GRC & Cloud Security Analyst

Established in the region for 40 years, PwC has around 12,000 people in 12 countries across the region: Bahrain, Egypt, Iraq, Jordan, Kuwait, Lebanon, Libya, Oman, the Palestinian territories, Qatar, Saudi Arabia and the United Arab Emirates.

Our regional team operates across the Middle East bringing international experience delivered within the context of the region and its culture. We can bring the collective knowledge and experience of more than 370,000 people across the entire global PwC network in advisory, assurance and tax to help you find the value you are looking for.

A career in our Cyber technology services will allow you to work under the supervision of cyber cybersecurity leadership within the Cyber business unit consulting practice. Use strategic business consulting skills to work with clients through all stages of strategy‑based transformation projects. Provide support on client assignments that help to develop a strategy and then refocus an organisation on making that strategy a reality. We are a growing team and looking for dynamic, flexible, proactive and hardworking consultants who have a passion for shaping cybersecurity positively in the GCC over the coming years. We have a strong pipeline of large, transformational opportunities with our clients which will provide great opportunities for all our people to step up and play significant and rewarding roles in an entrepreneurial and innovation‑driven environment.

As a Senior Associate, you’ll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

Work under the supervision of cybersecurity leadership within the Cyber & Digital Trust business unit consulting practice.

Support in the design and development of cybersecurity programs in different domains including the development of strategy, GRC, architecture, identity and access management and cybersecurity solutions based on leading practices such as NIST, CIS, ISO27001 and others.

Support the development and implementation of cybersecurity governance, risk and compliance frameworks aligned with NIST CSF, ISO 27001, CIS Controls, and local GCC regulatory requirements (e.g., NCA, SAMA, NESA, TDRA, NDMO).

Conduct cybersecurity risk assessments, maturity assessments, and gap analyses to benchmark client capabilities against industry standards and regulatory expectations.

Develop and refine cybersecurity policies, procedures, standards, and guidelines ensuring alignment with business objectives, compliance mandates and leading practices.

Support audit readiness and certification efforts for frameworks such as ISO 27001 and other related standards.

Design of cybersecurity strategies and roadmaps that balance risk management, business enablement, and digital transformation goals.

Work closely with cross‑functional teams to define target operating models for cybersecurity functions, including governance structures, roles, and performance indicators.

Develop and execute cybersecurity awareness and culture programmes. This includes designing tailored awareness campaigns, executive briefings, training programmes, and behaviour‑change initiatives to foster a culture of digital trust and resilience.

Assist in the design of target technical security architecture for clients with deep understanding and analysis of emerging cybersecurity solutions including, but not limited to, threat intelligence, anti‑advanced persistent threats, DLP, SIEM, next generation firewalls, analytics, enterprise incident response and others.

Support in the implementation of cybersecurity solutions at client premises and be able to work closely with security vendors and system integrators.

Communicate effectively (both verbal and writing) with executives, IT personnel, executives, and business users communities, translating complex cybersecurity concepts into actionable insights.

Support in coordinating, facilitating, and making presentations.

Support in business development activities, including preparation of technical and financial proposals and participation in client pursuits.

Work with colleagues across PwC Middle East offices on client engagements and internal initiatives as well as with international teams.

Conduct research on emerging cybersecurity technologies and disseminate knowledge to Cyber & Digital Trust consultants and clients where required.

Assist in developing new service offerings for the Cyber & Digital Trust business unit.

Build deep understanding of regional cybersecurity themes and trends, particularly those impacting clients in government, financial services, energy, and critical infrastructure. Work collaboratively with other cybersecurity experts to shape the future of our clients and to bring about positive change.

You will have access to all of the latest training and development tools and the support of the wider PwC network.

Strong understanding of emerging cybersecurity technologies and standards.

Experience in cybersecurity strategy development, operating model design, culture transformation, as well as cybersecurity governance, risk and compliance management.

Experience interpreting and applying GCC regulatory frameworks (NCA, SAMA, NESA, PDPL, etc.) and international leading practices (ISO 27001, NIST CSF, etc.).

Special experience in identity and access management, SIEM/SOC, security architecture, cloud and DLP is a plus.

Achievement oriented with the ability to be flexible and adaptive on a daily basis.

Excellent organisational skills, having the ability to prioritise workload whilst being resilient and able to cope well under pressure and meet tight deadlines.

Excellent problem solving skills with a structured thinking process.

Strong connections and relationships with clients in Saudi Arabia and the UAE is a plus.

Strong time‑management and organisational skills.

Ability to learn new concepts and carry out technical research.

Proven IT skills in Microsoft Office and G‑suite applications.

Language Skills: Excellent communication skills (verbal and written) in English (Arabic is a plus).

The ability and willingness to travel within the Middle East is a MUST.

Education: B.A/ B.Sc. in Computer Engineering or related field. M.Sc. in Computer Engineering or related field is preferred.

Candidates are expected to hold or be actively pursuing one or more of the globally recognised certifications relevant to Cybersecurity, Digital Trust and Project Management.