Chief Information Security Officer

Chief Information Security Officer (CISO)

Office Location: Dubai

Work Arrangement: Remote

This role is designed for a strategic leader who thrives at the intersection of modern engineering velocity and institutional grade risk management. Reporting directly to the C Suite [COO/CFO] with a dotted line to the Board of Directors, you will have the authority to build a defensible, automated security program that serves as a core business enabler.

Key Responsibilities

1. Regulatory Ownership and Executive Governance

• Designated Authority: Serve as the CISO responsible for the cybersecurity program in accordance with NYDFS Part 500 requirements, overseeing comprehensive annual risk assessments and managing the annual certification of compliance process.
• SEC and Public Market Readiness: Lead the organizational process for determining the materiality of cybersecurity incidents and oversee the timely preparation of all required disclosures and filings in accordance with public market regulations and governance standards.
• Board Stewardship: Provide quarterly Material Security Risk briefings to the Audit Committee, translating complex infrastructure threats into actionable business risk metrics.
• Global Awareness (Preference): Maintain a preference for experience with global mandates (e.g., EU DORA, UK FCA, GDPR) to support international settlement expansion.

2. AI Governance and Stablecoin Infrastructure

• Agentic AI Security: Establish the governance and security framework for autonomous AI agents, ensuring programmable money movement is resilient against prompt injection, model poisoning, and unauthorized agentic transactions.
• Stablecoin Settlement Defense: Oversee the security of the end-to-end stablecoin lifecycle, ensuring the cryptographic integrity of minting/burning protocols and the security of reserve management interfaces.
• Identity-First (Zero Trust): Architect a comprehensive security model that applies consistent rigor to both human and non-human identities, implementing modern phishing resistant authentication and zero trust principles across the enterprise.
• Continuous Compliance: Transition from manual GRC to Continuous Controls Monitoring (CCM), where audit evidence is generated in real time through Policy as Code.

3. Security Engineering and DevSecOps

• Seamless Security (Shift Left): Foster a culture where security is built in from the start. You will replace manual gatekeeping with automated guardrails integrated into the development process, allowing engineers to ship securely without losing speed.
• Smart Risk Management: Move beyond long lists of vulnerabilities. You will implement a process that prioritizes fixes based on real world impact, ensuring engineering teams spend their time on the risks that threaten our environment.

4. Operational Leadership and Resilience

• Incident Response and Tabletops: Own the global Incident Response and Business Continuity plans; lead high stakes tabletop exercises simulating systemic financial failures and AI driven fraud.
• Third Party Risk (TPRM): Manage the security lifecycle of critical banking and ICT partners, moving beyond point in time assessments to continuous, data driven vendor monitoring.
• Talent Development: Lead, develop, and motivate a team of subject matter experts in a distributed, remote-first environment.

Qualifications and Experience

• The Standard: CISSP required, or a demonstrably equivalent executive credential (CISM, CCISO, or CISA).
• Financial Pedigree: 12+ years in Information Security, with significant experience in a NYDFS regulated or SEC reporting environment.
• Infrastructure Depth: Proven success in distributed, cloud driven (AWS/GCP) organizations. Experience with stablecoin protocols or AI driven financial tools is a strong advantage.
• Preferred Education and Certifications: Master’s degree (Cybersecurity, MIS, or MBA) and/or senior-level professional designations like GSLC or equivalent executive cybersecurity leadership training.

Leadership and Soft Skills

• Strategic and Lateral Thinker: Ability to recognize the potential of regulatory frameworks as tools for continuous improvement.
• Operational Resolve: Capable of leading the difficult conversations where business speed and regulatory safety conflict.
• Agile Leadership: Proven ability to lead through ambiguity and rapid change. You are a decisive leader who can pivot strategies in real time based on shifting market conditions while maintaining team focus on high priority outcomes.
• Collaborative Leader: A sophisticated approach to motivating subject matter experts in a remote-first, high-growth environment.

Job Type: Full-time