Director of Information Security

Position

Abu Dhabi (on-site)

Key Focus Areas

• Develop and implement security architecture and strategy, covering cloud, infrastructure, application, identity, and detection/response.
• Act as the senior technical authority for security, leading reviews, threat modeling, VAPT, and hands-on remediation.
• Oversee governance, risk, and compliance programs, including ISO 27001 and SOC 2 Type II, ensuring they are active and continuously improved.
• Lead audit preparation and execution, resolving findings efficiently.
• Manage security assurance for clients, including responding to detailed security assessments and maintaining strong posture across all environments.
• Build and maintain incident response plans, lead drills, and manage live incidents.
• Oversee IT and workforce security, including identity, endpoints, and onboarding/offboarding processes.
• Foster a security-first culture through practical tools and collaboration with engineering.

What You’ll Tackle in Your First Year

• Take charge of external security certifications and compliance cycles, ensuring successful outcomes (ISO 27001, SOC 2).
• Assess and strengthen security across all infrastructure and deployment models, closing priority risks.
• Streamline client security reviews and due diligence processes.
• Enhance detection and response capabilities, including running live incident simulations.
• Integrate security best practices into engineering workflows to support scale.

Who Will Succeed in This Role

• You are currently a Security Architect or senior technical IC ready to step up to your first Director-level role.
• You are hands-on and want to remain close to the work, not a CISO or people manager looking to delegate.
• You have direct, practical experience across the full information security spectrum: governance, risk, and compliance (GRC), platform and cloud security, vulnerability assessment and penetration testing (VAPT), and SOC 2.
• You have built and secured products in a product-led company or highly regulated environment, and you thrive in fast-paced, ambiguous environments.
• You are proactive, anticipate problems, and act before they become issues.

Who Should Not Apply

• You prefer to focus on strategy and delegate all technical execution.
• You haven’t worked hands-on with cloud or security tools in recent years.
• Your background is primarily in large, process-heavy organizations or big banks, unless you are hands-on and thrive in fast-paced environments.
• You are most comfortable in highly structured environments and prefer to delegate technical execution
• You are looking for a traditional CISO or high-level management role focused on strategy and reporting lines.

Qualifications

• 10+ years of experience in security or infrastructure, with strong technical skills kept current.
• Experience leading a small security team or as a senior technical expert ready to step into leadership.
• Demonstrated expertise in cloud security (AWS, Azure, or GCP), application security, IAM, VAPT, and incident response.
• Proficiency with security tools such as SIEM, EDR/XDR, IAM/SSO, secrets management, infrastructure-as-code security, and CI/CD pipeline security.
• Direct experience managing ISO 27001 and SOC 2 Type II programs and audits.
• Ability to read and review code, script in languages like Python, and communicate clearly with both technical and non-technical stakeholders.
• Strongly preferred
• Experience in financial services, fintech, or regulated sectors (outside of large banks).
• Knowledge of regional regulatory frameworks or willingness to learn quickly.
• Background in securing both on-premises and client-managed environments.
• Relevant technical certifications (e.g., OSCP, cloud security credentials, CISSP/CISM with hands-on experience).
• *By applying to this position, you are granting us permission to process your CV and keep your profile on file for consideration for this and future opportunities.*