Cyber Assurance Assistant Manager | Tech Advisory

The Cyber Assurance Specialist (Assistant Manager) will play a key role within the IT Assurance  team, supporting and executing a wide range of information security assurance, audit, and compliance activities. The role focuses on providing high‑quality assurance services across leading cyber frameworks and standards, improving clients’ control environments, identifying risks, and contributing to transformation of their cybersecurity posture.You will work alongside multidisciplinary teams to deliver assessments, audits, and strategic cyber assurance reviews across various industries, while contributing to practice development and maintaining strong client relationships.

Key Responsibilities:

Cyber Assurance & Audit Delivery

• Conduct and lead NIST CSF/NIST 800-series assurance reviews, including maturity assessments, gap analyses, and control testing.
• Perform ISO 27001/ISO 27002 audits, including compliance assessments, control testing, SoA reviews, readiness assessments, and surveillance‑type engagements.
• Execute ISO 22301 (Business Continuity Management) audits, including evaluation of BCMS design, testing processes, recovery capabilities, and alignment to organisational resilience requirements.
• Conduct Disaster Recovery (DR) test audits, assessing recovery strategies, procedures, evidence, and alignment to organisational DR expectations.
• Support or lead Cyber Strategy Assurance engagements, evaluating maturity, governance structures, roadmaps, KPIs, and target-state transformations.
• Perform assessments over additional leading frameworks such as COBIT, PCI DSS, cloud security standards, or internal control frameworks where required.
• Analyse complex cybersecurity environments and provide practical and actionable recommendations to clients.
• Prepare audit working papers, ensure documentation meets quality standards, and support closure of findings.

Risk Identification, Review & Mitigation

• Identify, assess, and prioritise cyber risks, exposures, and control gaps, and develop tailored mitigation strategies.
• Support clients in the design, improvement, and validation of cyber policies, standards, and procedures.
• Apply knowledge of operating systems, network security, cloud environments, and cybersecurity technologies to validate control effectiveness.

Stakeholder Engagement & Delivery Excellence

• Support engagement managers in the delivery of client engagements, ensuring work is performed against project plans.
• Produce high‑quality deliverables, including reports, audit findings, dashboards, and management presentations.
• Facilitate client workshops, walkthroughs, and control interviews.
• Build strong relationships with clients and internal stakeholders, helping grow the firm's cyber assurance footprint.

Practice Development & Collaboration

• Collaborate with interdisciplinary teams (Strategy, GRC, Technical Security) to provide integrated client solutions.
• Keep up to date with emerging cyber technologies, regulatory updates, assurance techniques, and industry trends.
• Contribute to internal initiatives, including methodology development, knowledge sharing, and innovation of assurance approaches.

 

Minimum Requirements

• Bachelor’s degree in Computer Science, Information Systems, Engineering, or a related discipline.
• 4–6 years of experience in Cyber Assurance, Cyber Audit, IT Audit, or Governance/Risk/Compliance roles.
• Practical experience conducting assurance against NIST, ISO 27001/2, ISO 22301, and other cybersecurity frameworks.
• Experience reviewing or testing IT and cyber controls, including design and operating effectiveness assessments.
• Working knowledge of networking concepts, operating systems (Windows, Linux/Unix), cloud platforms, and common security technologies.
• Proficiency using Microsoft Office tools (Word, Excel, PowerPoint).

Preferred Experience

• Experience in Cyber Strategy, security governance, cyber maturity assessments, or large-scale cyber transformation programmes.
• Exposure to cloud security assurance (AWS, Azure, GCP).
• Familiarity with disaster recovery testing, business continuity practices, and resilience frameworks.
• Experience in consulting or professional services environments.

Certifications (Advantageous)

• ISO 27001 Lead Auditor / Lead Implementer
• CISM, CISSP, CRISC, CISA
• Security+, CCSP, or equivalent industry certifications
• Cloud certifications (AWS, Azure, GCP)
• ITIL Foundation

Skills & Competencies

Technical Skills

• Strong understanding of cyber governance, risk, and control frameworks.
• Ability to interpret and test controls in areas such as network security, identity & access management, cloud, application security, and endpoint security.
• Strong report writing and analytical skills.
• Ability to research, interpret, and apply cybersecurity standards and emerging trends.

Note: The list of tasks / duties and responsibilities contained in this document is not necessarily exhaustive.  Deloitte may ask the employee to carry out additional duties or responsibilities, which may fall reasonably within the ambit of the role profile, depending on operational requirements.

Be careful of Recruitment Scams: Fraudsters or employment scammers often pose as legitimate recruiters, employers, recruitment consultants or job placement firms, advertising false job opportunities through email, text messages and WhatsApp messages. They aim to cheat jobseekers out of money or to steal personal information.

 

To help you look out for potential recruitment scams, here are some Red Flags:

• Upfront Payment Requests: Deloitte will never ask for any upfront payment for background checks, job training, or supplies.
• Requests for Personal Information: Be wary if you are asked for sensitive personal information, especially early in the recruitment process and without a clear need for it. Fraudulent links or contractual documents may require the provision of sensitive personal data or copy documents (e.g., government issued numbers or identity documents, passports or passport numbers, bank account statements or numbers, parent’s data) that may be used for identity fraud. Do not provide or send any of these documents or data. Please note we will never ask for photographs at any stage of the recruitment process.
• Unprofessional Communication: Scammers may communicate in an unprofessional manner. Their messages may be filled with poor grammar and spelling errors. The look and feel may not be consistent with the Deloitte corporate brand.

 

If you're unsure, make direct contact with Deloitte using our official contact details. Be careful not to use any contact details provided in the suspicious job advertisement or email.

At Deloitte, we want everyone to feel they can be themselves and to thrive at work—in every country, in everything we do, every day. We aim to create a workplace where everyone is treated fairly and with respect, including reasonable accommodation for persons with disabilities.

We are committed to employment equity and building a diverse and inclusive workplace across the African continent. Our recruitment processes are aligned with our Employment Equity Plan and the principles of the Employment Equity Act. Preference may be given to candidates from designated groups.

We actively support the inclusion of people with disabilities and embrace neurodiversity in the workplace. We recognise and value the unique strengths that neurodivergent individuals bring, and we are committed to creating an environment where everyone can thrive.

If you require reasonable accommodations in relation to your disability and neurodiverse needs during the recruitment process, please let us know. We are happy to make adjustments to suit your individual needs.