Create, maintain, and enforce information security policies, standards, and procedures.
Ensure full alignment with CBI requirements and support audits, regulatory reviews, and compliance assessments.
Lead the execution and maintenance of PCI DSS, ISO 27001, ISO 22301, and related programs.
Security Operations and Monitoring Oversee continuous monitoring of systems, networks, and digital channels for threats and vulnerabilities.
Guide security operations analysts in managing alerts, incidents, and escalations.
Review vulnerability assessments and penetration testing reports and ensure timely remediation.
Risk Management and Controls Identify cyber risks across platforms including mobile apps, core banking middleware, and cloud or on premises infrastructure.
Develop risk mitigation plans and track progress with relevant teams.
Lead security reviews for new products, features, and integrations.
Incident Response and Crisis Management Maintain an effective incident response plan.
Lead investigation and root cause analysis for security incidents.
Coordinate with legal, compliance, operations, and executive leadership when required.
Security Architecture and Access Management Ensure secure design of systems, integrations, and APIs across ZainCash ecosystem.
Review network segmentation, access controls, firewalls, IAM solutions, and encryption practices.
Collaborate with DevOps and Infrastructure teams to embed security in CI and CD practices.
Awareness and Training Run periodic security awareness sessions for employees and vendors.
Promote a culture of accountability and secure behavior across teams.
Bachelor degree in Computer Science, Computer Engineering, Information Security or a related field Recognized certification required such as CISSP, CISM, ISO 27001 lead implementer and CCISO Advanced certification preferred for example CISSP or CISM PMP certification is a plus Experience: Minimum six years of experience in information security or cybersecurity roles Minimum two years in a managerial or supervisory position Experience in fintech, digital payments, banking or telecom environments is required Hands on experience with PCI DSS, ISO 27001, or other regulatory programs is required Skills: Strong knowledge of security frameworks including NIST, COBIT, PCI DSS, ISO 27001, ISO 22301 Hands on experience in SIEM solutions, endpoint protection, SOC operations, and threat intelligence Technical skills in networking, firewalls, web application security, IAM, encryption, and secure coding practices Understanding of cloud environments, virtualization, containers, DevSecOps and API security Experience with tools such as Splunk, Wazuh, Qualys, Burp Suite, Nessus Strong analytical and investigative ability with clear written and spoken communication Fluent English written and spoken Native Arabic written and spoken