Information Security Consultant

Overview

1. Information Security Governance & GRC

• Establish, maintain, and continuously enhance the Information Security Governance, Risk, and Compliance (GRC) framework.
• Define and maintain the organization’s Information Security framework, including policies, standards, procedures, charters, and governance structures.
• Lead enterprise-wide risk management activities, including identification, assessment, treatment, and reporting of information security and operational risks.
• Ensure alignment with regulatory requirements, UAE IA standards, and international frameworks (e.g., ISO 27001, ISO 22301, NIST, etc.), Cybersecurity Council Policies etc.
• Provide governance oversight across critical security domains.
• Support development of annual security plans, objectives, and performance metrics, aligned with organizational strategy.

2. Audit, Compliance & Regulatory Oversight

• Manage and coordinate all internal, external, and regulatory audits (Information Security, Business Continuity, EHS/IMS where relevant).
• Drive end-to-end audit lifecycle management, including Preparation and coordination, Stakeholder alignment, Evidence collection and validation, Audit walkthroughs, and responses
• Ensure timely closure of audit findings, with Clear ownership, Defined remediation plans, Evidence tracking, and Executive reporting

3. Integrated Management System (IMS)

• Coordinate and maintain the Integrated Management System (IMS) across Information Security, Business Continuity, and related domains.
• Ensure all documentation (policies, SOPs, procedures) remains Current, Approved & Effective.
• Aligned to organizational objectives and audit expectations
• Support governance forums including Committees, Working groups and Management reviews
• Manage management system lifecycle activities, including Recertification, Surveillance audits, Scope expansion, and Continuous improvement initiatives
• Act as a primary point of contact for auditors, regulators, and assurance partners.
• Maintain oversight of compliance against applicable frameworks and regulatory mandates, ensuring continuous compliance posture

4. Business Continuity & Operational Resilience

• Manage the Business Continuity Management System (BCMS), Disaster Recovery (DR) plans and operational resilience program.
• Ensure organizational readiness through Regular testing and simulation exercises, Scenario planning, and validation and Post-exercise reporting and improvement tracking
• Oversee development, testing, and maintenance of business continuity, disaster recovery, and crisis management frameworks.
• Ensure the organization is prepared for disruptive events through structured planning, simulations, and executive‑level reporting.
• Provide strategic input into resilience planning, including technology, people, facilities, and third‑party dependencies.

5. Awareness, Culture & Human Risk Management

• Define and drive the Information Security and Business Continuity awareness strategy at an enterprise level.
• Ensure awareness initiatives address multiple channels (training, communications, campaigns, and leadership engagement).
• Perform vendor‑supported awareness and simulation programs, ensuring quality, relevance, and measurable outcomes.
• Promote a strong security and resilience culture across the organization.

6. Identity, Access & Third‑Party Governance

• Regularly perform identity & access reviews, and segregation of duties across various functions.
• Manage third‑party risk management, including methodology definition, assessments, and remediation oversight.
• Ensure access, vendor, and supplier risks are identified, reviewed, and managed in line with policy and regulatory expectations.

7. Strategy, Projects & Advisory Role

• Act as a senior advisor to leadership on information security, resilience, and emerging risk topics.
• Engage in enterprise initiatives and projects to ensure security and continuity requirements are embedded early.
• Contribute to long‑term strategy, annual plans, objectives, and performance reporting.
• Support executive, board, and committee-level reporting, providing clear insights and recommendations.

Essential

• Strong experience in

Information Security, Business Continuity, GRC

• , or operational resilience roles.
• Proven ability to independently own and deliver complex, cross‑functional initiatives.
• Hands‑on experience with audits, regulatory requirements, and standards‑based environments.
• Ability to work effectively in regulated, high‑accountability environments.
• Excellent organization, tracking, and follow‑through skills.
• ISO 27001 / ISO 22301 certification (preferred)

Role Characteristics

• Senior, enterprise‑wide responsibility
• High level of autonomy and accountability
• Audit‑ and regulator‑facing role
• Combines strategy, governance, and oversight with hands‑on experience
• Note: This is a hands-on execution and ownership role with full accountability across initiatives.
• It is not a people-management or delegation-based position.