linkedin
Director of CyberSecurity & GRC
CyberA Solutions
Dubai, UAE
Full Time
Director
1 months ago
CybersecurityGRCISO 27001PCI DSSNIST CSFSOC Design
Free
Job Fit Check
Base Career helps you apply smarter for this job.
?%
Ready to ScanKey skills for this role
CybersecurityGRCISO 27001
About the Role
CyberA Solutions seeks a Director of Cybersecurity & GRC to design and lead the cybersecurity portfolio, services, and delivery capability. The role requires 10+ years in cybersecurity with 3-5 years in leadership, hands-on experience with frameworks like ISO 27001, PCI DSS, NIST CSF, and SOC design.
Key Skills for This Role
CybersecurityGRCISO 27001PCI DSSNIST CSFSOC Design
Responsibilities
- Define and continuously evolve Cybera’s cybersecurity service catalogue across GRC, SOC as a Service, managed detection, offensive security, and vCISO/advisory offerings
- Lead design and implementation of cybersecurity frameworks and programmes for clients, including ISO 27001/27017 ISMS, PCI DSS, NIST CSF, etc.
- Architect and govern SOC service offerings (IT and OT where applicable), including SIEM/SOAR strategy, control mapping to MITRE ATT&CK, and KPI/KRI definitions
- Collaborate with product/engineering to shape CyberA’s platform roadmap (GRC modules, dashboards, automation, reporting) based on client requirements and regulatory trends
- Manage and mentor a team of cybersecurity professionals (GRC consultants, SOC engineers/analysts, penetration testers, security architects)
- Own quality and consistency of client deliverables: policies and standards, risk registers, treatment plans, audit reports, playbooks, runbooks, and executive presentations
- Lead or support presales activities: discovery workshops, gap assessments, solution design, proposals, PoCs, and executive briefings with CxO stakeholders
- Act as senior advisor to C level executives and boards on cyber risk, security architecture, and regulatory compliance for key accounts
- Establish and monitor practice level KPIs and OKRs (utilisation, NPS, renewal/upsell rates, time to value) and report regularly to the CISO and CEO
- Contribute to thought leadership and capability building: internal playbooks, knowledge sharing, training programmes
Requirements
- 10+ years in cybersecurity, with at least 3–5 years in a leadership role (practice lead, head of cybersecurity, director, senior manager) covering multiple domains (GRC, SOC, offensive security, architecture)
- Demonstrable experience in building or significantly scaling a cybersecurity practice or MSSP function
- Hands on experience implementing and maintaining at least three of: ISO 27001/27017, PCI DSS, NIST CSF, NIST SP 800 171, NCA CST, SAMA, PDPL, or equivalent regional frameworks
- Proven background in SOC design and governance, SIEM/SOAR projects (QRadar, Splunk, ELK, Resilient, TheHive, etc.), and mapping use cases/controls to MITRE ATT&CK
- Strong experience in client facing consulting roles with financial services, telecom, government, or critical infrastructure clients
- Track record of leading and developing technical teams, including hiring, performance management, and competency development
- Excellent written and spoken English; strong executive communication and presentation skills
Full Job Posting
Role Overview
- We are looking for a Director of Cybersecurity & GRC to help design and lead CyberA’s cybersecurity portfolio, services, and delivery capability. The role will own the build out of our MCSP offerings (SOC, GRC, offensive security, advisory) and manage a multi disciplinary cybersecurity team, working
Key Responsibilities
- Define and continuously evolve Cybera’s cybersecurity service catalogue across GRC, SOC as a Service, managed detection, offensive security, and vCISO/advisory offerings.
- Lead design and implementation of cybersecurity frameworks and programmes for clients, including ISO 27001/27017 ISMS, PCI DSS, NIST CSF, NIST SP 800 171, NCA CST, SAMA, PDPL, and other regional regulations as relevant.
- Architect and govern SOC service offerings (IT and OT where applicable), including SIEM/SOAR strategy, control mapping to MITRE ATT&CK, and KPI/KRI definitions for SOC performance.
- Collaborate with product/engineering to shape CyberA’s platform roadmap (GRC modules, dashboards, automation, reporting) based on client requirements and regulatory trends.
- Manage and mentor a team of cybersecurity professionals (GRC consultants, SOC engineers/analysts, penetration testers, security architects), establishing clear role definitions, training plans, and progression paths.
- Own quality and consistency of client deliverables: policies and standards, risk registers, treatment plans, audit reports, playbooks, runbooks, and executive presentations.
- Lead or support presales activities: discovery workshops, gap assessments, solution design, proposals, PoCs, and executive briefings with CxO stakeholders.
- Act as senior advisor to C level executives and boards on cyber risk, security architecture, and regulatory compliance for key accounts.
- Establish and monitor practice level KPIs and OKRs (utilisation, NPS, renewal/upsell rates, time to value) and report regularly to the CISO and CEO.
- Contribute to thought leadership and capability building: internal playbooks, knowledge sharing, training programmes, and possibly a Cybera Academy style enablement function for clients and partners.
Required Experience
- 10+ years in cybersecurity, with at least 3–5 years in a leadership role (practice lead, head of cybersecurity, director, senior manager) covering multiple domains (GRC, SOC, offensive security, architecture).
- Demonstrable experience in building or significantly scaling a cybersecurity practice or MSSP function (e.g., service catalogue design, methodology, delivery governance, KPIs).
- Hands on experience implementing and maintaining at least three of: ISO 27001/27017, PCI DSS, NIST CSF, NIST SP 800 171, NCA CST, SAMA, PDPL, or equivalent regional frameworks.
- Proven background in SOC design and governance, SIEM/SOAR projects (QRadar, Splunk, ELK, Resilient, TheHive, etc.), and mapping use cases/controls to MITRE ATT&CK.
- Strong experience in client facing consulting roles with financial services, telecom, government, or critical infrastructure clients.
- Track record of leading and developing technical teams, including hiring, performance management, and competency development.
- Excellent written and spoken English; strong executive communication and presentation skills.
Nice to have Experience
- Prior experience in a GCC based MSSP or cybersecurity consulting firm.
- Exposure to cloud security (AWS/Azure) and cloud related compliance (ISO 27017, shared responsibility, multi tenant SOC).
- Experience contributing to or working with regulators, central banks, or national cybersecurity authorities.
- Familiarity with GRC platforms (e.g., Archer, ServiceNow, Eramba) and building unified control frameworks.
- Relevant certifications such as CISSP, CISM, ISO 27001 LA/LI, SABSA, GIAC (GCIH, GCIA, GMON), or equivalent.
What Success Looks Like in 12–18 Months
- A clearly defined, market ready cybersecurity service portfolio with standard methodologies, templates, and SLAs.
- An operating SOC/GRC function with measurable KPIs and repeatable onboarding of new clients.
- A high performing team in place, with robust onboarding, training, and quality governance.
- Strong reference clients and case studies in at least two priority verticals (e.g., financial services and telecom).
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career