PAY10, a CBUAE-regulated fintech leader in the digital payments space, is seeking an experienced Chief Information Security Officer (CISO) to lead its cybersecurity, IT risk, and data governance strategy. As part of the executive leadership team, you will drive enterprise-wide compliance, information protection, and certification efforts, managing teams across data privacy, security audit, and risk operations.

Key Responsibilities:

Strategic Leadership

• Define and lead PAY10’s information security and cyber resilience strategy.

• Oversee teams responsible for Data Protection (DPO) and IT Security & Audit.

• Liaise with CBUAE, PCI auditors, and other regulatory bodies on compliance matters.

• Contribute to enterprise risk and technology governance decisions.

Cybersecurity & Risk Management

• Ensure implementation of best-practice frameworks (e.g., ISO 27001, PCI-DSS, NIST).

• Direct threat monitoring, vulnerability assessments, and incident response.

• Manage internal and third-party security risk assessments and remediation.

• Drive IT disaster recovery and business continuity plans.

Regulatory Compliance

• Ensure adherence to CBUAE standards, UAE PDPL, and relevant international data privacy laws.

• Maintain and lead PCI-DSS and ISO 27001 certifications and audits.

• Collaborate with Legal and Compliance to ensure data protection across all operations.

Governance & Reporting

• Develop and oversee a robust Information Security Governance Framework.

• Report to the Board and senior leadership on posture, incidents, KPIs, and compliance.

Culture & Team Leadership

• Promote a security-first culture through policies, training, and engagement.

• Develop and mentor cross-functional security and audit teams.

Qualifications:

• Bachelor’s Degree in Computer Science, Information Security, or related field (Master’s preferred).

• 10+ years of progressive security experience, including 5+ in a leadership role within fintech or financial services.

• Relevant certifications: CISSP, CISM, CISA, PCI QSA/ISA, ISO 27001 LA/LI.

• In-depth knowledge of UAE regulatory frameworks and global privacy laws.

• Demonstrated experience leading audit, risk, and data privacy teams in high-stakes environments.

Preferred Skills:

• Strategic thinking with strong business alignment.

• Effective communicator across all levels, including Board and regulatory stakeholders.

• Proven track record in crisis and incident management.

• High integrity, discretion, and proactive problem-solving abilities.

Performance Metrics (KPIs):

• Audit success rates (CBUAE, PCI-DSS, ISO 27001).

• Security incident response metrics.

• Organization-wide compliance training completion.

• Timely and accurate board-level reporting.

• Vendor risk assessment and onboarding adherence.