Assistant Manager - Risk Consulting - Digital Risk

EY

Your Key Responsibilities

As Assistant Manager you will be required to work effectively as a team member, draw on your knowledge and experience to solve complex issues and support the MENA local Partner(s) and senior executives, and build relationships with MENA internal clients and peers.

As an Assistant Manager

• Everything you will be involved in comes down to providing excellent customer service and helping our teams do the same. Whether it is working with multiple client teams, advising the clients on IT Risk related matters, or assisting executives with business development activities across various sectors, you will build strong relationships and become a trusted advisor to your MENA clients.
• You will participate in MENA engagements, working effectively as a team member, providing support, maintaining communication and updating senior team members on progress. You will assist in client service delivery, participate in all assigned tasks, and assist in preparing reports that will be delivered to clients and other parties.
  

To qualify for the role, you must have.

• Bachelor s or master s degree in computer science, information systems or a related discipline. Alternatively, a degree in business, accounting, finance, with additional IT qualifications.
• 5 + years of relevant experience of working as IT risk consultant or an IT auditor for a public accounting firm, professional services firm, technology company, telecom company or a financial services company, or comparable experience as an IT/IS consultant.
• Relevant experience areas include, but not limited to, IT Risk assessment and management, Digital Trust, Mobile Technology assessments, Emerging Technologies (Robotics, IoT, Cloud and Blockchain), ERP control validations (SAP, Oracle, MS Dynamics), systems and networking technologies, IT/Business process and internal control assessments, internal audit engagements, external audit integration, application of data analytics, and/or third-party reporting, etc.
  
  

Cybersecurity, Privacy & Data Protection Compliance:

• Lead and perform Privacy Impact Assessments (PIAs), Data Protection Impact Assessments (DPIAs), Legitimate Interest Assessments (LIAs), and Transfer Impact Assessments (TIAs).
• Maintain and update the Records of Processing Activities (RoPA) in compliance with GDPR and other data protection laws.
• Ensure cross-border data transfers comply with legal mechanisms (e.g., SCCs, BCRs, adequacy decisions).
• Develop, implement, and maintain comprehensive privacy and cybersecurity programs aligned with international standards including ISO 27001, ISO 27701, and NIST Cybersecurity Framework 2.0 (CSF).
• Ensure compliance with regional regulations such as Dubai Information Security Regulation (Dubai ISR) and UAE Information Assurance Requirements (UAE IAR), supporting both privacy and cybersecurity mandates
  
  

Security & DLP Implementation:

• Work with the team to design, implement, and manage and access Data Loss Prevention (DLP) technologies and policies across endpoints, cloud, and email systems.
• Collaborate on securing personal and sensitive data through encryption, access control, and secure storage practices.
• Collaborate with Security Operations Center (SOC) for real-time investigation of: Data exfiltration attempts , Unauthorized access to sensitive folders or file shares, Lateral movement involving high-value data.
• Drive the implementation and validation of Business Continuity Management (BCM) and Incident Response (IR) plans specifically addressing privacy breaches and cybersecurity incidents.
  
  

Audits, Monitoring & Risk Assessments:

• Plan and execute internal and third-party data privacy audits and cybersecurity risk assessments.
• Conduct cybersecurity maturity assessments to evaluate organizational risk posture, identify gaps, and recommend remediation in alignment with NIST, ISO, and UAE frameworks (ISR and IAR).
• Lead or support mobile application security and privacy assessments, ensuring secure development lifecycle practices and data protection controls.
• Perform network security assessments, including vulnerability analysis and penetration testing coordination, to identify potential attack vectors and privacy risks.
• Define and enforce encryption standards (AES-256 at rest, TLS 1.2+ in transit) , Audit encryption coverage in structured and unstructured data stores , Work with DevOps to integrate encryption into infrastructure-as-code (IaC) pipelines.
• Collaborate with vendors and partners to assess their privacy posture and complete privacy/security questionnaires.
• Conduct cybersecurity risk assessments for New vendor tools and services (focus: SaaS, cloud storage, APIs) ,High-risk internal systems (HRIS, CRM, analytics platforms) ,Data pipelines that aggregate personal or behavioural information.
  
  

Policy, Training & Governance:

• Draft, review, and maintain policies and procedures relating to data protection, privacy, and information security.
• Lead company-wide privacy and security awareness training programs.
• Act as a subject matter expert on data privacy and security best practices across teams and departments.
• 
  

Ideally, you ll also have

• CISA, CISSP, CISM, and/or CIA certification is essential for long-term growth in the role; Based on an individual s professional background, area of specialization or industry focus, we recognize that other certifications, credentials or experience may be more relevant than the listed certifications and therefore may be acceptable.
• Experience of working in a similar role with an international consulting firm
• More operationally focused in working and institutionalizing best practices and process
  
  

What We Look For

We are interested in professionals who are business savvy with a passion for quality work, innovation as well as the motivation to create your own EY journey.