Information Security Consultant

The Information Security Consultant will be responsible for assessing, designing, and implementing security solutions to protect an organization’s digital assets and ensure compliance with UAE cybersecurity regulations. Working across various industries, the consultant will provide expert guidance on risk management, incident response, and security architecture, while liaising with both technical and executive stakeholders. The role demands a thorough understanding of local and international security frameworks and the ability to tailor strategies to meet the evolving threat landscape in the UAE.

Responsibilities:

• Conducting security assessments, audits, and gap analyses to evaluate the effectiveness of current cybersecurity measures.

• Developing and implementing comprehensive information security policies, procedures, and frameworks aligned with UAE laws (e.g., NESA, DESC, and ADHICS).

• Designing and recommending security architecture solutions including firewalls, encryption, and endpoint protection systems.

• Leading incident response planning and managing forensic investigations in case of breaches or security incidents.

• Advising on compliance with regulatory requirements such as UAE Federal Decree-Law No. 45 of 2021 (PDPL) and relevant sector-specific guidelines.

• Coordinating with IT and risk management teams to conduct threat modeling and vulnerability assessments.

• Providing cybersecurity awareness training to staff and ensuring secure behavior across the organization.

• Supporting procurement and vendor assessments to ensure secure third-party integrations and supply chain security.

Requirements:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field; Master’s degree or certifications are preferred.

• Minimum of 5–7 years of experience in information security consulting, preferably with exposure to UAE regulatory environments.

• In-depth knowledge of cybersecurity frameworks including ISO 27001, NIST, and SANS.

• Strong understanding of cloud security, network protection, identity management, and data encryption methods.

• Experience working with UAE entities and familiarity with local cybersecurity regulations and reporting procedures.

• Excellent analytical, communication, and stakeholder management skills.

• Fluency in English is required; Arabic is a plus for communication with public sector and local clients.