Director of Information Security

Job Description

Location: Abu Dhabi (on-site)

⸻

About the Client

Security expectations are set by highly regulated customers.

The culture is fast-paced and execution-oriented. Leaders are expected to be directly involved in delivery and results.

Role overview

Your responsibilities will range from designing cloud security architecture and guiding engineers through threat modelling, to leading incident response and overseeing ISO 27001 surveillance reviews..

• Develop and implement security architecture and strategy, covering cloud, infrastructure, application, identity, and detection/response.
• Act as the senior technical authority for security, leading reviews, threat modeling, VAPT, and hands-on remediation.
• Oversee governance, risk, and compliance programs, including ISO 27001 and SOC 2 Type II, ensuring they are active and continuously improved.
• Lead audit preparation and execution, resolving findings efficiently.
• Manage security assurance for clients, including responding to detailed security assessments and maintaining strong posture across all environments.
• Build and maintain incident response plans, lead drills, and manage live incidents.
• Oversee IT and workforce security, including identity, endpoints, and onboarding/offboarding processes.
• Foster a security-first culture through practical tools and collaboration with engineering.

• Take charge of external security certifications and compliance cycles, ensuring successful outcomes (ISO 27001, SOC 2).
• Assess and strengthen security across all infrastructure and deployment models, closing priority risks.
• Streamline client security reviews and due diligence processes.
• Enhance detection and response capabilities, including running live incident simulations.
• Integrate security best practices into engineering workflows to support scale.

• You are currently a Security Architect or senior technical IC ready to step up to your first Director-level role.
• You are hands-on and want to remain close to the work, not a CISO or people manager looking to delegate.
• You have direct, practical experience across the full information security spectrum: governance, risk, and compliance (GRC), platform and cloud security, vulnerability assessment and penetration testing (VAPT), and SOC 2.
• You have built and secured products in a product-led company or highly regulated environment, and you thrive in fast-paced, ambiguous environments.
• You are proactive, anticipate problems, and act before they become issues.

• You prefer to focus on strategy and delegate all technical execution.
• You haven't worked hands-on with cloud or security tools in recent years.
• Your background is primarily in large, process-heavy organizations or big banks, unless you are hands-on and thrive in fast-paced environments.
• You are most comfortable in highly structured environments and prefer to delegate technical execution
• You are looking for a traditional CISO or high-level management role focused on strategy and reporting lines.

• 10+ years of experience in security or infrastructure, with strong technical skills kept current.
• Experience leading a small security team or as a senior technical expert ready to step into leadership.
• Demonstrated expertise in cloud security (AWS, Azure, or GCP), application security, IAM, VAPT, and incident response.
• Proficiency with security tools such as SIEM, EDR/XDR, IAM/SSO, secrets management, infrastructure-as-code security, and CI/CD pipeline security.
• Direct experience managing ISO 27001 and SOC 2 Type II programs and audits.
• Ability to read and review code, script in languages like Python, and communicate clearly with both technical and non-technical stakeholders.

• Experience in financial services, fintech, or regulated sectors (outside of large banks).
• Knowledge of regional regulatory frameworks or willingness to learn quickly.
• Background in securing both on-premises and client-managed environments.
• Relevant technical certifications (e.g., OSCP, cloud security credentials, CISSP/CISM with hands-on experience).

By applying to this position, you are granting us permission to process your CV and keep your profile on file for consideration for this and future opportunities.