Accenture’s Tamarisk Scholtz discusses her position as governance risk and compliance security manager and what got her interested in cybersecurity.
Tamarisk Scholtz is a governance risk and compliance (GRC) security manager at Accenture. Scholtz has a range of qualifications, including a BSc in computer science and a Master’s in business administration from the University of the Witwatersrand in South Africa. Scholtz is also an active member of the GTA Black Women in Tech Ireland and Tech and Inclusion Advocates Ireland networks, which aim to increase the inclusion and visibility of women in technology.
Her current role involves ensuring that clients achieve their audit and governance requirements, such as meeting ISO 27001/2 standards and performing cloud and third-party risk assessments.
Scholtz first gained an interest in cybersecurity while working as part of a team providing enterprise identity and access management (IAM) solutions internally.
After spending 10 years specialising in IAM, she slowly moved into governance and auditing. “Cybersecurity was becoming popular due to rising security risks, so I decided that I wanted to expand my knowledge into other areas of cybersecurity.”
She then became involved with a project to support the security team to assess the organisation’s cybersecurity baseline controls and identify gaps.
“I found this to be my new interest where I can focus on governance risk and compliance but in a wider scope of other security areas, rather than just IAM.”
‘There are a lot of domains, types of roles and specialisation areas within cybersecurity. The most important thing is to find the area and role that most interests you’
What brought you to your current job?
I was looking at opportunities for growth within GRC in security, but also for international opportunities as I wanted to gain more experience working abroad. I saw this post at Accenture in Ireland and I thought it sounded perfect for me. I applied, was successful and packed up my life in South Africa to move to Dublin for my current role.
What were the biggest surprises or challenges you encountered on your career path in cybersecurity and how did you deal with them?
Thankfully I didn’t experience many surprises or challenges. The main difference was switching from an industry-specific internal role to a consulting-based role. I was new to a consulting role, and I had to understand expectations of a consulting environment with the client and within Accenture.
Was there any one person who was particularly influential as your career developed?
The head of cybersecurity at Vodacom SA, Darshan Lakha, and his entire cybersecurity team were very supportive and taught me a lot about governance in security. Also, I have been fortunate to have been supported by great leadership in the teams I worked with, under the head of enterprise IT, Nesan Naidoo at Vodacom SA and previous IAM managers Arthur Benting and Bashir Nagdee.
What do you enjoy most about your job?
I like that my role is not too operational, where I could have my evenings or weekends disturbed by unexpected incidents or application issues that need escalation or immediate attention. There’s usually clear deadlines and planning of activities expected throughout the year.
What aspects of your personality do you feel make you suited to cybersecurity?
There are many roles in cybersecurity for all different types of personalities, it’s about finding one that suits you. In my current role, I like that I have the flexibility for remote/hybrid working.
What can people expect from career progression in the cybersecurity industry?
There’s a big demand now for different cybersecurity roles, which makes it a good area to get into. Career progression can differ for everyone depending on the organisation you work for, how they recognise talent and support career progression.
What advice would you give to those considering a career in cybersecurity, or just starting out in one?
There are a lot of domains, types of roles and specialisation areas within cybersecurity. The most important thing is to find the area and role that most interests you. It would be worthwhile to consider obtaining cybersecurity certifications after some time, the CISSP (Certified Information Systems Security Professional) is one of the most popular and is both technical and managerial-focused. The CISM (Certified Information Security Management) is also a good qualification to have but is more managerial and governance focused.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.
