Grant Thornton
Senior Consultant – IT & Cyber Risk Advisory (Technology Risk)
- Permanent
- Dubai, United Arab Emirates
- Experience 2 - 5 yrs
Job expiry date: 30/03/2026
Job overview
Date posted
13/02/2026
Location
Dubai, United Arab Emirates
Salary
AED 20,000 - 30,000 per month
Compensation
Job description
The Senior Consultant – IT & Cyber Risk Advisory (Technology Risk) at Grant Thornton UAE, based in Dubai, is a senior consulting role responsible for delivering high-quality IT and cybersecurity audit services, risk advisory, and technology risk management solutions across diverse clients, including banking, government, and large enterprises. The position involves leading client engagements from planning and documentation through execution and close-out, supporting the development and enhancement of risk and security policies, procedures, and frameworks, and acting as a trusted advisor to clients on cybersecurity governance and regulatory compliance. Responsibilities include executing IT and information security audits, performing detailed technical risk assessments, gap analyses, and developing practical remediation measures. The consultant will provide advisory support on Target Operating Models (TOM) for risk and security functions, conduct financial risk management assignments including capital, liquidity, credit, market risk, stress testing, internal models, and risk reporting. The role requires hands-on technical testing and security reviews for on-premises and cloud environments, including vulnerability management, BCM, BCP, firewall configuration, SIEM, SOC operations, Microsoft 365, and data privacy measures. The Senior Consultant will supervise junior team members throughout the audit lifecycle, manage multiple client engagements, document testing procedures and results, prepare high-quality reports, presentations, and close-out documentation, and ensure compliance with regional and international standards such as ISO 27001, NESA, UAE-IA, and PCI-DSS. Additional responsibilities include overseeing engagement efficiency, resource utilization, financial performance activities, and contributing to the firm’s quality assurance objectives while traveling regularly to client sites as required.
Required skills
Key responsibilities
- Develop audit planning documents, engagement proposals, and terms of reference prior to client meetings, incorporating all necessary updates and requirements
- Plan and execute IT and cybersecurity fieldwork, including compliance reviews against regional and international regulatory frameworks
- Perform detailed risk assessments, technical security evaluations, and gap analyses, and recommend actionable remediation plans tailored to client needs
- Design and implement Target Operating Models (TOM) for risk and security functions and support enhancement of policies, procedures, and standards
- Deliver financial risk management assignments covering capital, liquidity, credit, market risk, stress testing, internal models, data quality, and risk reporting
- Lead and supervise junior team members throughout the audit lifecycle, including planning, execution, client workshops, and exit meetings
- Prepare high-quality reports, presentations, and close-out documentation, ensuring accurate articulation of findings, observations, and practical recommendations
- Manage multiple engagements and competing priorities in a fast-paced consulting environment, ensuring timely delivery and adherence to quality standards
- Provide hands-on technical testing for on-premises and cloud systems, including vulnerability management, BCM, BCP, firewall configuration, SIEM, SOC operations, Microsoft 365, and data protection
- Act as a trusted advisor for clients, guiding them on cybersecurity governance, regulatory compliance, and risk management best practices, while building and maintaining strong client relationships
- Oversee engagement efficiency, billing, income collection, resource utilization, and contribute to achieving target profitability metrics for the firm
Experience & skills
- Bachelor's degree in Information Security, Cybersecurity, Computer Science, Information Systems, or related field
- 3–5+ years of relevant experience in IT and information security audit, consulting, or combined industry experience
- Professional certifications such as ISSP, CEH, ECSA, CISA, or ISO 27001 are highly desirable
- Strong knowledge of industry standards and frameworks including ISO 27001, NESA, UAE-IA, and PCI-DSS
- Experience performing hands-on technical security testing and reviews in on-premises and cloud environments
- Experience with ERP technologies such as SAP, Oracle, or Microsoft, preferably in Banking or Government sectors
- Excellent analytical, organizational, and problem-solving skills with the ability to navigate complex technical and regulatory landscapes
- Strong verbal, written, and presentation skills in English; Arabic proficiency is advantageous
- Ability to manage multiple projects, work under pressure, and travel regularly to client sites as required
- Confidence, independence, and a structured approach to managing responsibilities while mentoring junior team members