Manager - Cyber GRC - Technology Consulting Ernst & Young AE

Your key responsibilities

• Lead and deliver end-to-end cyber GRC engagements, including policy and framework development, control assessments, regulatory compliance, and cyber risk assessments.
• Design and implement cybersecurity governance models, risk management processes, and third-party risk programs aligned with leading standards (e.g., ISO 27001, NIST CSF, COBIT, CSA).
• Assess client readiness for local and global regulations such as NCA ECC, SAMA, UAE IA, GDPR, and sector-specific guidelines.
• Manage enterprise cyber risk assessments, maturity assessments, and business impact analyses (BIAs).
• Advise on the implementation and enhancement of GRC tools and technologies (e.g., eGRC platforms).
• Support business development by identifying client needs, preparing proposals, and managing relationships.
• Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice.
• Develop detailed reports, articulate technical findings, and deliver actionable recommendations to both technical teams and executive stakeholders.
• Manage multiple engagements, ensuring timely delivery, quality assurance, and adherence to industry best practices.
• Stay updated with emerging cyber threats, vulnerabilities, and offensive security techniques, and incorporate these insights into client engagements

Skills and attributes for success

• Strong understanding of cybersecurity and risk governance principles, regulatory landscapes, and compliance obligations.
• Experience designing and implementing enterprise-wide GRC programs and policies.
• In-depth knowledge of control frameworks (e.g., ISO 27001/2, NIST CSF, NIST 800-53, COBIT, PCI DSS, SWIFT CSCF).
• Familiarity with sector-specific standards (e.g., NCA ECC/SAMA CSF for KSA, UAE IA/NESA, or energy and financial sector mandates).
• Ability to conduct technology and cybersecurity risk assessments for applications, infrastructure and network assets
• Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other documents/templates.
• Mentor and coach team members, ensuring professional growth and knowledge sharing across the practice.
• Ability to interpret complex technical results and present insights to business stakeholders.
• Strong analytical, problem-solving, and critical-thinking skills.
• Excellent communication and collaboration skills

To qualify for the role, you must have

• A bachelor's or master s degree in information technology, cyber security etc.
• Excellent communication skills with a consulting mindset.
• 2-8 years of experience in GRC and cyber security assessments
• A valid passport for travel.
• Excellent communication skills with a consulting mindset.

Ideally, you ll also have

• Industry-recognized certifications such as CISSP, CISM, CRISC, ISO 27001 LA
• Experience working with GRC platforms (e.g., Archer, ServiceNow GRC etc.).
• Familiarity with data privacy regulations (e.g., GDPR, DPD, PDPL).
• Understanding of cyber risk quantification methods (e.g., FAIR, Monte Carlo simulations).