Services

Senior technology leadership, scoped to what the firm actually needs.

From a fixed-fee diagnostic through to ongoing fractional leadership - four areas, one point of accountability, output built to withstand regulatory scrutiny.

How this works

I work with regulated and growing firms that have outgrown informal IT management but are not yet ready to hire a full-time CIO. Typical triggers include audit pressure, cyber exposure, supplier complexity, operational resilience obligations, or AI adoption reaching board level without a senior technology owner.

Engagements are usually retained monthly at one to three days per week, with direct accountability at board or committee level. Defined projects - cyber reviews, operational resilience assessments, supplier risk reviews, or AI governance frameworks - can also be delivered on a fixed-fee basis.

Technology Risk Review

A fixed-fee diagnostic across six review areas, delivered as a board-ready written report. Designed for firms that need a documented view of their technology risk before deciding whether an ongoing engagement is warranted.

Informed by ISO 27001 and NIST CSF-aligned practice, mapped to DFSA control expectations - not a certification exercise, a practical assessment of where the firm actually stands.

  • Six review areas covering governance, infrastructure, and risk exposure
  • Board-ready written report, not a slide deck
  • Delivered in two to three weeks
  • No obligation to continue into a retained engagement
AED 28,000

Fixed fee, six review areas

Board-ready report in 2-3 weeks

Book a Discovery Call Download the full overview (PDF)

Four areas. One point of accountability.

Each engagement is scoped to the specific need - from a focused diagnostic through to an ongoing fractional leadership arrangement, depending on the firm's stage, risk exposure, and regulatory pressure.

01

IT Leadership & Fractional CIO

Board-level technology leadership on a part-time basis. Covers IT strategy, team oversight, vendor governance, and delivery accountability - providing the senior function the business needs without the overhead of a full-time executive.

StrategyGovernanceVendor ManagementBoard Reporting
02

Cybersecurity Advisory

Independent assessment of the firm's security posture against recognised control frameworks, structured for UAE regulatory context. Covers control gaps, SOC readiness, incident response capability, and the practical steps required to move from exposure to defensible maturity. Informed by ISO 27001 and NIST CSF-aligned practice, mapped to DFSA control expectations - delivered as a prioritised, board-ready output, not a generic framework exercise.

DFSA AlignmentSOC ReadinessIncident ResponseISO 27001 / NIST CSF
03

Operational Resilience

End-to-end resilience programme design: service mapping, impact tolerance setting, RTO and RPO definitions, playbook development, and supplier continuity review. Structured to satisfy regulatory scrutiny and give the board a clear line of sight to the firm's actual exposure - not just what the documentation says.

Service MappingImpact TolerancesBCDRSupplier Risk
04

AI Governance & Policy

Structured framework for the governance of AI and generative AI tools across the business. Acceptable use policy, data classification, authorisation workflows, and ongoing oversight mechanisms. Designed to enable controlled adoption rather than blanket restriction - giving the firm a defensible position with the regulator and the board.

Acceptable Use PolicyGenAI RiskData ClassificationAI Governance Controls

Start with a conversation

A 30-minute call is enough to establish whether there is a fit and what the right starting point looks like for your firm.