Cyber Security Director Cyber Security Director …

Ernst & Young Middle East (Dubai Branch)
in Doha, Dawhah, Qatar
Permanent, Full time
Last application, 15 Jul 19
Ernst & Young Middle East (Dubai Branch)
in Doha, Dawhah, Qatar
Permanent, Full time
Last application, 15 Jul 19
Cyber Security Director
Cyber Security is one of the most important risks facing businesses today. Systems and processes are becoming increasingly interconnected and automated and many organizations are now reliant upon technology to drive business strategy and growth. Our clients are overwhelmingly turning to EY for help and guidance on how to protect their assets, minimise business disruption and improve security as they continue to exploit technology and the Internet of things (IoT).

The opportunity

At EY we have ambitious plans to expand our already market leading Cybersecurity practice. With investment secured, we continue to build our MENA based cyber practice and anticipate continued growth throughout the next five years. We need excellent people, across all grades, to join us and to be part of our exciting growth strategy . Interested and have what it takes to develop into a market leading expert in a fast evolving and exciting growth area?

Your key responsibilities

A large part of your role will be business development. We'll expect you to proactively identify opportunities, create and deliver engaging, high quality proposals and convert these opportunities into sales. You will be responsible, alongside the other directors, for keeping the team fully utilised and for winning work that helps to grow the business further. You will also provide oversight over large programmes of work and will be responsible for the overall delivery and quality of the final reports to our clients.

You will have responsibility for;

· Developing the market for Cyber Security services across all sectors, maintaining long term relationships with senior stakeholders across the FTSE 350 market

· Delivering sales into the team and for maintaining an ongoing pipeline of opportunities which continues to result in ongoing sales.

· Advocating and championing Cyber Security service both internally to our wider network of colleagues and to our clients and the wider market

· Leading a portfolio of cyber engagements with our clients, directing and developing teams to deliver the highest quality Cyber Security solutions and services

· Working with prospective clients to identify opportunities and scope engagements

· Overseeing the production of reports and via review ensuring the highest quality output for both technical and executive audiences.

· Managing and developing the practice, identifying client issues and creating tailored solutions that can benefit multiple clients

· Championing EY and the cyber security team, helping to attract and retain world-class talent

· Supervising the existing cyber risk team acting as mentor and coach to grow their technical and consulting skills

· Contributing to the latest thought-leadership and industry research relating to cyber security

Your role will broadly constitute circa 65% market facing business development and sales, working with existing and potential clients to identify opportunities to help improve their cyber security posture and 35% management and oversight of engagements.

Skills and attributes for success

An existing track record of business development and sales in information and cyber security is expected of all candidates for this role. A Big 4 background or comparable consulting experience is highly advantageous. A broad background across security is expected with specific experience in two or more of the following areas, essential;

· Security strategy, assessment, designing and implementing security strategy, governance frameworks over processes, controls, organisation and infrastructure to management cyber security

· Security transformation programmes - design and management of security solution implementations and / or remediation programmes to address risks across AV, patching, secure build, vulnerability scanning & remediation, logging and monitoring, segregation, threat management, user awareness

· Identity and access management (IDAM), assessing current IDAM practices and designing solutions to improve JML processes, privileged access and recertification programmes.

· Breach and incident management, design and implementation of breach and major incident management practices

· Security policies and procedures, design and implementation of security policies, procedures, standards and controls in line with regulation and/or current standards, ISO27001, NIST, SANS etc.

· Data privacy, implementation of data protection / GDPR programmes to address confidentiality and security over customer, employee or patient data.

· Resilience, design and implementation of programmes to improve IT Disaster Recovery, Business Continuity

· Cyber awareness programmes, design and delivery of cyber security awareness programmes to executive level or wider organisation

· Security over operational technology and control systems (SCADA)

· Security architecture - creating secure architecture designs for solutions, designing secure patterns for reuse and the delivery of architectural reviews using TOGAF or SABA. Security around emerging technology platforms - mobile device platforms (iOS, Android), cloud services (IaaS, PaaS, SaaS), Big Data, Social media


· Security relation qualifications such as CISSP, CISM, CISMP, ISO27001 lead implementer or auditor, MBCI, IAPP(desirable)

· Project and programme related qualifications; Prince II, Scrum, Agile

What we look for