Job Title: Senior Cyber Security Consultant – GRC & Compliance
Department: Information Security / Risk & Compliance
Reporting To: Chief Information Security Officer (CISO)
Experience Required: 5–8 years in Cyber Security with focus on GRC & Compliance
Location: Dubai, UAE
Duration: 6 Months (Extendable)

REQUIRED QUALIFICATIONS

• Experience: 5–8 years in cyber security with a strong focus on GRC, compliance, and risk management.
• Technical Knowledge:
• Strong understanding of infrastructure and network security principles.
• Hands-on experience with enterprise solutions such as DLP, EDR, PAM, CASB, or equivalent tools.
• Familiarity with incident response processes and risk assessment methodologies.
• Compliance Knowledge: Practical experience with compliance frameworks (ISO 27001, NIST, GDPR, PCI DSS, local UAE/KSA regulations).
• Certifications (Preferred): CISA, CISSP, CISM, CRISC, ISO 27001 Lead Auditor/Implementer.
• Soft Skills:
• Strong stakeholder engagement and communication abilities.
• Proven ability to influence and advise senior leadership on cyber risk.
• Strong analytical, documentation, and reporting skills.

ABOUT THE ROLE

We are seeking a skilled Senior Cyber Security Consultant (GRC & Compliance) to strengthen governance, risk, and compliance initiatives while ensuring security oversight across enterprise systems. This role requires expertise in program development, regulatory compliance, incident management, infrastructure security, and stakeholder engagement. You will also manage critical security tools, assess risk posture, and provide clear reporting to leadership.

KEY RESPONSIBILITIES

• Risk Oversight: Identify, assess, and monitor cyber risks across business functions and technology environments. Recommend actionable mitigation strategies.
• Program Development: Design and implement security and compliance programs aligned with global standards (ISO 27001, NIST, GDPR, PCI DSS, etc.).
• Governance & Compliance:
• Develop and enforce governance structures, policies, and controls.
• Ensure compliance with regional and international regulations (UAE, KSA, Oman, Qatar, UK, USA).
• Conduct compliance reviews, audits, and gap assessments.
• Incident Management: Support and coordinate incident response processes, lead post-incident reviews, and ensure lessons learned are integrated into programs.
• Network Security Review: Evaluate network design, architecture, and controls to identify weaknesses and recommend improvements.
• Infrastructure Security Assessment: Assess cloud, on-premises, and hybrid infrastructure to validate security and compliance posture.
• Tool Management: Implement and manage enterprise cyber security tools to safeguard organizational systems and data.
• Reporting: Generate metrics and dashboards on risk posture, security tool effectiveness, and compliance status for senior leadership.
• Stakeholder Management: Act as a trusted advisor to leadership, bridging technical and business requirements to align security with organizational priorities.