Job Description

Roles & Responsibilities

About the Role:

We are seeking a Senior Cyber GRC Consultant to join our team in the United Arab Emirates. In this role, you will lead governance, risk, and compliance engagements for major clients, leveraging your technical expertise and advisory skills to assess current controls, design policy frameworks, and drive remediation initiatives.

• Conduct comprehensive gap analyses against NCA ECC-2, SAMA CSF, ISO 27001, NIST CSF and COBIT frameworks
• Develop and prioritize remediation roadmaps based on assessment findings
• Design and implement information security policies, standards and procedures
• Perform stakeholder interviews and workshops to gather requirements and contextual insights
• Evaluate, select and configure GRC platforms to support client needs
• Manage regulatory change initiatives and ensure alignment with evolving compliance requirements
• Prepare and present proposals, reports and executive presentations to clients and senior management
• Deliver client-facing presentations and lead discussion forums on GRC topics
• Collaborate with cross-functional teams to integrate GRC solutions into broader security programs

• Bachelor’s degree in Computer Science, Information Security or related field
• 5–8 years of professional experience in cyber GRC consulting or security compliance
• Technical expertise in NCA ECC-2, SAMA CSF, ISO 27001, NIST CSF and COBIT
• Proven experience conducting gap analyses and developing remediation roadmaps
• Hands-on experience designing information security policies and procedures
• Experience evaluating and selecting GRC platforms
• Strong skills in stakeholder interviews, proposal writing and client presentations
• Demonstrated ability to prepare and deliver management presentations
• Knowledge of regulatory change management processes
• Excellent communication, analytical and project management skills

• Professional certifications such as CISSP, CISM, CRISC or ISO 27001 Lead Implementer/Auditor
• Experience with leading GRC tools (e.g., RSA Archer, MetricStream)
• Familiarity with the UAE regulatory landscape and local cybersecurity requirements
• Master’s degree in Cybersecurity, Information Assurance or related discipline
• Project management certification such as PMP or PRINCE2
• Arabic language proficiency