At EY, we re all in to shape your future with confidence.
We ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.
Join EY and help to build a better working world.
Consultant/ Senior Consultant/ Assistant Manager/ Manager - Cyber Security- GRC Specialist
As part of our Cyber Technology Consulting team, you will handle leading and managing Cyber Governance, Risk, and Compliance (GRC) engagements for clients across the MENA region. You will collaborate closely with stakeholders to assess, develop, and enhance cybersecurity governance frameworks, risk management practices, and compliance programs in line with global standards and regulatory requirements. The client base spans diverse sectors and includes collaboration with other teams across Advisory services.
The opportunity
We re looking for consultant/ senior consultant/ assistant manager/ manager with strong consulting background and hands-on expertise in implementing enterprise cyber risk and governance programs. This is an exceptional opportunity to work with senior leadership across industries and influence strategic cybersecurity decision-making at the highest levels.
Your key responsibilities
- Lead and deliver end-to-end cyber GRC engagements, including policy and framework development, control assessments, regulatory compliance, and cyber risk assessments.
- Design and implement cybersecurity governance models, risk management processes, and third-party risk programs aligned with leading standards (e.g., ISO 27001, NIST CSF, COBIT, CSA).
- Assess client readiness for local and global regulations such as NCA ECC, SAMA, UAE IA, GDPR, and sector-specific guidelines.
- Manage enterprise cyber risk assessments, maturity assessments, and business impact analyses (BIAs).
- Advise on the implementation and enhancement of GRC tools and technologies (e.g., eGRC platforms).
- Support business development by identifying client needs, preparing proposals, and managing relationships.
- Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice.
- Develop detailed reports, articulate technical findings, and deliver actionable recommendations to both technical teams and executive stakeholders.
- Manage multiple engagements, ensuring timely delivery, quality assurance, and adherence to industry best practices.
- Stay updated with emerging cyber threats, vulnerabilities, and offensive security techniques, and incorporate these insights into client engagements
Skills and attributes for success
- Strong understanding of cybersecurity and risk governance principles, regulatory landscapes, and compliance obligations.
- Experience designing and implementing enterprise-wide GRC programs and policies.
- In-depth knowledge of control frameworks (e.g., ISO 27001/2, NIST CSF, NIST 800-53, COBIT, PCI DSS, SWIFT CSCF).
- Familiarity with sector-specific standards (e.g., NCA ECC/SAMA CSF for KSA, UAE IA/NESA, or energy and financial sector mandates).
- Ability to conduct technology and cybersecurity risk assessments for applications, infrastructure and network assets
- Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other documents/templates.
- Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice.
- Ability to interpret complex technical results and present insights to business stakeholders.
- Strong analytical, problem-solving, and critical-thinking skills.
- Excellent communication and collaboration skills
To qualify for the role, you must have
- A bachelors or master s degree in information technology, cyber security etc.
- Excellent communication skills with a consulting mindset.
- 2-8 years of experience in GRC and cyber security assessments
- A valid passport for travel.
- Excellent communication skills with a consulting mindset.
Ideally, you ll also have
- Industry-recognized certifications such as CISSP, CISM, CRISC, ISO 27001 LA
- Experience working with GRC platforms (e.g., Archer, ServiceNow GRC etc.).
- Familiarity with data privacy regulations (e.g., GDPR, DPD, PDPL).
- Understanding of cyber risk quantification methods (e.g., FAIR, Monte Carlo simulations).
What we offer
We offer a competitive compensation package where you ll be rewarded based on performance and recognized for the value you bring to our business.
-
Continuous learning
You ll develop the mindset and skills to navigate whatever comes next. -
Success as defined by you
We ll provide the tools and flexibility, so you can make a meaningful impact, your way. - Transformative leadership We ll give you the insights, coaching and confidence to be the leader the world needs.
-
Diverse and inclusive culture
You ll be embraced for who you are and empowered to use your voice to help others find theirs.
