We are looking for a motivated Consultant to join our Technology Risk Advisory & Cybersecurity (TRACS) practice. The role will support client engagements across technology risk, cybersecurity, governance, risk and compliance, IT General Controls (ITGC), Business Continuity Management (BCM), and emerging technology governance. The successful candidate will work closely with senior team members to assess risks, test controls, prepare practical recommendations, and help clients strengthen their technology and cyber resilience.
- Delivery of Technology Risk Advisory and Cybersecurity (TRACS) engagements, including technology risk assessments, compliance reviews, cybersecurity governance reviews, and IT audit activities.
- Reviewing client evidence, policies, procedures, and technical control documentation against agreed regulatory, contractual, and industry requirements.
- Perform technology risk and control testing across areas such as access management, change management, backup and recovery, incident management, third-party risk, and asset management.
- Contribute to cyber maturity assessments and gap analyses using frameworks such as ISO 27001, NIST Cybersecurity Framework, and relevant regional requirements.
- Support Business Continuity Management activities, including business impact analysis, continuity-plan documentation, tabletop exercises, and test evidence collection.
- Assist in the preparation and review of information-security, technology-risk, data-protection, and AI-governance policies, standards, procedures, and control matrices.
- Support assessments of emerging technology and AI-related risks, including data privacy, third-party tools, use of public AI platforms, prompt-related risks, and governance controls.
- Prepare clear working papers, findings, risk registers, remediation trackers, reports, and client presentations under the supervision of senior team members.
- Coordinate with client stakeholders to collect information, track outstanding actions, and help ensure deliverables are completed on time.
- Maintain awareness of evolving cybersecurity threats, technology-risk practices, and relevant UAE/GCC regulatory developments.

