Senior Consultant/Manager | Cyber | Extended Enterprise

During your tenure as a Senior Consultant/Manager in Extended Enterprise, you will demonstrate and develop your capabilities in the following areas:

• Strong technical knowledge of cybersecurity domains (Governance, Compliance, Risk Management, Identity and Access Management, Data Security, Cryptography, Network Security, Cloud Security, Endpoint Security, Business Continuity Management, Operational Technology, Data Lifecycle Management, etc.)
• Strong technical knowledge of third-party cybersecurity risk management frameworks, IT governance frameworks, regulatory requirements, and best practices.
• Strong technical experience conducting and managing third-party cybersecurity assessments.
• Hands-on experience with security frameworks such as ISO 27001, PCI, NCA, SAMA CSF, NIST, etc.
• Knowledge of relevant laws and regulations such as NESA ISR, UAE PDPL, GDPR, HIPAA, SOX, etc.

You will lead and manage cybersecurity and data privacy controls assessments on Third Parties and vendors in line with industry, regional, and international best standards and regulations. Responsibilities will include:

• Coordinate scheduling, evidence collection, and responses with third-party points of contact.
• Collect and review control evidence and analyze third-party information and data.
• Review independent assurance reports and certifications (e.g., SOC1&2, ISO27001).
• Support contract reviews and negotiations over cybersecurity requirements and clauses by working closely with procurement and legal teams.
• Provide guidance and support to the team in performing risk assessments to evaluate inherent and residual cybersecurity risks.
• Analyze the likelihood and potential impact of identified risks using qualitative and quantitative methods.
• Develop action plans and timelines for implementing risk controls and track remediation plans to reduce identified risks and close control gaps.
• Collaborate with stakeholders and relevant business departments to implement risk mitigation plans and actions.
• Manage the maintenance and monitor a third-party cybersecurity risk register for the whole organization.
• Ensure all third-party cybersecurity risk management processes and SOPs are being adopted.
• Track key performance and risk indicators (KPIs, KRIs) to measure program performance and risk reduction over time.
• Prepare and maintain documentation, including policies, procedures, standards, and guidelines that support the third-party cyber risk management framework.
• Communicate and present findings to stakeholders, management, and regulatory bodies as required.
• Develop and deliver training materials to educate employees and business stakeholders on identifying and managing third-party risks.

Location
Abu Dhabi, Amman, Riyadh

Work Conditions

• Bachelor's in computer science, information security, or related field / Master's in computer science, information security, or related field.
• CISM, CISSP, CISA, CRISC, CGRC certifications are preferred.
• 5-10 years of relevant experience.