From a fixed-fee diagnostic through to ongoing fractional leadership - four areas, one point of accountability, output built to withstand regulatory scrutiny.
I work with regulated and growing firms that have outgrown informal IT management but are not yet ready to hire a full-time CIO. Typical triggers include audit pressure, cyber exposure, supplier complexity, operational resilience obligations, or AI adoption reaching board level without a senior technology owner.
Engagements are usually retained monthly at one to three days per week, with direct accountability at board or committee level. Defined projects - cyber reviews, operational resilience assessments, supplier risk reviews, or AI governance frameworks - can also be delivered on a fixed-fee basis.
A fixed-fee diagnostic across six review areas, delivered as a board-ready written report. Designed for firms that need a documented view of their technology risk before deciding whether an ongoing engagement is warranted.
Informed by ISO 27001 and NIST CSF-aligned practice, mapped to DFSA control expectations - not a certification exercise, a practical assessment of where the firm actually stands.
Board-ready report in 2-3 weeks
Book a Discovery Call Download the full overview (PDF)Each engagement is scoped to the specific need - from a focused diagnostic through to an ongoing fractional leadership arrangement, depending on the firm's stage, risk exposure, and regulatory pressure.
Board-level technology leadership on a part-time basis. Covers IT strategy, team oversight, vendor governance, and delivery accountability - providing the senior function the business needs without the overhead of a full-time executive.
Independent assessment of the firm's security posture against recognised control frameworks, structured for UAE regulatory context. Covers control gaps, SOC readiness, incident response capability, and the practical steps required to move from exposure to defensible maturity. Informed by ISO 27001 and NIST CSF-aligned practice, mapped to DFSA control expectations - delivered as a prioritised, board-ready output, not a generic framework exercise.
End-to-end resilience programme design: service mapping, impact tolerance setting, RTO and RPO definitions, playbook development, and supplier continuity review. Structured to satisfy regulatory scrutiny and give the board a clear line of sight to the firm's actual exposure - not just what the documentation says.
Structured framework for the governance of AI and generative AI tools across the business. Acceptable use policy, data classification, authorisation workflows, and ongoing oversight mechanisms. Designed to enable controlled adoption rather than blanket restriction - giving the firm a defensible position with the regulator and the board.
A 30-minute call is enough to establish whether there is a fit and what the right starting point looks like for your firm.