Senior Cybersecurity GRC Consultant

We are advertising for a Tier 1 Senior Cybersecurity GRC Consultant to join our onsite team in Abu Dhabi.

If tackling complex compliance challenges, influencing cloud security strategy, and wearing the creative hat to build modern governance models excites you, we want to hear from you.

Role Overview

Join our “Second Line of Defense’— a hands-on, strategic role shaping cloud, hybrid and enterprise compliance at scale. If translating regulatory complexity into elegant, practical controls excites you, this is for you.

Why This Role

Impact: Own the organization’s cybersecurity and cloud compliance posture across multi-cloud and hybrid environments. 

Challenge to be addressed: Build pragmatic frameworks that satisfy auditors, regulators, and business stakeholders while enabling cloud-first innovation. 

If this interests you, you’ll influence policy, lead assurance programs, and present directly to senior stakeholders/ CXOs.

What We’re Looking For

Experience: 6- 8+ years in cybersecurity compliance, governance, or audit with at least 2+ years focused on cloud environments. 

Technical / Framework Skills: Proven ability to map frameworks to controls and operations (NIST CSF, ISO 27001/27017/27018, GDPR, PCI DSS, SOC 2, CSA CCM). 

Cloud knowledge: Solid understanding of AWS, Azure, GCP and shared responsibility models. 

Audit & assurance: Demonstrated success running internal/external audits and certification readiness programs. 

Communication: Excellent stakeholder management with confident interactions at C-level. 

Tools: Hands-on experience with GRC and compliance automation platforms (Archer, OneTrust, ServiceNow GRC, Drata, Vanta, or similar).

Key duties and responsibilities:

Translate frameworks: into actionable policies, controls, and operating practices (NIST CSF, ISO 27001, GDPR, PCI DSS, SOC 2, CSA CCM). 

Design and implement: a unified compliance and governance framework for cloud, hybrid, and enterprise systems. 

Lead audits and assessments: Plan, run, and remediate internal and external compliance audits and certification readiness. 

Conduct risk activities: Drive risk assessments, gap analyses, and control testing across services and third parties. 

Liaise and coordinate with the first line, incident response, external auditors, regulators, key clients for assurance and post-incident compliance. 

Drive continuous improvement by monitoring regulatory change, emerging standards, and automation opportunities. 

Coach and mentor other team members, compliance analysts and consultants. 

Present outcomes: Prepare executive-level compliance reports, risk dashboards, and audit results for senior leadership.

We are looking for the required qualifications:

Highly desirable: CISM, CISA, CRISC, CISSP, PCI DSS QSA

Framework lead: ISO 27001 Lead Implementer / Lead Auditor. 

Cloud focus: CCSK, AWS Security Specialty, or other cloud security certs. 

Data protection: GDPR Practitioner 

Education:  Bachelor’s or Master’s in Cybersecurity, Information Systems, Risk Management, or related field.