Job Location :- Abu Dhabi, UAE
Email :- hr@staffconnect.ae
WhatsApp :- +971 52 942 1270
Job Role
This role is responsible for leading, coordinating, and driving the Information Security Governance (GRC) and Business Continuity functions across organisation and its subsidiaries. The position ensures effective governance, regulatory compliance, audit readiness, risk oversight, and timely closure of enterprise-wide initiatives and actions. The consultant will operate as a hands-on senior resource, owning end-to-end delivery of critical governance and resilience initiatives, with direct exposure to senior management and all business units. This position requires a senior, highly proactive professional who can independently manage and deliver Information Security and Business Continuity governance functions end-to-end, with strong ownership, attention to detail, and a commitment to operational excellence.
Key Responsibilities
1. Information Security Governance & GRC
- Establish, maintain, and continuously enhance the Information Security Governance, Risk, and Compliance (GRC) framework.
- Define and maintain the organization’s Information Security framework, including policies, standards, procedures, charters, and governance structures.
- Lead enterprise-wide risk management activities, including identification, assessment, treatment, and reporting of information security and operational risks.
- Ensure alignment with regulatory requirements, UAE IA standards, and international frameworks (e.g., ISO 27001, ISO 22301, NIST, etc.), Cybersecurity Council Policies etc.
- Provide governance oversight across critical security domains.
- Support development of annual security plans, objectives, and performance metrics, aligned with organizational strategy.
2. Audit, Compliance & Regulatory Oversight
- Manage and coordinate all internal, external, and regulatory audits (Information Security, Business Continuity, EHS/IMS where relevant).
- Drive end-to-end audit lifecycle management, including Preparation and coordination, Stakeholder alignment, Evidence collection and validation, Audit walkthroughs, and responses
- Ensure timely closure of audit findings, with Clear ownership, Defined remediation plans, Evidence tracking, and Executive reporting
3. Integrated Management System (IMS)
- Coordinate and maintain the Integrated Management System (IMS) across Information Security, Business Continuity, and related domains.
- Ensure all documentation (policies, SOPs, procedures) remains Current, Approved & Effective.
- Aligned to organizational objectives and audit expectations
- Support governance forums including Committees, Working groups and Management reviews
- Manage management system lifecycle activities, including Recertification, Surveillance audits, Scope expansion, and Continuous improvement initiatives
- Act as a primary point of contact for auditors, regulators, and assurance partners.
- Maintain oversight of compliance against applicable frameworks and regulatory mandates, ensuring continuous compliance posture
4. Business Continuity & Operational Resilience
- Manage the Business Continuity Management System (BCMS), Disaster Recovery (DR) plans and operational resilience program.
- Ensure organizational readiness through Regular testing and simulation exercises, Scenario planning, and validation and Post-exercise reporting and improvement tracking
- Oversee development, testing, and maintenance of business continuity, disaster recovery, and crisis management frameworks.
- Ensure the organization is prepared for disruptive events through structured planning, simulations, and executive level reporting.
- Provide strategic input into resilience planning, including technology, people, facilities, and third party dependencies.
5. Awareness, Culture & Human Risk Management
- Define and drive the Information Security and Business Continuity awareness strategy at an enterprise level.
- Ensure awareness initiatives address multiple channels (training, communications, campaigns, and leadership engagement).
- Perform vendor supported awareness and simulation programs, ensuring quality, relevance, and measurable outcomes.
- Promote a strong security and resilience culture across the organization.
6. Identity, Access & Third Party Governance
- Regularly perform identity & access reviews, and segregation of duties across various functions.
- Manage third party risk management, including methodology definition, assessments, and remediation oversight.
- Ensure access, vendor, and supplier risks are identified, reviewed, and managed in line with policy and regulatory expectations.
7. Strategy, Projects & Advisory Role
- Act as a senior advisor to leadership on information security, resilience, and emerging risk topics.
- Engage in enterprise initiatives and projects to ensure security and continuity requirements are embedded early.
- Contribute to long term strategy, annual plans, objectives, and performance reporting.
- Support executive, board, and committee-level reporting, providing clear insights and recommendations.
Key Skills & Experience
Essential
- Strong experience in Information Security, Business Continuity, GRC, or operational resilience roles.
- Proven ability to independently own and deliver complex, cross functional initiatives.
- Hands on experience with audits, regulatory requirements, and standards based environments.
- Ability to work effectively in regulated, high accountability environments.
- Excellent organization, tracking, and follow through skills.
- ISO 27001 / ISO 22301 certification (preferred)
Role Characteristics
- Senior, enterprise wide responsibility
- High level of autonomy and accountability
- Audit and regulator facing role
- Combines strategy, governance, and oversight with hands on experience