Information Security Governance & Business Continuity Consultant

This role is responsible for leading, coordinating, and driving the Information Security Governance (GRC) and Business Continuity functions across the organization and its subsidiaries. The position ensures effective governance, regulatory compliance, audit readiness, risk oversight, and timely closure of enterprise-wide initiatives and actions.

The consultant will operate as a hands on senior resource, owning end to end delivery of critical governance and resilience initiatives, with direct exposure to senior management and all business units.

Note: This is a hands on execution and ownership role with full accountability across initiatives. It is not a people management or delegation based position.

Key Responsibilities

• 1. Information Security Governance & GRC

  Establish, maintain, and continuously enhance the Information Security Governance, Risk, and Compliance (GRC) framework. Define and maintain the organization's Information Security framework, including policies, standards, procedures, charters, and governance structures. Lead enterprise wide risk management activities, including identification, assessment, treatment, and reporting of information security and operational risks. Ensure alignment with regulatory requirements, UAE IA standards, international frameworks (e.g., ISO 27001, ISO 22301, NIST), and Cybersecurity Council policies. Provide governance oversight across critical security domains. Support development of annual security plans, objectives, and performance metrics aligned with organizational strategy.

• 2. Audit, Compliance & Regulatory Oversight

  Manage and coordinate all internal, external, and regulatory audits (Information Security, Business Continuity, EHS/IMS where relevant). Drive end to end audit lifecycle management, including preparation and coordination, stakeholder alignment, evidence collection and validation, audit walkthroughs and responses.

  Ensure timely closure of audit findings with clear ownership, defined remediation plans, evidence tracking, and executive reporting.

• 3. Integrated Management System (IMS)

  Coordinate and maintain the Integrated Management System across Information Security, Business Continuity, and related domains, ensuring all documentation (policies, SOPs, procedures) remains current, approved, and effective. Align with organizational objectives and audit expectations. Support governance forums-including committees, working groups, and management reviews-and manage lifecycle activities such as recertification, surveillance audits, scope expansion, and continuous improvement initiatives.

• 4. Business Continuity & Operational Resilience

  Manage the Business Continuity Management System, Disaster Recovery plans, and operational resilience program. Ensure organizational readiness through regular testing and simulation exercises, scenario planning and validation, and post exercise reporting and improvement tracking.

  Oversee development, testing, and maintenance of business continuity, disaster recovery, and crisis management frameworks, and provide strategic input into resilience planning-including technology, people, facilities, and third party dependencies.

• 5. Awareness, Culture & Human Risk Management

  Define and drive enterprise level awareness strategy for Information Security and Business Continuity, targeting multiple channels such as training, communications, campaigns, and leadership engagement. Execute vendor supported awareness and simulation programs and promote a strong security and resilience culture across the organization.

• 6. Identity, Access & Third Party Governance

  Regularly perform identity and access reviews and segregation of duties across functions. Manage third party risk management, including methodology definition, assessments, and remediation oversight, and ensure access, vendor, and supplier risks are identified and managed in line with policy and regulatory expectations.

• 7. Strategy, Projects & Advisory Role

  Act as a senior advisor to leadership on information security, resilience, and emerging risk topics. Engage in enterprise initiatives and projects to embed security and continuity requirements early. Contribute to long term strategy, annual plans, objectives, and performance reporting, and support executive, board, and committee level reporting with clear insights and recommendations.

Key Skills & Experience Essential

• Strong experience in Information Security, Business Continuity, GRC, or operational resilience roles.
• Proven ability to independently own and deliver complex, cross functional initiatives.
• Hands on experience with audits, regulatory requirements, and standards based environments.
• Ability to work effectively in regulated, high accountability environments.
• Excellent organization, tracking, and follow through skills.
• ISO 27001 / ISO 22301 certification preferred.