Security Compliance Officer

We are seeking an experienced Security Compliance Officer to join our growing team and ensure that our operations meet the highest standards of regulatory compliance and security frameworks. In this role, you will lead the implementation and continuous improvement of Lean’s information security compliance programs, collaborating closely with internal teams, regulators, and external auditors. You will play a key role in maintaining our security posture while supporting innovation in the fintech and open banking ecosystem.

Work Conditions: On-site, Full-time
Location: Dubai, United Arab Emirates

Responsibilities:

• Compliance Program Management: Maintain security policies aligned with SOC 2, ISO 27001, UAE NESA, and UAE banking license requirements, ensuring regulatory adherence and continuous improvement.
• License and Certification Management: Oversee audits, evidence collection, and recertification processes for SOC 2, ISO 27001, and NESA, ensuring timely submission of regulatory filings for the UAE banking license.
• Risk Management and Incident Response: Identify security risks, manage mitigation plans, and ensure timely reporting and resolution of security incidents as per regulatory guidelines.
• Internal and External Audits: Coordinate internal readiness reviews and external audits, ensuring audit findings are addressed with corrective action plans.
• Third-Party and Vendor Management: Perform security assessments of vendors and third-party providers, ensuring their compliance with security standards and contractual obligations.
• Employee Training and Awareness: Implement security awareness programs and ensure employees understand compliance roles and responsibilities.
• Governance and Reporting: Provide regular compliance status updates and key performance metrics to senior management and regulatory bodies.
• KSA-Specific Security Frameworks and Certifications: Provide support for security certifications, audits, and frameworks specific to the Kingdom of Saudi Arabia, including SAMA Cybersecurity Framework (CSF), Personal Data Protection Law (PDPL), CRFR, and MVC.

Minimum Qualifications:

• Bachelor’s degree in Information Security, Cybersecurity, or a related field.
• At least 5+ years of experience in security compliance, audit management, or risk management in a regulated industry (preferably fintech, banking, or technology).
• Strong understanding of SOC 2, ISO 27001, and regulatory frameworks like UAE NESA and GDPR.
• Proficiency in managing external and internal audits and implementing corrective action plans.
• Strong knowledge of third-party risk management principles.

Preferred Qualifications:

• Security certifications such as ISO 27001 Lead Implementer/Auditor, CISA, CISM, or CRISC.
• Experience with regulatory filings and interactions with financial regulatory bodies (e.g., UAE Central Bank, SAMA).
• Familiarity with automated governance, risk, and compliance (GRC) tools.
• Proven track record of coordinating cross-functional teams and working under tight timelines.

Soft Skills Required:

• Collaboration and Teamwork: Ability to work effectively across departments to align compliance initiatives with business goals.
• Effective Communication: Strong ability to convey complex compliance requirements and audit findings to technical and non-technical stakeholders.
• Accountability and Ownership: Takes responsibility for tasks and projects, ensuring timely delivery and transparency in actions.
• Attention to Detail: Maintains precision in documentation, evidence collection, and policy updates to ensure full compliance.
• Critical Thinking and Problem-Solving: Capable of identifying compliance gaps and implementing practical solutions under tight deadlines.

Language Requirements: Not mentioned