Information Security Lead

Job Purpose:

We are seeking a talented individual to architect lead and scale our information security function. This is a foundational leadership role accountable for enterprise security strategy AWS cloud security IT controls compliance certifications and companywide awareness and governance.

You will act as the security authority during Mazeeds growth phase with a mandate to build a holistic security program covering our products cloud infrastructure internal IT and corporate operations ensuring compliance with ISO 27001 SOC 2 GDPR ZATCA and UAE data protection regulations.

Responsibilities:

What you will do in your role

1. Strategic Security Leadership

• Define and implement Mazeeds enterprise information security strategy aligned with business and product objectives.
• Act as the acting CISO engaging with senior leadership board members auditors and regulators.
• Establish and grow the Information Security Office including hiring budgeting and vendor selection.

2. Cloud Security & Product Protection

• Architect and enforce securebydesign principles across the product and cloud environment.
• Implement and monitor AWS security best practices including IAM encryption VPCs WAF GuardDuty CloudTrail Security Hub and Key Management Service (KMS).
• Integrate DevSecOps into CI/CD with automated scanning and compliance tooling.

3. Internal IT Security & Governance

• Oversee internal IT security posture including endpoint protection VPNs identity and access management asset management and patching.
• Ensure secure configuration and access across productivity tools (Google Workspace Slack Notion) CRM (HubSpot) ERP systems and thirdparty SaaS.
• Define and manage IT risk assessments device baselining secure onboarding/offboarding processes and email/communication security controls.

4. Compliance & Certification Management

• Lead Mazeeds efforts toward achieving and maintaining certifications such as ISO 27001 SOC 2 Type II and compliance with GDPR ZATCA UAE data privacy laws and NCA Essential Cybersecurity Controls.
• Own and manage the Information Security Management System (ISMS).
• Serve as the primary contact for external audits regulators and compliance partners.

5. Security Awareness Policies & Culture

• Develop and enforce a comprehensive security policy framework including acceptable use data classification access control remote work mobile device usage and incident response.
• Build a scalable Security Awareness Program including:
  • Regular companywide training
  • Targeted phishing simulations
  • Periodic knowledge checks and updates
• Promote a culture of security ownership and risk awareness across all teams particularly in Engineering Support Sales and Operations.

6. Risk Management & Incident Response

• Define and operationalize a Risk Management Framework for information and technology assets.
• Build and maintain an Incident Response Plan including playbooks escalation paths communications and forensic readiness.
• Lead postincident reviews (PIRs) and continuous improvement initiatives.

7. CrossFunctional Collaboration

• Partner closely with:
  • Engineering to design secure systems and review architecture
  • Product to ensure privacy and compliance by design
  • Legal & Compliance for data residency DPIAs and contract reviews
  • People & Culture for secure onboarding training and internal audits
• Engage with external consultants cloud providers and certification bodies as needed.

Qualifications :

• 5 years in information security roles with at least 3 years in a leadership or CISOtrack role.
• Proven experience building security programs in cloudnative SaaS environments (AWS focus).
• Track record of achieving and maintaining ISO 27001 SOC 2 or similar certifications.
• Strong understanding of security architecture threat modeling DevSecOps and IT controls.
• Exceptional communication and leadership skills with ability to influence across levels.

Preferred:

• Certifications: CISSP CISM CCSP ISO 27001 Lead Implementer/Auditor.
• Experience working with Middle East data protection laws and frameworks (e.g. ZATCA UAEs PDPL SAMA Cybersecurity Framework).
• Prior experience in a startup fintech or highgrowth SaaS company.
• Familiarity with tools like Tenable AWS Config Drata/Vanta MDM solutions SASE/SOCaaS platforms.

What we offer:

If youre excited to embark on this journey with us to be part of an innovative team thats changing the game for small businesses we encourage you to apply. At mazeed we dont just hire employees; we welcome team members who share our values and vision. Join us in making a real impact on the financial wellbeing of small enterprises while advancing your career. Your success is our success and together well reach new heights in the world of finance and accounting.

Additional Information :

What we offer:

If youre excited to embark on this journey with us to be part of an innovative team thats changing the game for small businesses we encourage you to apply. At mazeed we dont just hire employees; we welcome team members who share our values and vision. Join us in making a real impact on the financial wellbeing of small enterprises while advancing your career. Your success is our success and together well reach new heights in the world of finance and accounting.

Join our mazeed Family and enjoy:

A comprehensive benefits package that includes competitive compensation comprehensive health coverage professional development opportunities worklife balance initiatives and an inclusive company culture. We prioritize the wellbeing and growth of our employees and strive to create a supportive and rewarding work environment.

Remote Work :

No

Employment Type :

Fulltime