Head of Information Security
Over 30,000 global brands and small businesses, including H&M, Adidas, IKEA, SHEIN, noon, and Bloomingdale’s, use Tabby’s technology to accelerate growth and gain loyal customers by offering flexible payments online and in stores. Tabby is active in Saudi Arabia, UAE, Egypt and Kuwait and backed by leading investors, including Sequoia Capital India, STV, PayPal Ventures, Mubadala Investment Capital, Arbor Ventures and others.
About the role:
We are thrilled to announce an opportunity for a skilled Information Security Officer (ISO) to join our team and play a role in enhancing our security measures by utilizing your abilities and deep knowledge of information security, governance, risk and compliance. The role you will be involved in developing and maintaining information security policies, procedures and guidelines. You will be responsible for implementing and maintaining SAMA, ISO, PCI-DSS, and various standards & frameworks for continual improvement of Information Security. If you have a passion for information security and aspire to make a significant impact, we strongly encourage you to apply and become an essential part of our dedicated Information Security team.
You’ll be working in a dynamic, rapidly evolving environment with the following responsibilities:
- Develop and manage the organization’s policies, procedures, and guidelines. Familiarity with policy management frameworks, document control procedures, and version control systems to maintain and update policies in a controlled and auditable manner.
- Manage and deliver engagements covering vulnerability assessment and penetration testing, IT Audits, Information Security Audits, Compliance Reviews against Saudi Regulations, and industry standards such as SAMA, ISO, PCI-DSS, and more.
- Align standards, frameworks and security with overall business and technology strategy.
- Supports the CISO to achieve the highest standards of information security across Tabby’s network.
- Monitoring of Cyber Security Requirements from third-party payment processors and acting as a focal point for the company to communicate the Cyber Security Posture.
- Perform risk assessments to identify the scope of improvements in Information Technology and Security processes.
- Hands-on experience performing gap analysis and maturity assessments.
- Oversee incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
- Demonstrate ability to collaborate with cross-functional teams, subject matter experts, and stakeholders to gather information and define SOP requirements.
- Manage the implementation of detective, preventative, and corrective security controls.
- Experience in conducting phishing simulations and other awareness exercises to assess employees' susceptibility to social engineering attacks and provide targeted training to improve their resilience.
- Broad experience in infrastructure security tools such as network security controls, anti-malware implementation, Cloud Security posture Management (CPM), Data Loss Prevention (DLP), firewall rulesets, backup and disaster recovery, and vulnerability management processes.
- Work across various product and engineering teams to prioritize security features and controls and ensure implementation and mitigation.
- Familiarity with tools such as Confluence, JIRA, Miro, LucidChart, and Office 365. Previous work experience in cloud hosting environments.
- Experience with the Financial Services, Banks, or FinTech sectors is advantageous.
You should apply if you have:
- A degree in Information Technology, Computer Science, Software Engineering, or a related field
- Knowledge of Information Technology security issues and approaches to manage Information Technology security in a fast-paced Fintech environment.
- Knowledge of data protection operations and legislation (GDPR), SAMA CSF, ISO27001, PCI-DSS
- Security Qualification (Good to have): CISSP, CISM, ISO 27001 LA/LI
- Excellent communication, influencing and stakeholder management skills.
- Experience in working across teams to deliver solutions and generate high levels of internal buy-in
- Excellent project management skills and experience in leading on data security projects across multiple locations.
- Experience in developing and delivering training.
- Experience of working in a culturally diverse environment
- Knowledge of online technologies, payment methods, content delivery networks, REST APIs, microservices, and application development.
- Programming and scripting understanding (Bash, Python etc.)
What you can expect
- We offer flexible working hours and trust you to work enough hours to do your job well, at times that suit you and your team.
- A working environment that gives you autonomy and responsibility from day one.
- You should be comfortable with the idea that the quality of your work will influence the shape of your career.
- Participation in company’s employee stock options program.
- Health Insurance
We are passionate about creating an inclusive, high-performing workplace that gives people from all backgrounds the support they need to thrive, grow and meet their goals (whatever they may be).
If this sounds exciting to you, we’d love to hear from you!