Information Security Specialist

Department: Cyber Security

Location: UAE

Description

About us:

Tabby creates financial freedom in the way people shop, earn and save by reshaping their relationship with money. The company's flagship offering allows shoppers to split their payments online and in-store with no interest or fees. Over 32,000 global brands and small businesses, including Amazon, Noon, IKEA and Shein, use Tabby to accelerate growth and gain loyal customers by offering easy and flexible payments online and in stores. Tabby has generated over $7 billion in transaction volume for its partner brands and has the highest-rated, most-reviewed, largest and fastest-growing app of any fintech in the GCC region. Tabby launched operations in 2020 and has raised +$1 billion in equity and debt funding from global and regional investors.

We are thrilled to announce an opportunity for a skilled Information Security Specialist to join our team and play a role in enhancing our security measures by utilising your abilities and deep knowledge of information security, governance, risk and compliance—the role you will be involved in developing and maintaining information security policies, procedures and guidelines. You will be responsible for implementing and maintaining SAMA, ISO, PCI-DSS, UAE IAR and various standards & frameworks for continual improvement of Information Security. If you have a passion for information security and aspire to make a significant impact, we strongly encourage you to apply and become an essential part of our dedicated Information Security team.

Key Responsibilities

● Develop and manage the organization's policies, procedures and guidelines. Familiarity with policy management frameworks, document control procedures, and version control systems to maintain and update policies in a controlled and auditable manner.
● Manage and deliver engagements covering vulnerability assessment and penetration testing, IT Audits, Information Security Audits, Compliance Reviews against Saudi Regulations, and industry standards such as SAMA, ISO, PCI-DSS, UAE IAR and more.
● Align standards, frameworks and security with overall business and technology strategy.
● Supports the Information Security team in achieving the highest information security standards across Tabby's network.
● Monitoring Cyber Security Requirements from third-party payment processors and acting as a focal point for the company to communicate the Cyber Security Posture.
● Assist in performing risk assessments to identify the scope of improvements in Information Technology and Security processes.
● Experience performing gap analysis and maturity assessments.
● Demonstrate collaboration with cross-functional teams, subject matter experts, and stakeholders to gather information and define SOP requirements.
● Experience in conducting phishing simulations and other awareness exercises to assess employees' susceptibility to social engineering attacks and provide targeted training to improve their resilience.
● Broad experience in infrastructure security tools such as network security controls, anti-malware implementation, Cloud Security posture Management (CSPM), Data Loss Prevention (DLP), firewall rulesets, backup and disaster recovery, and vulnerability management processes.
● Work across various product and engineering teams to prioritise security features and controls and ensure implementation and mitigation.
● Familiarity with Confluence, JIRA, Miro, Lucid Chart, and Office 365 tools. Previous work experience in cloud hosting environments.
● Experience with the Financial Services, Banks, or FinTech sectors is advantageous.

Skills, Knowledge & Expertise

● Degree in Information Technology, Computer Science, Software Engineering, or a related field
● Knowledge of Information Technology security issues and approaches to managing Information Technology security in a fast-paced Fintech environment.
● Knowledge of ISO27001, NIST, SAMA CSF, PCI-DSS, etc
● Security Qualification Good to have: ISO 27001 LA/LI
● Excellent communication, influencing and stakeholder management skills.
● Experience in working across teams to deliver solutions and generate high levels of internal buy-in
● Excellent project management skills and experience leading data security projects across multiple locations.
● Experience in developing and delivering training.
● Experience of working in a culturally diverse environment
● Knowledge of online technologies, payment methods, content delivery networks, REST APIs, microservices, and application development.
● 1-2 years of experience in information security, document writing and GRC.

Job Benefits

• A competitive salary dependent upon experience


• Excellent health benefits


• We offer flexible working hours and trust you to work enough hours to do your job well at times that suit you and your team.


• A working environment that gives you autonomy and responsibility from day one


• You should be comfortable with the idea that the quality of your work will influence the shape of your career.


• We are passionate about creating an equitable, high-performing workplace that gives people from all backgrounds the support they need to thrive, grow, and meet their goals (whatever they may be)


• Participation in the company's employee stock options program.