Information security Lead

Company Description

Are you ready to join a dynamic team that's transforming the way SMEs manage their finances? At mazeed, we're not just offering a service; we're providing a lifeline to micro and small-sized enterprises. Our multi-faceted platform is the key to helping these businesses keep their financial records in check, issuing invoices promptly, and making informed decisions. We're the trusted extension of their team, their Finance & Accounting Department.

Our core values of Integrity, People Growth, Customer Centric, Global Mindset, Innovation, and Adaptability are the foundation upon which we've built our success. We're not just looking for someone who can fill a role, but someone who can align with these values, adding their unique perspective to our team, and contribute to our growth!

Job Description

Job Purpose:

We are seeking a talented individual to architect, lead, and scale our information security function. This is a foundational leadership role accountable for enterprise security strategy, AWS cloud security, IT controls, compliance certifications, and company-wide awareness and governance.

You will act as the security authority during Mazeed’s growth phase, with a mandate to build a holistic security program covering our products, cloud infrastructure, internal IT, and corporate operations — ensuring compliance with ISO 27001, SOC 2, GDPR, ZATCA, and UAE data protection regulations.

Responsibilities:

What you will do in your role

1. Strategic Security Leadership

• Define and implement Mazeed’s enterprise information security strategy, aligned with business and product objectives.
• Act as the acting CISO, engaging with senior leadership, board members, auditors, and regulators.
• Establish and grow the Information Security Office, including hiring, budgeting, and vendor selection.

2. Cloud Security & Product Protection

• Architect and enforce secure-by-design principles across the product and cloud environment.
• Implement and monitor AWS security best practices, including IAM, encryption, VPCs, WAF, GuardDuty, CloudTrail, Security Hub, and Key Management Service (KMS).
• Integrate DevSecOps into CI/CD, with automated scanning and compliance tooling.

3. Internal IT Security & Governance

• Oversee internal IT security posture — including endpoint protection, VPNs, identity and access management, asset management, and patching.
• Ensure secure configuration and access across productivity tools (Google Workspace, Slack, Notion), CRM (HubSpot), ERP systems, and third-party SaaS.
• Define and manage IT risk assessments, device baselining, secure onboarding/offboarding processes, and email/communication security controls.

4. Compliance & Certification Management

• Lead Mazeed’s efforts toward achieving and maintaining certifications such as ISO 27001, SOC 2 Type II, and compliance with GDPR, ZATCA, UAE data privacy laws, and NCA Essential Cybersecurity Controls.
• Own and manage the Information Security Management System (ISMS).
• Serve as the primary contact for external audits, regulators, and compliance partners.

5. Security Awareness, Policies & Culture

• Develop and enforce a comprehensive security policy framework, including acceptable use, data classification, access control, remote work, mobile device usage, and incident response.
• Build a scalable Security Awareness Program including:
  • Regular company-wide training
  • Targeted phishing simulations
  • Periodic knowledge checks and updates
• Promote a culture of security, ownership, and risk awareness across all teams, particularly in Engineering, Support, Sales, and Operations.

6. Risk Management & Incident Response

• Define and operationalize a Risk Management Framework for information and technology assets.
• Build and maintain an Incident Response Plan, including playbooks, escalation paths, communications, and forensic readiness.
• Lead post-incident reviews (PIRs) and continuous improvement initiatives.

7. Cross-Functional Collaboration

• Partner closely with:
  • Engineering to design secure systems and review architecture
  • Product to ensure privacy and compliance by design
  • Legal & Compliance for data residency, DPIAs, and contract reviews
  • People & Culture for secure onboarding, training, and internal audits
• Engage with external consultants, cloud providers, and certification bodies as needed.

Qualifications

• 5+ years in information security roles, with at least 3 years in a leadership or CISO-track role.
• Proven experience building security programs in cloud-native SaaS environments (AWS focus).
• Track record of achieving and maintaining ISO 27001, SOC 2, or similar certifications.
• Strong understanding of security architecture, threat modeling, DevSecOps, and IT controls.
• Exceptional communication and leadership skills, with ability to influence across levels.

Preferred:

• Certifications: CISSP, CISM, CCSP, ISO 27001 Lead Implementer/Auditor.
• Experience working with Middle East data protection laws and frameworks (e.g., ZATCA, UAE’s PDPL, SAMA Cybersecurity Framework).
• Prior experience in a startup, fintech, or high-growth SaaS company.
• Familiarity with tools like Tenable, AWS Config, Drata/Vanta, MDM solutions, SASE/SOCaaS platforms.

What we offer:

If you're excited to embark on this journey with us, to be part of an innovative team that's changing the game for small businesses, we encourage you to apply. At mazeed, we don't just hire employees; we welcome team members who share our values and vision. Join us in making a real impact on the financial well-being of small enterprises while advancing your career. Your success is our success, and together, we'll reach new heights in the world of finance and accounting.

Additional Information

What we offer:

If you're excited to embark on this journey with us, to be part of an innovative team that's changing the game for small businesses, we encourage you to apply. At mazeed, we don't just hire employees; we welcome team members who share our values and vision. Join us in making a real impact on the financial well-being of small enterprises while advancing your career. Your success is our success, and together, we'll reach new heights in the world of finance and accounting.

Join our mazeed Family and enjoy:

A comprehensive benefits package that includes competitive compensation, comprehensive health coverage, professional development opportunities, work-life balance initiatives, and an inclusive company culture. We prioritize the well-being and growth of our employees and strive to create a supportive and rewarding work environment.