Information Security Consultant

Established more than 40 years ago, the United Al Saqer Group (UASG) is one of the leading multi-sector business groups in the United Arab Emirates. The UASG owns and operates a diverse yet complementary portfolio of six UAE-based companies encompassing several key industry sectors, which includes Abu Dhabi Motors, Dalma Motors, Al Saqer Heavy Equipment, Al Saqer Property Management, Royal International Construction, and Royal Joinery.

We are recruiting a Information Security Consultant to join our exceptional ICT Department. The person is responsible for providing expert guidance on information security strategies, assessing risks, developing policies, and implementing solutions to safeguard the organization’s data, systems, and infrastructure. The Information Security Consultant ensures compliance with cybersecurity standards and supports the organization’s efforts in mitigating security threats and vulnerabilities.

AREA OF RESPONSIBILITY:

Security Operations & Threat Management:

• Manage and operate security tools including SIEM, EDR, PAM, DLP, and IDS/IPS to detect, analyse, and respond to threats.

• Lead the response to security incidents and breaches, performing root cause analysis and implementing corrective and preventive actions.

• Proactively hunt for threats across the IT landscape, ensuring the security of core network assets, email gateways, and cloud services.

• Conduct regular vulnerability scans and coordinate penetration testing, validate findings, and drive remediation efforts with relevant teams.

• Monitor and optimize security logs and alerts to ensure effective detection and timely escalation of suspicious activities.

Security Architecture & Engineering:

• Provide expert advice on secure system designs, network defenses, access controls, and encryption standards.

• Secure cloud configurations in multi-cloud environments, with hands-on expertise in Azure and Microsoft 365, including the implementation of logging, encryption, and secure DevOps practices.

• Implement and manage Identity & Access Management (IAM) and Privilege Access Management (PAM) solutions, enforcing least privilege access through regular privilege audits and access reviews.

• Conduct security architecture reviews for new projects, applications, and integrations, ensuring alignment with best practices and compliance standards.

• Support Zero Trust adoption and embed security into the software development lifecycle (SDLC) by enforcing secure access principles, promoting secure coding practices, and integrating DevSecOps

• Evaluate, recommend, and deploy security tools and technologies to strengthen the organization’s defensive posture.

Governance, Risk & Compliance:

• Develop, maintain, and implement corporate information security policies, standards, and procedures aligned with organizational processes and industry best practices.

• Assist in the maintenance and continual improvement of the Information Security Management System (ISMS), ensuring compliance and documentation aligned with key standards and regulations such as ISO 27001, ISO 20000-1, and UAE IA, PDPL., GDPR

• Conduct risk assessments on internal systems, business processes, and third-party vendors to evaluate security controls and ensure compliance with corporate policies and regulatory requirements.

• Support internal and external audits by preparing documentation, evidence of controls, and responses to audit findings.

• Promote a strong security culture by supporting awareness and training programs, ensuring staff understand their compliance responsibilities.

• Define and track security KPIs and metrics to measure program effectiveness and report on risk posture to management.

Reporting & Continuous Improvement:

• Prepare clear and detailed reports on security incidents, risk assessment findings, audit outcomes, and remediation progress for management and stakeholders.

• Track and analyse security metrics, trends, and KPIs to measure control effectiveness and highlight areas for improvement

• Capture lessons learned from incidents, tests, and assessments, and integrate them into security processes, playbooks, and awareness programs

• Research emerging threats, new attack techniques, and innovative security tools to continuously strengthen detection and response capabilities.

• Participate in Business Continuity (BCP) and Disaster Recovery (DR) testing, as well as cyber crisis tabletop exercises, to validate preparedness and strengthen organizational resilience.

QUALIFICATIONS & CERTIFICATIONS & EXPERIENCE (MANDATORY & PREFERRED):

• Bachelor’s degree in computer science, Information Security, or a related field

• A minimum of 4–6 years of hands-on experience in a cybersecurity or IT security role.

• Certifications (Mandatory): CISSP or CISM.

• Certifications (Preferred): ISO 27001 Lead Implementer or Lead Auditor, Cloud/Azure security certifications, and technical certifications such as CEH or OSCP.

• Knowledge: Strong understanding of security frameworks (e.g., ISO 27001, NIST CSF), risk management principles, and regulatory compliance (e.g., GDPR, UAE PDPL). Familiarity with IT Service Management (ITIL best practices) is preferred.

SKILLS & COMPETENCIES (Technical, Behavioral, and Soft):

Technical Competencies:

• Security Operations - Strong hands-on expertise in incident response, log analysis, IOC analysis and managing platforms like SIEM, EDR, PAM and DLP

• Vulnerability Management - Proficiency with penetration testing and vulnerability assessment tools.

• Network & Cloud Security – Strong knowledge of firewalls, IDS/IPS, WAF, VPNs, and security configurations in hybrid environments.

• Identity & Access Management (IAM) and Privileged Access Management (PAM) – Experience with IAM/PAM solutions and implementing access controls, as well as data protection measures such as encryption and data classification.

Other Competencies:

• Frameworks & Standards: Familiarity with ISO 27001, ISO 20000-1, NIST CSF, MITRE ATT&CK, and CIS Controls.

• Compliance: Experience with compliance efforts for regulations such as UAE Information Assurance (IA) Standards, PDPL and GDPR.

• Integrity and Compliance - Aligns all actions and decisions with organizational policies and procedures, demonstrating a strong commitment to professional standards and ethics.

• Analytical & Problem-Solving Skills - Exhibits strong analytical, troubleshooting, and problem-solving skills, with a proven ability to work effectively under pressure.

• Business Acumen - Understands the challenges and objectives of internal business units and takes the initiative to provide effective and pragmatic security solutions.

• Communication Skills - Possesses excellent written and verbal communication skills, with the ability to articulate complex technical concepts to both technical and non-technical audiences.

Behavioural Competencies:

• Customer Focus - Understands customer challenges and takes initiative to resolve them effectively.

• Accountability and Ownership - Manages projects with minimal supervision and ensures quality results.

• Agility and Adaptability - Manages change smoothly and supports others during transitions.

• Collaboration & Influence - Builds networks across functions and resolves conflicts constructively.

• Result Orientation - Sets clear goals and works proactively to achieve high performance.

Location: Abu Dhabi