Fractional CIO & Technology Advisor  ▪  Dubai

The technology
leadership your
firm already needs.

Cybersecurity, AI governance, and operational resilience for regulated firms in the GCC - without the cost and commitment of a full-time executive hire.

Book a Discovery Call See How It Works

20 years in regulated financial services  |  FCA → DFSA  |  DIFC, ADGM, CBUAE

Daniel Young, Fractional CIO based in Dubai
Who this is for

Built for firms that have outgrown their setup

Most firms at this stage have outgrown their current technology setup but are not yet ready for a full-time executive hire. The trigger is usually a regulatory event, a security incident, or a growth inflection that makes the gap visible. Headcount is a rough guide - the situation matters more than the number.

  • Boutique financial services firms Wealth managers, family offices, and smaller asset managers operating under DFSA or ADGM regulation with compliance obligations and no dedicated technology function.
  • Professional services businesses Law firms, consultancies, and accountancy practices handling sensitive client data and facing rising cyber exposure without the internal expertise to manage it.
  • PE-backed businesses scaling quickly Firms growing faster than their infrastructure, facing an acquisition, or preparing for a regulatory review that requires board-level technology governance on record.
  • Fintech and tech-enabled businesses Teams with strong product capability but no operational IT leadership - where cybersecurity and resilience have been deprioritised in favour of growth.

The conversations that usually start this engagement

  • "Our DFSA exam is approaching and we haven't documented our cyber controls."
  • "We had a security incident and realised we had no response plan."
  • "We're using AI tools across the business but nobody owns the governance."
  • "The board keeps asking about technology risk and we don't have a credible answer."
  • "We're growing fast but our IT setup is still what it was when we had 20 people."
  • "We need someone senior who can talk to the regulator, not just the IT team."
Services

Four areas. One point of accountability.

Each engagement is scoped to the specific need - from a focused diagnostic through to an ongoing fractional leadership arrangement covering all four areas.

01

IT Leadership & Fractional CIO

Board-level technology leadership on a part-time basis. Covers IT strategy, team oversight, vendor governance, and delivery accountability - providing the senior function the business needs without the overhead of a full-time executive. Engagements typically run six to twelve months, with continuity designed in from the outset.

Strategy Governance Vendor Management Board Reporting
02

Cybersecurity Advisory

Independent assessment of the firm's security posture, aligned to DFSA and CBUAE requirements. Covers control gaps, SOC readiness, incident response capability, and the practical steps required to move from exposure to defensible maturity. Delivered as a prioritised, board-ready output - not a generic framework exercise.

DFSA Alignment SOC Readiness Incident Response ISO 27001
03

Operational Resilience

End-to-end resilience programme design: service mapping, impact tolerance setting, RTO and RPO definitions, playbook development, and supplier continuity review. Structured to satisfy regulatory scrutiny and give the board a clear line of sight to the firm's actual exposure - not just what the documentation says.

Service Mapping Impact Tolerances BCDR Supplier Risk
04

AI Governance & Policy

Structured framework for the governance of AI and generative AI tools across the business. Covers acceptable use policy, data classification, authorisation workflows, and ongoing oversight mechanisms. Designed to enable controlled adoption rather than blanket restriction - giving the firm a defensible position with the regulator and the board.

Acceptable Use Policy GenAI Risk Data Leakage Controls DFSA AI Requirements
Track record

Results from 20 years in regulated financial services

Delivered at Killik & Co, a London wealth management firm operating under FCA regulation across 11 locations.

70%

Reduction in Critical Downtime

Infrastructure overhaul and SD-WAN rollout across 11 locations, reducing critical outages and improving incident response times by 40%.

50%

Reduction in Phishing Incidents

MFA deployment, company-wide awareness training, and 24/7 managed SOC implementation - cutting phishing exposure in half.

AED 2M+

Annual Cost Savings

Vendor consolidation and multi-year contract renegotiation across 20+ supplier relationships, delivering sustained savings without service regression.

10+yrs

Clean Audit Record

Consistent FCA audit success across a decade of regulatory change, with frameworks designed for direct translation to DFSA requirements.

About

20 years in regulated financial services.
Now in Dubai.

I spent 20 years at Killik & Co, a London wealth management firm regulated by the FCA. I joined as a support analyst and left as IT Director, with board accountability for technology strategy, cybersecurity, and operational resilience across 11 locations and a team of 11.

That background - financial services, regulation, and the full lifecycle from hands-on infrastructure to board-level governance - is what I bring to firms here. It is not general technology consulting. It is the specific experience of running IT inside a regulated firm, under scrutiny, with real consequences.

I relocated to Dubai permanently in March 2026 and hold an IFZA consultancy licence. I work directly with a small number of clients at any one time - CEOs, COOs, and boards who need senior technology leadership they can rely on without the overhead of a full-time hire.

The FCA and DFSA frameworks are not identical, but the discipline is. The expectation that you can demonstrate control, explain your risk posture to a regulator, and recover from disruption without material impact - that is the same everywhere.

Credentials
  • 20 years, Killik & Co - London wealth management, FCA-regulated
  • Senior IT Leader 2014-2026, IT Director from 2022 with board accountability
  • IFZA consultancy licence, UAE
  • Member, ISACA
  • Professional Member, BCS (MBCS)
  • BSc (Hons), Kingston University
  • Operational resilience programme design and delivery
  • AI governance framework - inaugural policy at regulated firm
  • SOC oversight and incident response management
  • DFSA, CBUAE, ADGM regulatory frameworks
Get started

Start with a conversation

A 30-minute call is enough to establish whether there is a fit and what the right starting point looks like for your firm.

Book a Discovery Call Send an Email