Associate - IT Audit, Risk Consulting

About PwC Middle East

PwC is a global professional services network with a presence in 152 countries, employing nearly 328,000 professionals. We specialize in Assurance, Tax, and Advisory services, dedicated to helping organizations and individuals create enduring value. For over four decades, we have been instrumental in the Middle East's development, collaborating with governments and businesses to implement sustainable solutions. Our team of over 12,000 professionals across the region actively contributes to shaping its future.

Line of Service Overview

Within PwC Consulting, you will be instrumental in shaping strategies that redefine industries and drive national agendas. We partner with leadership teams to deliver groundbreaking solutions in areas such as enterprise strategy, digital innovation, operational efficiency, cyber resilience, and risk management. Join a dynamic community that champions bold thinking, teamwork, and tangible results, where your expertise will accelerate change and generate lasting value.

Business Unit Overview

As a member of the Risk Consulting team, your role will involve strengthening organizational resilience and fostering trust. You will provide comprehensive advisory services that enable businesses to align their objectives with regulatory mandates, effectively manage risks, and meet the diverse expectations of stakeholders. Our Risk Consulting practice offers a broad spectrum of services, including Internal Audit, Enterprise Risk Management, Governance, Policies and Procedures, Internal Control over Financial Reporting, Process Intelligence and Compliance, and Technology Risk and Cybersecurity. This is where risk management intersects with business transformation, driven by deep insights and a strong sense of purpose.

How You’ll Contribute

As an Associate or Senior Associate in Risk, you will be part of a team dedicated to solving complex business challenges from conception through to implementation. Your responsibilities will encompass:

• Collaborating with a diverse regional team to assist leading enterprises in identifying, analyzing, prioritizing, and responding to technology-related risks.
• Providing expert advice to senior management, cybersecurity, internal audit, compliance, and risk management departments within client organizations on technology risk matters.
• Maintaining a current understanding of the latest threats, trends, and technologies in Information Security (IS) and cybersecurity.
• Evaluating existing and emerging technology risks, and reviewing/testing the design and effectiveness of technology controls.
• Delivering practical insights and recommendations to help protect clients' systems and data from potential threats.
• Working alongside a varied pool of regional and international team members to successfully execute key projects.
• Performing qualitative and quantitative assessments of information and cybersecurity risks, pinpointing high-risk areas and proposing risk mitigation strategies.
• Supporting and advising clients in addressing current and future security and technology risks, including organizational resilience and disaster recovery planning.
• Assessing client environments against prominent international and regional security standards and frameworks, such as ISO27001, NIST CSF, ITILv4, and NCA-ECC, to ensure compliance with regulatory requirements.
• Contributing to the cultivation of strong client relationships and the development of key accounts.

What You’ll Bring

• A Bachelor's degree in a relevant applied science field, such as Computer Engineering, Computer Science, Information Technology Management, or a similar discipline.
• Proficiency in client management, with the ability to engage effectively, gather requirements, and translate them into concrete deliverables.
• Demonstrated experience in conducting stakeholder meetings to evaluate organizational processes, risks, and controls.
• A solid grasp of industry security standards, best practices, tools, and methodologies.
• The capability to identify technical security vulnerabilities and propose effective solutions for remediation.
• An understanding of risk management principles and methodologies, with the ability to apply systematic approaches to risk analysis and response.
• Excellent communication and presentation skills, suitable for engaging both technical and non-technical audiences.
• Preferred professional certifications include CompTIA Security+, Certified in Cybersecurity (ISC)², CISA, ISO 27001, ISO 22301, CRISC, or ITIL Foundations.
• An analytical mindset, enabling the evaluation of the advantages, disadvantages, and rationale behind risk response strategies.
• A professional, adaptable, and collaborative approach to working within diverse teams and on various projects.

How You’ll Make a Difference

At PwC Middle East, we expect all our professionals to embody the principles of The PwC Professional framework, contributing to our strategic goals while fostering personal and professional growth at all levels.

Why You’ll Love Working at PwC

PwC Middle East offers more than just a career; it's an opportunity to build a fulfilling professional journey. We provide competitive compensation, comprehensive benefits, and programs designed to support your well-being, work-life balance, and personal development. You will benefit from continuous learning opportunities, digital upskilling initiatives, and a collaborative environment that values innovation, mentorship, and diversity. Are you ready to make a significant impact? Do you aspire to unlock new value by leveraging your unique perspective and talents? We offer exceptional growth potential. Explore further details about the experience of working at PwC Middle East.