Head of Information Security at Ooredoo Fintech International

Doha, , Qatar -

Full Time

Start Date

Immediate

Expiry Date

04 Apr, 26

Salary

0.0

Posted On

04 Jan, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security, Cybersecurity, Risk Management, Compliance, Cloud Security, Incident Management, Data Protection, Identity Management, Vendor Security, Leadership, Security Governance, Agile Delivery, Security Awareness, Security Policies, Threat Modelling, Security Architecture

Industry

Telecommunications

Description

Purpose The Head of Information Security is responsible for defining, implementing, and governing OFTI’s information security strategy across all markets. The role ensures that OFTI’s platforms, products, data, and operations are protected against cyber threats while enabling rapid product delivery, market expansion, and regulatory compliance. This is a pivotal leadership role balancing security, risk, compliance, and delivery in a fast growing, multi-country fintech operating in highly regulated environments. Context OFT International LLC is an innovative and dynamic scale up fintech company. We offer the heritage and stability of a hugely successful founding group combined with the unlimited ambition and passion of a talented team building intuitive, secure and convenient money management and payment tools for everyday people. Working with us presents a unique and exciting opportunity to make a difference and be part of a revolution where we are leveraging financial technology to provide accessible, empowering tools. The Product & Technology department is responsible for designing, building, operating, and scaling the company’s digital financial services platform across multiple markets. Operating under a “Product House” model, the department builds shared core products and platforms once and deploys them across markets with local configuration and regulatory overlays. This approach enables speed, reuse, consistency, and controlled scalability while meeting local regulatory and operational requirements. The function brings together product management, engineering, architecture, platforms, data, and information security, working in cross-functional squads to deliver secure, reliable, and user centric products at pace. Role Accountabilities Information Security Strategy & Governance a. Define and maintain OFTI’s information security strategy aligned with business objectives and regulatory obligations. b. Establish and enforce security policies, standards, and control frameworks across all markets. c. Own the security governance model, including risk acceptance, control exceptions, and security sign-off processes. Regulatory, Risk & Compliance Management a. Ensure compliance with relevant regulatory and security frameworks (e.g. ISO 27001, PCI DSS where applicable, local regulator guidelines). b. Support Risk and Compliance function in the security engagement with regulators, auditors, and external assessors c. Own enterprise-level cyber risk assessments, threat modelling, and security posture reporting. Secure Architecture & Delivery Enablement a. Partner closely with Architecture, Platforms, and Engineering to embed security-by-design across products and infrastructure. b. Define security patterns and guardrails for cloud, APIs, data platforms, and integrations. c. Ensure secure development practices across squads (SDLC controls, CI/CD security, vulnerability management). Security Operations & Incident Management a. Oversee security monitoring, detection, and response capabilities. b. Own the incident response framework, including playbooks, escalation, and post-incident reviews. c. Lead responses to security incidents, coordinating across technology, legal, compliance, and business teams. Identity, Access & Data Protection a. Define and govern identity and access management standards across workforce, systems, and partners. b. Ensure appropriate data protection, encryption, key management, and data-handling controls. c. Oversee privileged access management and sensitive system access. Third-Party & Vendor Security a. Define security requirements for vendors, partners, and third-party integrations. b. Lead security due diligence, assessments, and ongoing assurance for critical suppliers. c. Work with procurement and legal teams to ensure security obligations are embedded in contracts. Leadership, Culture & Awareness a. Build and lead the information security function and the security squad, including internal team members and specialist partners. b. Drive security awareness and accountability across engineering, product, and business teams. c. Act as a trusted advisor to senior leadership on security risks, trade-offs, and decisions. Key Performance Indicators (KPI's) Security Control Coverage: % of critical systems and products covered by defined security controls Regulatory & Audit Outcomes: Successful completion of audits, assessments, and regulatory reviews Secure Delivery Adoption: % of product releases following secure SDLC standards Third-Party Risk Coverage: % of critical vendors assessed and monitored against security standards Workplace security: % of workforce secure and compliant to security policy (device usage, endpoint security, security training / awareness), tool rollout. Incident Management Effectiveness: Time to detect, respond, and remediate security incidents Experience 10+ years’ experience in information security, cybersecurity, or technology risk roles, with significant time spent in regulated financial services or fintech environments. Proven experience defining and operating information security strategies across complex or multi-country organisations, balancing central governance with local regulatory requirements. Strong background embedding security-by-design into modern product and engineering environments, including agile delivery models, CI/CD pipelines, APIs, and cloud native architectures. Hands-on experience with cloud security (Azure, AWS, or equivalent), covering identity and access management, network security, encryption, logging, and monitoring. Demonstrated leadership of security governance frameworks, including policies, standards, risk management, control testing, and exception handling. Experience leading or supporting ISO 27001 implementations, audits, and ongoing compliance, with familiarity with related frameworks (e.g. NIST, CIS, PCI DSS where applicable). Proven capability managing security incidents, including executive and regulator communication, root cause analysis, and remediation. Track record managing third-party and supplier security risk, including due diligence and ongoing assurance. Experience building and leading lean, high-impact security teams, working closely with product, engineering, architecture, platform, legal, and compliance stakeholders Minimum Entry Qualifications Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field. Professional security certifications preferred (e.g. CISSP, CISM, ISO 27001 Lead Implementer/Auditor). Strong communication and stakeholder management skills across technical and non-technical audiences. Personal Profile A pragmatic and trusted security leader who understands how to enable fast-moving product teams without compromising safety or compliance. Comfortable operating at both strategic and hands-on levels, with the judgement to balance risk, speed, and regulatory expectations. Calm under pressure, decisive during incidents, and respected as a partner rather than a gatekeeper.

Responsibilities

The Head of Information Security is responsible for defining and implementing OFTI’s information security strategy while ensuring protection against cyber threats. This role involves overseeing security operations, regulatory compliance, and incident management across multiple markets.