Delivering Client ProjectsProject management of cyber protect engagements (e.g., running kick-off meetings, refining outputs, developing recommendations).Delivering projects (e.g., helping clients understand what information assets are valuable for them, conducting cyber risk assessments against ISO and NIST standards, helping clients define target operating models.Working with key project stakeholders (e.g. gathering information from interviews, document reviews and presenting findings) while maintaining the confidence of the client through clear communication and good project management.Working with external technical partners to deliver an integrated solutions and drawing out recommendations from their technical findings.Working with other departments within Control Risks.Provide flexible and responsive support as and when crisis management support is required and can be provided.Business DevelopmentDeveloping proposals for future client work.Project scoping and planning, to support pricing.Contributing to and building complex, multi-service line proposals.Cultivating long-term relationships with clients.Participating in marketing and speaking events to build the Control Risks brand.Supporting the growth of the Cyber Response practiceHelping to refine our cyber security methodologies and tools.Contributing to our professional development and training programme.Educate other departments about cyber security to enhance our overall business strategy and service offerings.RequirementsEssentialDemonstrable experience of cyber security risk management within an established consultancy.Proven experience in delivering risk assessments against industry standards (NIST CSF, 800-53 and ISO27001).Undergraduate degree in a field related to security, information security, intelligence, or computer science.Excellent knowledge of IT and network infrastructure.Ability to see security from the attacker’s point of view.PreferredExperience working with clients in Saudi Arabia, business practices and cyber security challenges within the Saudi context.Deep understanding of regulations or standards relevant to the Saudi market (e.g., those released by NCA, SDAIA).Fluent in Arabic and English.Understanding of the cyber threat landscape and key cyber security concepts.Ability to communicate clearly in written and oral form at senior levels.Able to explain difficult technical concepts and ideas in non-technical terms.
