) that may be used for identity fraud. Do not provide or send any of these documents or data. Please note we will never ask for photographs at any stage of the recruitment process.
• Unprofessional Communication:Scammers may communicate in an unprofessional manner. Their messages may be filled with poor grammar and spelling errors. The look and feel may not be consistent with the Deloitte corporate brand.

If you're unsure, make direct contact with Deloitte using our official contact details. Be careful not to use any contact details provided in the suspicious job advertisement or email.

At Deloitte, we want everyone to feel they can be themselves and to thrive at work—in every country, in everything we do, every day.We aim to create a workplace where everyone is treated fairly and with respect, including reasonable accommodation for persons with disabilities.

We are committed to employment equity and building a diverse and inclusive workplace across the African continent. Our recruitment processes are aligned with our Employment Equity Plan and the principles of the Employment Equity Act. Preference may be given to candidates from designated groups.

We actively support the inclusion of people with disabilities and embrace neurodiversity in the workplace. We recognise and value the unique strengths that neurodivergent individuals bring, and we are committed to creating an environment where everyone can thrive.

If you require reasonable accommodations in relation to your disability and neurodiverse needs during the recruitment process, please let us know. We are happy to make adjustments to suit your individual needs.