Cyber Assurance Assistant Manager | Tech Advisory

The Cyber Assurance Specialist (Assistant Manager) will play a key role within the IT Assurance  team supporting and executing a wide range of information security assurance audit and compliance activities. The role focuses on providing highquality assurance services across leading cyber frameworks and standards improving clients control environments identifying risks and contributing to transformation of their cybersecurity will work alongside multidisciplinary teams to deliver assessments audits and strategic cyber assurance reviews across various industries while contributing to practice development and maintaining strong client relationships.

Key Responsibilities:

Cyber Assurance & Audit Delivery

• Conduct and lead NIST CSF/NIST 800-series assurance reviews including maturity assessments gap analyses and control testing.
• Perform ISO 27001/ISO 27002 audits including compliance assessments control testing SoA reviews readiness assessments and surveillancetype engagements.
• Execute ISO 22301 (Business Continuity Management) audits including evaluation of BCMS design testing processes recovery capabilities and alignment to organisational resilience requirements.
• Conduct Disaster Recovery (DR) test audits assessing recovery strategies procedures evidence and alignment to organisational DR expectations.
• Support or lead Cyber Strategy Assurance engagements evaluating maturity governance structures roadmaps KPIs and target-state transformations.
• Perform assessments over additional leading frameworks such as COBIT PCI DSS cloud security standards or internal control frameworks where required.
• Analyse complex cybersecurity environments and provide practical and actionable recommendations to clients.
• Prepare audit working papers ensure documentation meets quality standards and support closure of findings.

Risk Identification Review & Mitigation

• Identify assess and prioritise cyber risks exposures and control gaps and develop tailored mitigation strategies.
• Support clients in the design improvement and validation of cyber policies standards and procedures.
• Apply knowledge of operating systems network security cloud environments and cybersecurity technologies to validate control effectiveness.

Stakeholder Engagement & Delivery Excellence

• Support engagement managers in the delivery of client engagements ensuring work is performed against project plans.
• Produce highquality deliverables including reports audit findings dashboards and management presentations.
• Facilitate client workshops walkthroughs and control interviews.
• Build strong relationships with clients and internal stakeholders helping grow the firms cyber assurance footprint.

Practice Development & Collaboration

• Collaborate with interdisciplinary teams (Strategy GRC Technical Security) to provide integrated client solutions.
• Keep up to date with emerging cyber technologies regulatory updates assurance techniques and industry trends.
• Contribute to internal initiatives including methodology development knowledge sharing and innovation of assurance approaches.

Qualifications :

Minimum Requirements

• Bachelors degree in Computer Science Information Systems Engineering or a related discipline.
• 46 years of experience in Cyber Assurance Cyber Audit IT Audit or Governance/Risk/Compliance roles.
• Practical experience conducting assurance against NIST ISO 27001/2 ISO 22301 and other cybersecurity frameworks.
• Experience reviewing or testing IT and cyber controls including design and operating effectiveness assessments.
• Working knowledge of networking concepts operating systems (Windows Linux/Unix) cloud platforms and common security technologies.
• Proficiency using Microsoft Office tools (Word Excel PowerPoint).

Preferred Experience

• Experience in Cyber Strategy security governance cyber maturity assessments or large-scale cyber transformation programmes.
• Exposure to cloud security assurance (AWS Azure GCP).
• Familiarity with disaster recovery testing business continuity practices and resilience frameworks.
• Experience in consulting or professional services environments.

Certifications (Advantageous)

• ISO 27001 Lead Auditor / Lead Implementer
• CISM CISSP CRISC CISA
• Security CCSP or equivalent industry certifications
• Cloud certifications (AWS Azure GCP)
• ITIL Foundation

Skills & Competencies

Technical Skills

• Strong understanding of cyber governance risk and control frameworks.
• Ability to interpret and test controls in areas such as network security identity & access management cloud application security and endpoint security.
• Strong report writing and analytical skills.
• Ability to research interpret and apply cybersecurity standards and emerging trends.

Additional Information :

Note: The list of tasks / duties and responsibilities contained in this document is not necessarily exhaustive.  Deloitte may ask the employee to carry out additional duties or responsibilities which may fall reasonably within the ambit of the role profile depending on operational requirements.

Be careful of Recruitment Scams: Fraudsters or employment scammers often pose as legitimate recruiters employers recruitment consultants or job placement firms advertising false job opportunities through email text messages and WhatsApp messages. They aim to cheat jobseekers out of money or to steal personal information.

To help you look out for potential recruitment scams here are some Red Flags:

• Upfront Payment Requests: Deloitte will never ask for any upfront payment for background checks job training or supplies.
• Requests for Personal Information: Be wary if you are asked for sensitive personal information especially early in the recruitment process and without a clear need for it. Fraudulent links or contractual documents may require the provision of sensitive personal data or copy documents (e.g. government issued numbers or identity documents passports or passport numbers bank account statements or numbers parents data) that may be used for identity fraud. Do not provide or send any of these documents or data. Please note we will never ask for photographs at any stage of the recruitment process.
• Unprofessional Communication: Scammers may communicate in an unprofessional manner. Their messages may be filled with poor grammar and spelling errors. The look and feel may not be consistent with the Deloitte corporate brand.

If youre unsure make direct contact with Deloitte using our official contact details. Be careful not to use any contact details provided in the suspicious job advertisement or email.

At Deloitte we want everyone to feel they can be themselves and to thrive at workin every country in everything we do every day. We aim to create a workplace where everyone is treated fairly and with respect including reasonable accommodation for persons with disabilities.

We are committed to employment equity and building a diverse and inclusive workplace across the African continent. Our recruitment processes are aligned with our Employment Equity Plan and the principles of the Employment Equity Act. Preference may be given to candidates from designated groups.

We actively support the inclusion of people with disabilities and embrace neurodiversity in the workplace. We recognise and value the unique strengths that neurodivergent individuals bring and we are committed to creating an environment where everyone can thrive.

If you require reasonable accommodations in relation to your disability and neurodiverse needs during the recruitment process please let us know. We are happy to make adjustments to suit your individual needs.

Remote Work :

No

Employment Type :

Full-time