Senior Consultant/Manager | Cyber | Extended Enterprise | UAE, KSA, Jordan

Senior Consultant/Manager | Cyber Operate | Extended Enterprise | UAE, KSA, Jordan

About Deloitte: When you work for us, you commit to a career at one of the largest and most prestigious professional services firms in the world. We have received numerous awards over the last few years, including Best Employer in the Middle East, and Best Consulting Firm, and the Middle East Training & Development Excellence Award.

Our Purpose

Deloitte makes an impact that matters. Every day we challenge ourselves to do what matters most—for clients, for our people, and for society. We serve clients distinctively, bringing innovative insights, solving complex challenges and unlocking sustainable growth. We inspire our talented professionals to deliver outstanding value to clients, providing an exceptional career experience and an inclusive and collaborative culture. We contribute to society, building confidence and trust in the markets, upholding the integrity of organizations and supporting our communities.

Our shared values guide the way we behave to make a positive, enduring impact:

• Lead the way
• Serve with integrity
• Take care of each other
• Foster inclusion
• Collaborate for measurable impact
  
  

During your tenure as a Senior Consultant/Manager in Extended Enterprise, you will demonstrate and develop your capabilities in the following areas

• Strong technical knowledge of cybersecurity domains (Governance, Compliance, Risk Management, Identity and Access Management, Data Security, Cryptography, Network Security, Cloud Security, Endpoint Security, Business Continuity Management, Operational Technology, Data Lifecycle Management etc)
• Strong technical knowledge of third party cybersecurity risk management frameworks, IT governance frameworks, regulatory requirements, and best practices.
• Strong technical experience conducting and managing third party cybersecurity assessments.
• Hands-on experience with security frameworks such as ISO 27001, PCI, NCA, SAMA CSF, NIST, etc.
• Knowledge of relevant laws and regulations such as NESA ISR, UAE PDPL, GDPR, HIPAA, SOX, etc.
• Lead and manage cybersecurity and data privacy controls assessments on Third Parties and vendors in line with industry, regional and international best standards and regulations e.g. NIST CSF,ISO 27001, UAE-NESA and Information Security Regulation (ISR), GDPR and UAE PDPL.
• Coordinate scheduling, evidence collection and responses with third party point of contact
• Collect and review control evidence and analyze third party information and data.
• Review independent assurance reports and certifications (e.g. SOC1&2, ISO27001).
• Support contract reviews and negotiations over cybersecurity requirements and clauses by working closely with procurement and legal teams.
• Provide guidance and support team in performing risk assessments to evaluate inherent and residual cybersecurity risks. Analyze the likelihood and potential impact of identified risks using qualitative and quantitative methods.
• Determine adequate treatment plans for identified risks and control gaps, detailing findings, recommendations and mitigation strategies.
• Develop action plans and timelines for implementing risk controls and track remediation plans to reduce identified risks and close control gaps.
• Collaborate with stakeholders and relevant business departments to implement risk mitigation plans and actions.
• Manage the maintenance and monitor a third party cybersecurity risk register for the whole organization.
• Monitor and support in remediation activities and work with the third party to ensure findings are being remediated appropriately. Ensure all third party cybersecurity risk management processes and SOPs are being adopted.
• Ensure all technology integrations for the cybersecurity third party program are working effectively and technical issues are identified and resolved with respective technical teams.
• Track key performance and risk indicators (KPIs, KRIs) to measure program performance and risk reduction over time.
• Manage risk assessment tools and GRC solutions to support third party cybersecurity controls and risk assessments, as well as calculate risk levels and prioritize areas of concerns.
• Administer and maintain technology platform and solutions utilized to perform third party cybersecurity and data privacy assessments.
• Prepare and maintain documentation, including policies, procedures, standards, and guidelines that support the third party cyber risk management framework
• Lead the development of third party cybersecurity risk reports and dashboards using tools such as PowerBI.
• Communicate and present findings to stakeholders, management, and regulatory bodies as required.
• Liaise with key departments (e.g. Procurement, Legal, HR, operations) to address specific cybersecurity third party risk matters.
• Conduct root cause analysis for identified cybersecurity incidents relating to third parties and work with threat and incident response teams to evaluate risks and prevent future occurrences.
• Develop and deliver training materials to educate employees and business stakeholders on identifying and managing third party risks.
  
  

Leadership Capabilities

• Builds own understanding of our purpose and values; explores opportunities for impact.
• Demonstrates strong commitment to personal learning and development; acts as a brand ambassador to help attract top talent.
• Understands expectations and demonstrates personal accountability for keeping performance on track.
• Actively focuses on developing effective communication and relationship-building skills.
• Understands how their daily work contributes to the priorities of the team and the business. 
  
  

Qualifications/Requirements

• Bachelors in computer science, information security or related field / masters in computer science, information security or related field
• CISM, CISSP, CISA, CRISC, CGRC
• 5-10 years of relevant experience