Information Security Consultant

Overview

Provide security guidance, manage threats, ensure compliance, and improve security posture.

Key Responsibilities

• incident response
• risk assessment
• security architecture
• cloud security
• policy development
• threat hunting

Tasks

-Support internal and external audits by preparing documentation, evidence of controls, and responses to audit findings. -Lead the response to security incidents and breaches, performing root cause analysis and implementing corrective and preventive actions. -Provide expert advice on secure system designs, network defenses, access controls, and encryption standards. -Prepare clear and detailed reports on security incidents, risk assessment findings, audit outcomes, and remediation progress for management and stakeholders. -Secure cloud configurations in multi-cloud environments, with hands-on expertise in Azure and Microsoft 365, including the implementation of logging, encryption, and secure DevOps practices. -Manage and operate security tools including SIEM, EDR, PAM, DLP, and IDS/IPS to detect, analyse, and respond to threats. -Conduct risk assessments on internal systems, business processes, and third-party vendors to evaluate security controls and ensure compliance with corporate policies and regulatory requirements. -Capture lessons learned from incidents, tests, and assessments, and integrate them into security processes, playbooks, and awareness programs -Monitor and optimize security logs and alerts to ensure effective detection and timely escalation of suspicious activities. -Assist in the maintenance and continual improvement of the Information Security Management System (ISMS), ensuring compliance and documentation aligned with key standards and regulations such as ISO 27001, ISO 20000-1, and UAE IA, PDPL., GDPR -Track and analyse security metrics, trends, and KPIs to measure control effectiveness and highlight areas for improvement -Develop, maintain, and implement corporate information security policies, standards, and procedures aligned with organizational processes and industry best practices. -Proactively hunt for threats across the IT landscape, ensuring the security of core network assets, email gateways, and cloud services. -Participate in Business Continuity (BCP) and Disaster Recovery (DR) testing, as well as cyber crisis tabletop exercises, to validate preparedness and strengthen organizational resilience. -Promote a strong security culture by supporting awareness and training programs, ensuring staff understand their compliance responsibilities. -Collaboration & Influence - Builds networks across functions and resolves conflicts constructively. -Conduct security architecture reviews for new projects, applications, and integrations, ensuring alignment with best practices and compliance standards. -Evaluate, recommend, and deploy security tools and technologies to strengthen the organization’s defensive posture. -Support Zero Trust adoption and embed security into the software development lifecycle (SDLC) by enforcing secure access principles, promoting secure coding practices, and integrating DevSecOps -Accountability and Ownership - Manages projects with minimal supervision and ensures quality results. -Define and track security KPIs and metrics to measure program effectiveness and report on risk posture to management. -Conduct regular vulnerability scans and coordinate penetration testing, validate findings, and drive remediation efforts with relevant teams. -Implement and manage Identity & Access Management (IAM) and Privilege Access Management (PAM) solutions, enforcing least privilege access through regular privilege audits and access reviews. -Research emerging threats, new attack techniques, and innovative security tools to continuously strengthen detection and response capabilities.

Requirements

• iam
• cissp
• siem
• iso 27001
• nist
• 4 years

What You Bring

-Identity & Access Management (IAM) and Privileged Access Management (PAM) – Experience with IAM/PAM solutions and implementing access controls, as well as data protection measures such as encryption and data classification. -A minimum of 4–6 years of hands-on experience in a cybersecurity or IT security role. -Integrity and Compliance - Aligns all actions and decisions with organizational policies and procedures, demonstrating a strong commitment to professional standards and ethics. -Agility and Adaptability - Manages change smoothly and supports others during transitions. -Certifications (Mandatory): CISSP or CISM. -Business Acumen - Understands the challenges and objectives of internal business units and takes the initiative to provide effective and pragmatic security solutions. -Security Operations - Strong hands-on expertise in incident response, log analysis, IOC analysis and managing platforms like SIEM, EDR, PAM and DLP -Frameworks & Standards: Familiarity with ISO 27001, ISO 20000-1, NIST CSF, MITRE ATT&CK, and CIS Controls. -Analytical & Problem-Solving Skills - Exhibits strong analytical, troubleshooting, and problem-solving skills, with a proven ability to work effectively under pressure. -Customer Focus - Understands customer challenges and takes initiative to resolve them effectively. -Certifications (Preferred): ISO 27001 Lead Implementer or Lead Auditor, Cloud/Azure security certifications, and technical certifications such as CEH or OSCP. -Vulnerability Management - Proficiency with penetration testing and vulnerability assessment tools. -Knowledge: Strong understanding of security frameworks (e.g., ISO 27001, NIST CSF), risk management principles, and regulatory compliance (e.g., GDPR, UAE PDPL). Familiarity with IT Service Management (ITIL best practices) is preferred. -Bachelor’s degree in computer science, Information Security, or a related field -Compliance: Experience with compliance efforts for regulations such as UAE Information Assurance (IA) Standards, PDPL and GDPR. -Network & Cloud Security – Strong knowledge of firewalls, IDS/IPS, WAF, VPNs, and security configurations in hybrid environments. -Communication Skills - Possesses excellent written and verbal communication skills, with the ability to articulate complex technical concepts to both technical and non-technical audiences.

People Also Searched For

About United Al Saqer Group

-operations span across automotive, industrial, and real estate sectors, serving both public and private sectors -automotive division is one of the leading distributors of premium vehicles in the region -industrial sector provides innovative solutions for construction, transport, and logistics industries -real estate arm is responsible for several landmark developments across the UAE -consistently expanded its portfolio by acquiring and partnering with global industry leaders -reputation for quality and reliability keeps them at the forefront of their industries -offers a wide range of products and services, catering to the evolving needs of the market

Sector Specialisms