Apply now »

Project Manager Cybersecurity

Date:  Jun 30, 2026
Location: 

Dubaï, AE, 114190

Brand:  KEOLIS
Contract Type:  Permanent contract

The Project Manager Cybersecurity controls the day-to-day delivery interface between RTA, the contractor, and internal KM stakeholders, ensuring governance, milestones, deliverables, and acceptance evidence meet the contractual requirements and the RFP. The role is accountable for planning and coordinating all operational gating required for implementation within a live rail environment, including KM change control. Delivery is typically executed within restricted engineering access windows, and requires disciplined readiness checks, testing, communications, contingency planning, and rollback capability.

 

KEY RESPONSIBILITIES 

 

 Strategic

 

  • Lead end-to-end delivery of RTA-sponsored cybersecurity initiatives, ensuring project governance, milestones, and deliverables align with the RFP, contract, and agreed acceptance criteria.
  • Maintain a secure-by-design approach across project life cycle stages, ensuring cybersecurity requirements are built in early and evidenced through testing and documentation.
  • Ensure solutions align with applicable local and international cybersecurity standards, and rail industry expectations for safety-critical environments, including DESC ISR v3.1, DESC ICS v1.0, ISO/IEC 27001:2022, IEC 62443, and CLC/TS 50701:2023.
  • Work in partnership with RTA RMD (Rail Maintenance Department) governance
  • Operate within governance chaired by RTA (typically RTA RMD), ensuring key milestones and acceptance decisions are jointly signed off by RTA and Keolis-MHI in line with the contract and RFP

 

 Financial

  • Manage delivery to agreed budget and schedule baselines for large programmes, including forecasting, variance analysis, and change control.
  • Control scope and cost impacts through disciplined management of variations, claims, and dependencies, working with the Project and Innovation Department on KPIs, commercial controls, and penalty exposure.
  • Monitor contractor performance against delivery KPIs and milestone evidence, escalating deviations through the Project and Innovation Department governance.

 

Stakeholder / Customer 

 

  • Act as KM’s primary day-to-day project manager interface for RTA and the contractor, ensuring transparent communication, clear action tracking, and timely escalation.
  • Coordinate strongly with the Head of Cybersecurity and the cybersecurity team to align delivery with security governance and operational needs
  • Align internal stakeholders across IT, OT, Operations, Maintenance, Safety, and QHSE to ensure delivery is practical for a live metro environment.

 

Operational 

  • Establish and maintain the full project controls pack, including integrated schedule, RAID log (risks, assumptions, issues, dependencies), decision log, change register, and acceptance tracker. 
  • Lead delivery planning and execution for work performed in constrained access windows, typically engineering hours, ensuring correct sequencing, readiness, and rollback planning.
  • Own and manage all approvals required for implementation in critical infrastructure environments, including:
    1. RTA CIMP (Change Impact Management Process) coordination to secure RTA approvals for impacted services and interfaces.
    2. ACCA (Asset Configuration Change Application) initiation, coordination, tracking, and closure within KM change control.
    3. PTW (Permit to Work) management to ensure site works only proceed when formally authorised, safe, and controlled.
  • Ensure the contractor provides compliant and complete work packs, such as method statements, risk assessments, test procedures, and site readiness evidence.
  • Enforce separation between Business ICT and Rail OT networks and ensure Rail OT systems remain isolated and air-gapped unless explicitly approved through change control and security governance.
  • Manage quality assurance across delivery stages including but not limited to:
    1. design reviews
    2. FAT (Factory Acceptance Test)
    3. PICO (Post-installation Check-Out
    4. SAT (Site Acceptance Test)
    5. SIT (System Integration Testing)
    6. UAT (User Acceptance Test)
    7. Security testing, cutover planning, and handover.
  • Ensure delivery outputs support operational sustainment, including RTA SOC integration (log sources, alerts, use cases), runbooks, and support models.

 

Capability / People

  • Lead matrix teams across KM and direct the contractor delivery team through structured governance and delivery management.
  • Drive delivery discipline, documentation quality, and evidence-based acceptance across all workstreams.
  • Promote a safety and security culture, including the right and obligation to stop work if safety or security conditions are not met.

 

DIMENSIONS 

  • Multi-stakeholder delivery model: RTA sponsor and chair, KM project manager, contractor as delivery party under the 3-partite agreement.
  • Delivery context: operational metro and tram environment, critical infrastructure constraints, restricted access windows, and strict change and work authorisation controls.
  • Working at night or during weekends as required for timely project completion in line with HR Policy and UAE Law.
  • Office environment. Occasional travel may be required.

 

MINIMUM QUALIFICATIONS

 

Min.

Required

Desirable

Education
  • Bachelor’s degree in engineering, Information Systems, Computer Science, Cybersecurity, or related discipline.
  • Postgraduate qualification in project management, cybersecurity, or systems engineering.

Experience
  • Strong project management experience in the GCC, preferably within transport, rail, or critical infrastructure environments.
  • Experience in delivering large-scale projects of AED 20m and above, with evidence of schedule and budget ownership. 
  • Demonstrated experience managing contractors and sub-contractors in live operational environments with constrained access windows.
  • Practical exposure to OT/ICS environments and the cybersecurity constraints of safety-critical systems.
  • Overall project delivery experience across complex multi-stakeholder programmes. 
  • Prior delivery exposure to metro or rail systems such as ATC, SCADA, signalling interfaces, telecoms, or OT network backbones.

Skills / Training
  • Project management certification such as PMP or PRINCE2 Practitioner.
  • One or more recognised cybersecurity certifications such as CISSP, CISM, ISO/IEC 27001 Lead Implementer or Lead Auditor, GICSP, or IEC 62443 focused certification.
  • Strong documentation and reporting skills for governance packs, progress reporting, and acceptance evidence.
  • Fluent English, written and spoken.

 
  • Arabic language capability.

 


Job Segment: Project Manager, Cyber Security, Information Systems, Pre-Sales, RFP, Technology, Security, Sales

Apply now »