GRC Expert | Cyber Security - Senior Consultant

KPMG has had a presence in Qatar for nearly 47 years. We opened for business in Qatar in 1977 and are now one of the largest and most prestigious professional services firms in the country.

KPMG in Qatar employs over 350 professional staff and partners. We recruit the best and brightest from around the world and currently employ 28 nationalities. For our clients, this means we provide Audit, Tax and Advisory services locally, drawing on the latest thinking and best practice from around the world.

KPMG's Advisory practice is one of the largest Advisory businesses worldwide and the major growth area for our organization. Our services are focused on the Finance Function, and we work with clients in identifying and tackling their challenges in Growth, Governance and Performance. Our Advisory teams support businesses as they restructure and expand, whether organically or by acquisition. We help them to become more efficient and provide support as they adapt to the challenges posed by a rapidly changing business environment

In this role, you will support the delivery of client-facing activities, including conducting workshops, trainings, and assessments, while providing Governance, Risk, and Compliance (GRC) expertise. You will collaborate with stakeholders to ensure alignment with industry standards and best practices, contributing to the enhancement of organizational cybersecurity programs. Your responsibilities will include guiding clients on risk management, compliance, and governance strategies, with a focus on cloud security and evolving technologies.

• Provide GRC support across multiple client engagements, ensuring effective delivery of services.
• Conduct and lead workshops or workstreams on topics such as Data Classification, Privacy, and Risk Management for diverse clients.
• Capture and validate security and compliance controls through client discussions and assessments.
• Prepare comprehensive technical documentation, artifacts, and presentations.
• Present findings and recommendations in workshops and stakeholder meetings.
• Identify areas of non-conformance, collaborate with internal and external teams, and recommend corrective actions.
• Review evidence and validate compliance posture in alignment with frameworks like QCSF and PDPPL.
• Stay updated on emerging trends in cloud security, AI security, and other relevant technologies.
• Actively participate in developing subject-specific insights and challenging client assumptions to deliver impactful results.

• 5–8 years of experience in cybersecurity, GRC, and risk assessment, preferably within consulting or professional services firms. Industry experience with diverse cybersecurity GRC coverage will also be considered.
• Proficiency in governance models, compliance standards, and frameworks, including ISO 27001, QCSF, and CRA’s Cloud Policy Framework.
• Demonstrated expertise in cloud technologies and emerging security trends, including AI security.
• Strong analytical, problem-solving, and communication skills.
• Relevant certifications (e.g., CISSP, CISM) are highly desirable.
• Experience preparing technical documentation and delivering presentations or workshops.
• Familiarity with maturity models like CMMI and Forrester SMAM is a plus.