Fractional CIO & Technology Advisor  ▪  Dubai

Technology leadership that holds up under scrutiny.

Cybersecurity, operational resilience, and AI governance for regulated and scaling firms in the GCC. Documented outputs a board can table, and senior leadership only for the days you need it.

20 years in regulated financial services  |  FCA → DFSA  |  DIFC, ADGM, CBUAE

Daniel Young, Fractional CIO and technology advisor, Dubai

Built for firms that have outgrown their setup

Most firms at this stage have outgrown their current technology setup but are not yet ready for a full-time executive hire. Headcount is a rough guide - the situation matters more than the number.

  • DFSA- and FSRA-regulated firms in DIFC and ADGMWithout a dedicated technology leader.
  • Wealth managers, asset managers, family offices, and advisory firmsCompliance obligations, no dedicated technology function.
  • PE-backed or founder-led businessesScaling beyond informal IT.
  • Professional services firmsHandling sensitive client data, facing rising cyber exposure.
  • FintechsMoving from product build into regulated operations.

The conversations that usually start this engagement

  • "Our DFSA exam is approaching and we haven't documented our cyber controls."
  • "We had a security incident and realised we had no response plan."
  • "We're using AI tools across the business but nobody owns the governance."
  • "The board keeps asking about technology risk and we don't have a credible answer."
  • "We're growing fast but our IT setup is still what it was when we had 20 people."
  • "We need someone senior who can talk to the regulator, not just the IT team."

Four areas. One point of accountability.

From a fixed-fee diagnostic through to ongoing fractional leadership, scoped to the firm's stage, risk exposure, and regulatory pressure.

01

IT Leadership & Fractional CIO

Board-level technology governance on a part-time basis.

02

Cybersecurity Advisory

Control gap analysis, SOC readiness, incident response.

03

Operational Resilience

Service mapping, impact tolerances, supplier continuity.

04

AI Governance & Policy

Acceptable use policy, data classification, oversight.

Technology Risk Review

A fixed-fee diagnostic across six review areas - control environment, identity and access, incident response, data and third-party exposure, human risk, regulatory mapping. One board-ready written report, delivered in two to three weeks.

AED 28,000, agreed before the work begins. No obligation to continue into a retained engagement.

See the full review scope →
AED 28,000

Fixed fee · six review areas · 2-3 weeks

Results from 20 years in regulated financial services

Delivered at Killik & Co, an FCA-regulated wealth management firm operating across 11 UK locations.

Independent advice only. When I recommend a control, supplier, or tool, there is no revenue attached to the answer.

Start with a conversation

A 30-minute call is enough to establish whether there is a fit and what the right starting point looks like for your firm.

Typical first steps: a Technology Risk Review, a cyber posture assessment, a resilience review, or an AI governance framework.