Manager - Cyber Security - GRC Specialist

Manager - Cyber Security- GRC Specialist

As part of our Cyber Technology Consulting team, you will handle leading and managing Cyber Governance, Risk, and Compliance (GRC) engagements for clients across the MENA region. You will collaborate closely with stakeholders to assess, develop, and enhance cybersecurity governance frameworks, risk management practices, and compliance programs in line with global standards and regulatory requirements. The client base spans diverse sectors and includes collaboration with other teams across Advisory services.

The opportunity

We’re looking manager with strong consulting background and hands-on expertise in implementing enterprise cyber risk and governance programs. This is an exceptional opportunity to work with senior leadership across industries and influence strategic cybersecurity decision-making at the highest levels.

Your key responsibilities

• Lead and deliver end-to-end cyber GRC engagements, including policy and framework development, control assessments, regulatory compliance, and cyber risk assessments.
• Design and implement cybersecurity governance models, risk management processes, and third-party risk programs aligned with leading standards (e.g., ISO 27001, NIST CSF, COBIT, CSA).
• Assess client readiness for local and global regulations such as NCA ECC, SAMA, UAE IA, GDPR, and sector-specific guidelines.
• Manage enterprise cyber risk assessments, maturity assessments, and business impact analyses (BIAs).
• Advise on the implementation and enhancement of GRC tools and technologies (e.g., eGRC platforms).
• Support business development by identifying client needs, preparing proposals, and managing relationships.
• Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice.
• Develop detailed reports, articulate technical findings, and deliver actionable recommendations to both technical teams and executive stakeholders.
• Manage multiple engagements, ensuring timely delivery, quality assurance, and adherence to industry best practices.
• Stay updated with emerging cyber threats, vulnerabilities, and offensive security techniques, and incorporate these insights into client engagements

Skills and attributes for success

• Strong understanding of cybersecurity and risk governance principles, regulatory landscapes, and compliance obligations.
• Experience designing and implementing enterprise-wide GRC programs and policies.
• In-depth knowledge of control frameworks (e.g., ISO 27001/2, NIST CSF, NIST 800-53, COBIT, PCI DSS, SWIFT CSCF).
• Familiarity with sector-specific standards (e.g., NCA ECC/SAMA CSF for KSA, UAE IA/NESA, or energy and financial sector mandates).
• Ability to conduct technology and cybersecurity risk assessments for applications, infrastructure and network assets
• Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other documents/templates.
• Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice.
• Ability to interpret complex technical results and present insights to business stakeholders.
• Strong analytical, problem-solving, and critical-thinking skills.
• Excellent communication and collaboration skills

To qualify for the role, you must have

• A bachelor's or master’s degree in information technology, cyber security etc.
• Excellent communication skills with a consulting mindset.
• 6-7 years of experience in GRC and cyber security assessments
• A valid passport for travel.
• Excellent communication skills with a consulting mindset.

Ideally, you’ll also have

• Industry-recognized certifications such as CISSP, CISM, CRISC, ISO 27001 LA
• Experience working with GRC platforms (e.g., Archer, ServiceNow GRC etc.).
• Familiarity with data privacy regulations (e.g., GDPR, DPD, PDPL).
• Understanding of cyber risk quantification methods (e.g., FAIR, Monte Carlo simulations).

What we offer
 

We offer a competitive compensation package where you’ll be rewarded based on performance and recognized for the value you bring to our business. Plus, we offer:

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It’s yours to build.

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.