GRC Expert - Cyber Security

About KPMG Qatar

KPMG has had a presence in Qatar for nearly 47 years. We opened for business in Qatar in 1977 and are now one of the largest and most prestigious professional services firms in the country.

KPMG in Qatar employs over 350 professional staff and partners. We recruit the best and brightest from around the world and currently employ 28 nationalities. For our clients, this means we provide Audit, Tax and Advisory services locally, drawing on the latest thinking and best practice from around the world.

Business Unit Overview

KPMG's Advisory practice is one of the largest Advisory businesses worldwide and the major growth area for our organization. Our services are focused on the Finance Function, and we work with clients in identifying and tackling their challenges in Growth, Governance and Performance. Our Advisory teams support businesses as they restructure and expand, whether organically or by acquisition. We help them to become more efficient and provide support as they adapt to the challenges posed by a rapidly changing business environment

Role Overview

In this role, you will support the delivery of cybersecurity GRC (Governance, Risk, and Compliance) services across client engagements. You will be responsible for conducting assessments, leading workshops, and helping clients align with relevant frameworks and regulations. The role involves working closely with stakeholders to enhance cloud security, manage risk, and ensure compliance with evolving standards such as QCSF and PDPPL.

Primary Job Responsibilities & Accountabilities

• Provide GRC support across multiple client engagements, focusing on cloud security, data protection, and risk management.

• Lead client workshops and workstreams (e.g., Data Classification, Privacy, Risk Management) and deliver targeted training.

• Prepare high-quality technical documentation, reports, and client presentations.

• Capture, validate, and assess controls through client consultations and evidence reviews.

• Highlight areas of non-conformance and collaborate with stakeholders on remediation strategies.

• Align client practices with frameworks such as ISO 27001, QCSF, PDPPL, and CRA’s Cloud Policy Framework.

• Stay up to date with regulatory updates and trends in cloud and AI security.

• Contribute to internal knowledge-building and challenge client assumptions with expert insights.

Qualification and Experience

• 8+ years of experience in cybersecurity GRC, ideally within a consulting or professional services

firm (industry experience considered).

• Strong understanding of GRC frameworks and compliance standards including ISO 27001, QCSF, PDPPL, and cloud governance models.

• Proven ability to conduct assessments, lead workshops, and produce technical documentation.

• Familiarity with cloud technologies, risk assessment methodologies, and AI security considerations.

• Excellent communication, client management, and problem-solving skills.

• Relevant certifications (e.g., CISSP, CISM) are highly desirable.