Job description / Role
DPP and Cyber Security are few of the most important risks facing businesses today. Organizations’ data protection & privacy capabilities were tested during COVID19 pandemic and organizations are looking for trusted consultants to enhance the capability. Also, as organizations move forward on their digital journey the cybersecurity risk exposure is increasing and there is a huge demand for trusted cybersecurity consultants. Our clients are overwhelmingly turning to EY for help and guidance on how to enhance the privacy and protect their assets, minimise business disruption and improve security.
At EY we have ambitious plans to expand our already market leading Cybersecurity practice. With investment secured, we continue to build our MENA based cyber practice and anticipate continued growth throughout the next five years. We need excellent people, across all grades, to join us and to be part of our exciting growth strategy.
EY is looking for a Data Protection & Privacy (DPP) Consultant (Manager level) to join our Cyber Security team in Riyadh, KSA. Saudi national candidates will be highly preferred.
Your key responsibilities
A large part of your role will be engagement delivery and provide support to executives for business development. We’ll expect you to lead and deliver DPP and cybersecurity engagements with very minimal supervision. We also expect you to support executives in development of proposals, presentations and other business development activities. You will be responsible for the delivery and quality of the final reports to our clients.
You will have responsibility for;
• Conducting Privacy Impact Assessments, analyze and document assessments, work out questionnaires and standard documentation.
• Supporting the standardization of Risk and IT Control catalogues for regulatory compliance.
• Deploy processes and tools to help detect and prevent privacy breaches.
• Deploying Data leak prevention tools and implementation of endpoint protection.
• Supporting and guide our clients in adhering to the complex web of relevant national and international regulations.
• Ensuring a harmonized approach towards data protection and privacy by bringing together our client’s stakeholders (e.g. legal, compliance, risk, HR, security, business functions).
• Assisting clients in privacy related incident response activities.
• Supporting the client’s team by acting as an interim team member (e.g. security officer, security manager, security analyst).
• Delivering cybersecurity engagements including development of cybersecurity strategy, cybersecurity governance, risk and compliance frameworks, development of cybersecurity policies and procedures in line with ISO 27001 and NCA ECC standards
• You will be required to develop work products and presentations in Arabic
• Support the cyber executives with the development of proposals, presentations, etc.
• Championing EY and the cyber security team, helping to attract and retain world-class talent
• Contributing to the latest thought-leadership and industry research relating to cyber security
Your role will broadly constitute circa 80% engagement delivery and 20% business development.
Skills and attributes for success
• An existing track record of successful engagement delivery in data protection & privacy and cyber security is expected of all candidates for this role.
• A Big 4 background or comparable consulting experience is highly advantageous.
• A broad background across DPP and security is expected with specific experience in two or more of the following areas, essential;
• At least 6-8 years of sound industry experience in one or more of the following areas: Data Protection and Privacy, privacy governance, assessment, remediation, policies, procedures, and classification, data retention concepts, access control for leading ERP/CRM systems, self-developed tools, data bases and data warehouses
• Security policies and procedures, design and implementation of security policies, procedures, standards and controls in line with regulation and/or current standards, ISO27001, NIST, SANS etc.
• Data privacy, implementation of data protection / GDPR programmes to address confidentiality and security over customer, employee or patient data.
• Cyber awareness programmes, design and delivery of cyber security awareness programmes to executive level or wider organisation
• Excellent command in written and spoken English
• Experience in managing professional service project teams
• Willingness to travel
• Certifications like ‘Certified Information Privacy Professional (CIPP)’ or ‘Certified Data Privacy Solutions Engineer’ will be highly preferred
• Security relation qualifications such as ISO 22301 LI, CBCI / CBCP, CISSP, CISM, ISO27001 lead implementer or auditor, etc.
• Project and programme related qualifications; Prince II, Scrum, Agile
What we look for
You’ll need to be highly motivated, a self-starter and a strong communicator with the ability and experience to discuss technical content in business language to board level. You’ll also need to be a team player who is not only looking to enhance their own career but recognises the value in developing others and strengthening the team.
What we offer
We offer a competitive compensation package where you’ll be rewarded based on performance and recognized for the value you bring to our business. Plus, we offer:
• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
If you can demonstrate that you meet the criteria above, please contact us as soon as possible.
The exceptional EY experience. It’s yours to build.
EY Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
About the Company
EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available on our site.
The MENA practice of EY has been operating in the region since 1923. For over 95 years, we have grown to over 7,500 people united across 21 offices and 16 countries, sharing the same values and an unwavering commitment to quality. As an organization, we continue to develop outstanding leaders who deliver exceptional services to our clients and who contribute to our communities. We are proud of our accomplishments over the years, reaffirming our position as the largest and most established professional services organization in the region