Menu open

Your role will mainly cover two responsibilities: Leading the security, governance, risk and compliance activities of Hishab and contributing to software architecture from a security perspective, owning all security related aspects in building up our software.

This is a greenfield role and will play a huge part in our commitment to achieve compliance to highest standards in IT security and regulatory requirements. Thus, we are looking for a candidate who is not only experienced in security related software architecture but also in defining and establishing company wide security policies.

What you will be doing

  • Build and set up a security framework, processes, policies and standards.
  • Lead our ISO 27001:2013 certification project and maintain our Information Security Management System (ISMS).
  • Create awareness and outreach to ensure security management systems and policies are effective; providing recommendation and remediation where needed.
  • Review and design IT architecture from a security perspective.
  • Establish current and long-term direction to advance the implementation of a DevSecOps culture.
  • Develop and support emergency procedures and oversee security incident responses as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as required.
  • Drive enterprise vulnerability management maturity including defining and tracking KPI metrics with IT peers.
  • Deliver information security training to staff and contractors.


  • Bachelor’s degree in IT, computing, Information Systems or any related domains.
  • Sound knowledge in technology risk regulatory requirements and industry standards such as COBIT, ITIL, SANS, NIST, ISO 27001/2.
  • Hands-on experience with cloud-native technologies (preferably AWS) and in-depth understanding of associated security management controls (e.g. cloud controls matrix).
  • Clear analytical thought process and good understanding of emerging technologies developments and risk management frameworks.
  • 5 or more years of experience in any of these disciplines: Information security, risk management, audit and compliance in technology areas of which at least 1 year should be in a financial industry.
  • Must have a minimum of one of the security related professional certifications such as CISSP/CISA/CISM/CRISC.
  • High responsibility and team-oriented work attitude.
  • Excellent written and verbal communication skills in English.
  • Excellent stakeholder management, both internally and externally.

Good to have

  • Experience with any SIEM solution (preferably cloud based) is desirable.
  • Understanding of compliance requirements with respect to intellectual property.
  • Experience with data protection and related privacy protection regulations (e.g. GDPR)
  • Having successfully worked in compliance-, process-management- or corporate-governance-related departments / functions
  • Knowledge of common processes for conducting a risk analysis or previous knowledge in compliance risk assessment

Work Location


Back To Top