Manager - Cyber GRC - Technology Consulting

As part of our Cyber Technology Consulting team, you will handle leading and managing Cyber Governance, Risk, and Compliance (GRC) engagements for clients across the MENA region. You will collaborate closely with stakeholders to assess, develop, and enhance cybersecurity governance frameworks, risk management practices, and compliance programs in line with global standards and regulatory requirements. The client base spans diverse sectors and includes collaboration with other teams across Advisory services.

Key Responsibilities:

• Lead and deliver end-to-end cyber GRC engagements, including policy and framework development, control assessments, regulatory compliance, and cyber risk assessments.
• Design and implement cybersecurity governance models, risk management processes, and third-party risk programs aligned with leading standards (e.g., ISO 27001, NIST CSF, COBIT, CSA).
• Assess client readiness for local and global regulations such as NCA ECC, SAMA, UAE IA, GDPR, and sector-specific guidelines.
• Manage enterprise cyber risk assessments, maturity assessments, and business impact analyses (BIAs).
• Advise on the implementation and enhancement of GRC tools and technologies (e.g., eGRC platforms).
• Support business development by identifying client needs, preparing proposals, and managing relationships.
• Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice.
• Develop detailed reports, articulate technical findings, and deliver actionable recommendations to both technical teams and executive stakeholders.
• Manage multiple engagements, ensuring timely delivery, quality assurance, and adherence to industry best practices.
• Stay updated with emerging cyber threats, vulnerabilities, and offensive security techniques, and incorporate these insights into client engagements.

Skills and Attributes for Success:

• Strong understanding of cybersecurity and risk governance principles, regulatory landscapes, and compliance obligations.
• Experience designing and implementing enterprise-wide GRC programs and policies.
• In-depth knowledge of control frameworks (e.g., ISO 27001/2, NIST CSF, NIST 800-53, COBIT, PCI DSS, SWIFT CSCF).
• Familiarity with sector-specific standards (e.g., NCA ECC/SAMA CSF for KSA, UAE IA/NESA, or energy and financial sector mandates).
• Ability to conduct technology and cybersecurity risk assessments for applications, infrastructure, and network assets.
• Strong analytical, problem-solving, and critical-thinking skills.
• Excellent communication and collaboration skills.

Qualifications:

• A bachelor's or master’s degree in information technology, cyber security, or related fields.
• 2-8 years of experience in GRC and cyber security assessments.
• Valid passport for travel.
• Industry-recognized certifications such as CISSP, CISM, CRISC, ISO 27001 LA preferred.
• Familiarity with data privacy regulations (e.g., GDPR, DPD, PDPL).
• Understanding of cyber risk quantification methods (e.g., FAIR, Monte Carlo simulations).

Language Requirements: Excellent communication skills with a consulting mindset.

What We Offer: We offer a competitive compensation package based on performance, continuous learning opportunities, transformative leadership, and a diverse and inclusive culture.

Location: Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates

Work Conditions: On-site, Full-time