cyber security officer

Job Title: Cyber Security Officer – Compliance, Risk & Cryptography

Location: United Arab Emirates

Experience Level: 8+ years

Department: Information Security / Risk & Compliance

Reports To: Chief Information Security Officer (CISO) / Head of Security Governance

Position Overview

We are seeking a seasoned Cyber Security Officer to lead and maintain our organization’s information security, compliance, and cryptographic infrastructure.
The ideal candidate will bring deep expertise in PCI DSS, ISO 27001, SOC 1 & 2, and privacy-related standards, combined with a strong understanding of SAMA Cyber Security Framework (CSF), NCA ECC and CCC, and Sarie security controls.

This role will drive cybersecurity strategy, governance, and architecture, ensuring the organization’s systems, data, and payment infrastructure remain secure, compliant, and resilient to emerging threats.

Key Responsibilities

Information Security Governance & Strategy

Develop and maintain the organization’s cybersecurity strategy, roadmap, and governance framework.
Define, implement, and maintain security policies, standards, and procedures in alignment with international best practices (ISO, PCI, NIST).
Lead risk assessments, gap analyses, and develop mitigation strategies across business units.
Oversee internal and external cybersecurity audits and coordinate responses and remediation.
Report key risk and compliance metrics to executive management and regulatory stakeholders.

Compliance & Certifications

Maintain and ensure ongoing compliance with:
PCI DSS (including PCI PIN and P2PE)
ISO 27001, SOC 1 & SOC 2, ISO 27701 (Privacy Information Management)
SAMA Cyber Security Framework (CSF) and NCA ECC/CCC
Sarie and UAE Central Bank regulatory requirements
Oversee audit readiness, manage evidence collection, and coordinate with QSA and internal audit teams.
Drive continuous improvement in security maturity and compliance posture.

Cryptography & Key Management

Manage HSM operations, cryptographic key generation, rotation, and destruction procedures in compliance with PCI PIN and PCI DSS.
Maintain Key Management Systems (KMS) and enforce strict segregation of duties and dual control mechanisms.
Develop and review Key Management Policies (KMP) and ensure secure storage, handling, and lifecycle documentation.
Support encryption architecture, ensuring data confidentiality and integrity across systems and payment channels.

Cybersecurity Architecture & Operations

Define and maintain cybersecurity architecture and ensure integration of secure design principles across IT and fintech platforms.
Collaborate with infrastructure, DevOps, and product teams to embed security by design in new systems and applications.
Evaluate and implement security tools such as SIEM, DLP, IAM, EDR, and vulnerability management solutions.
Lead incident response and root cause analysis (RCA) for major security events and ensure lessons learned are institutionalized.

Internal Audit & Risk Management

Conduct periodic internal audits of critical systems, data flows, and control environments.
Identify control gaps and lead remediation plans in coordination with technology and compliance teams.
Support third-party risk assessments, ensuring vendors adhere to corporate and regulatory security standards.

Required Skills & Qualifications

Bachelor’s degree in information security, Computer Science, or related field
8+ years of experience in cybersecurity, compliance, and information security governance, preferably in fintech, banking, or payment processing.
Proven expertise in maintaining compliance with PCI DSS, PCI PIN, ISO 27001, SOC 1 & 2, ISO 27701, and related privacy standards.
Strong working knowledge of SAMA CSF, NCA ECC/CCC, and Sarie frameworks in the GCC context.
Hands-on experience with HSMs (Thales, Utimaco, SafeNet, etc.), cryptographic key management, and secure key ceremonies.
Familiarity with cybersecurity architecture, risk management, and threat mitigation frameworks (NIST CSF, CIS, ISO 27005).
Strong understanding of network security, encryption standards, incident response, and vulnerability management.
Excellent communication, leadership, and stakeholder management skills.

Preferred Qualifications

Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer / Auditor, PCI ISA / QSA.
Experience working with financial regulators in the GCC and managing multi-audit environments.
Exposure to Cloud Security (ISO 27017/27018, CSA CCM) and privacy regulations (GDPR, DIFC, ADGM DP Law).
Strong presentation and executive reporting capabilities.

Key Performance Indicators (KPIs)