EY Assistant Manager - Risk Consulting Digital 

United Arab Emirates, Abu Dhabi Emirate, Abu Dhabi 

488145171

Assistant Manager – Digital Risk

As organizations look to leverage the advantage technology offers, we’ll work with you to develop the consultancy and analytical skills that you’ll need in today’s environment. Working on projects that cross borders and sectors, the experiences you gain here will be more valuable than anywhere else.

Your key responsibilities

As Assistant Manager you will be required to work effectively as a team member, draw on your knowledge and experience to solve complex issues and support the MENA local Partner(s) and senior executives, and build relationships with MENA internal clients and peers.

As an Assistant Manager

• Everything you will be involved in comes down to providing excellent customer service and helping our teams do the same. Whether it is working with multiple client teams, advising the clients on IT Risk related matters, or assisting executives with business development activities across various sectors, you will build strong relationships and become a trusted advisor to your MENA clients.

• You will participate in MENA engagements, working effectively as a team member, providing support, maintaining communication and updating senior team members on progress. You will assist in client service delivery, participate in all assigned tasks, and assist in preparing reports that will be delivered to clients and other parties.

To qualify for the role, you must have.

• Bachelor’s or master’s degree in computer science, information systems or a related discipline. Alternatively, a degree in business, accounting, finance, with additional IT qualifications.
• 5 + years of relevant experience of working as IT risk consultant or an IT auditor for a public accounting firm, professional services firm, technology company, telecom company or a financial services company, or comparable experience as an IT/IS consultant.
• Relevant experience areas include, but not limited to, IT Risk assessment and management, Digital Trust, Mobile Technology assessments, Emerging Technologies (Robotics, IoT, Cloud and Blockchain), ERP control validations (SAP, Oracle, MS Dynamics), systems and networking technologies, IT/Business process and internal control assessments, internal audit engagements, external audit integration, application of data analytics, and/or third-party reporting, etc.

Cybersecurity, Privacy & Data Protection Compliance:

• Lead and perform Privacy Impact Assessments (PIAs), Data Protection Impact Assessments (DPIAs), Legitimate Interest Assessments (LIAs), and Transfer Impact Assessments (TIAs).
• Maintain and update the Records of Processing Activities (RoPA) in compliance with GDPR and other data protection laws.
• Ensure cross-border data transfers comply with legal mechanisms (e.g., SCCs, BCRs, adequacy decisions).
• Develop, implement, and maintain comprehensive privacy and cybersecurity programs aligned with international standards including ISO 27001, ISO 27701, and NIST Cybersecurity Framework 2.0 (CSF).
• Ensure compliance with regional regulations such as Dubai Information Security Regulation (Dubai ISR) and UAE Information Assurance Requirements (UAE IAR), supporting both privacy and cybersecurity mandates

Security & DLP Implementation:

• Work with the team to design, implement, and manage and access Data Loss Prevention (DLP) technologies and policies across endpoints, cloud, and email systems.
• Collaborate on securing personal and sensitive data through encryption, access control, and secure storage practices.
• Collaborate with Security Operations Center (SOC) for real-time investigation of: Data exfiltration attempts , Unauthorized access to sensitive folders or file shares, Lateral movement involving high-value data.
• Drive the implementation and validation of Business Continuity Management (BCM) and Incident Response (IR) plans specifically addressing privacy breaches and cybersecurity incidents.

Audits, Monitoring & Risk Assessments:

• Plan and execute internal and third-party data privacy audits and cybersecurity risk assessments.
• Conduct cybersecurity maturity assessments to evaluate organizational risk posture, identify gaps, and recommend remediation in alignment with NIST, ISO, and UAE frameworks (ISR and IAR).
• Lead or support mobile application security and privacy assessments, ensuring secure development lifecycle practices and data protection controls.
• Perform network security assessments, including vulnerability analysis and penetration testing coordination, to identify potential attack vectors and privacy risks.
• Define and enforce encryption standards (AES-256 at rest, TLS 1.2+ in transit) , Audit encryption coverage in structured and unstructured data stores , Work with DevOps to integrate encryption into infrastructure-as-code (IaC) pipelines.
• Collaborate with vendors and partners to assess their privacy posture and complete privacy/security questionnaires.
• Conduct cybersecurity risk assessments for New vendor tools and services (focus: SaaS, cloud storage, APIs) ,High-risk internal systems (HRIS, CRM, analytics platforms) ,Data pipelines that aggregate personal or behavioural information.

Policy, Training & Governance:

• Draft, review, and maintain policies and procedures relating to data protection, privacy, and information security.
• Lead company-wide privacy and security awareness training programs.
• Act as a subject matter expert on data privacy and security best practices across teams and departments.
• Fluent Arabic and/or English communication skills at a professional level.
• Strong verbal and written communication with out of box thinking abilities.
• Proficient in MS Office products (Project, Word, Excel, PowerPoint)
• EY is actively looking to enhance the recruitment and retention of nationals and females across all MENA/GCC offices.

Ideally, you’ll also have

• CISA, CISSP, CISM, and/or CIA certification is essential for long-term growth in the role; Based on an individual’s professional background, area of specialization or industry focus, we recognize that other certifications, credentials or experience may be more relevant than the listed certifications and therefore may be acceptable.
• Experience of working in a similar role with an international consulting firm
• More operationally focused in working and institutionalizing best practices and process

What we offer

We offer a competitive compensation package where you’ll be rewarded based on performance and recognized for the value you bring to our business. Plus, we offer:

• Long-term career: we are a Big-4 global firm operating in almost all countries of the world.
• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.