Information & Cyber Security (ICS) Risk Specialist

Information & Cyber Security (ICS) Risk Specialist

Meet myZoi

myZoi is changing lives for the better for those who deserve it the most. We are an exciting fintech start-up aiming to promote financial inclusion globally. Our vision is to provide a level playing field to the unbanked and the underbanked in accessing essential financial services in an affordable, convenient, and transparent fashion. We are looking for smart, ambitious, and purpose-driven individuals to join us in this journey.

The Role

We are seeking an Information & Cyber Security (ICS) Risk & Compliance Specialist to collaborate with our Technology and Compliance teams in strengthening our information security posture while aligning with UAE regulatory mandates. This role will bridge technical controls, compliance frameworks, and financial sector regulatory obligations, whilst ensuring safe adoption of enabling technologies. The ideal candidate will have strong information and cybersecurity technical skills, knowledge of global and local information and cybersecurity regulations and standards, including with respect to enabling technologies, good project management experience, and a proactive mindset for continuous improvement and stakeholder engagement. Overall, this role will help the ICS Team ensure that information systems remain secure and compliant with internal and external regulations, and protect our IT infrastructure and digital assets from security threats.

Key Responsibilities

• Lead and execute on information and cybersecurity regulatory compliance initiatives, such as CBUAE Information Security related and NESA UAE Information Assurance annual self-certification as well as the remediation exercise.
  
  
• Own the PCI-DSS lifecycle, encompassing scoping, remediation and coordination of gap or technical assessments - liasing with external vendor(s), SecOps, SREs and DevOps (as required).
  
  
• Monitor, evidence, and report on CIS controls, including the implementation of any identified gaps and improvements to existing controls where appropriate. Drive adoption across IT and business functions (as required).
  
  
• Lead and drive all cyber risk and compliance activities from a project management perspective, reporting to the CISO. This may include compliance with additional regulations, frameworks, or standards in the future, in alignment with the business roadmap and adoption of enabling technologies.
  
  
• Collaborate with the SecOps Team to ensure that the technical implementation of security controls meets regulatory requirements for existing and new tools, while automating processes such as control monitoring efficiently and effectively by leveraging SOC tools whenever feasible.
  
  
• Track, interpret, and operationalize notices and circulars from the Central Bank of the UAE, including maintaining a central repository of CBUAE directives and related actions.
  
  
• Support the Cybersecurity Manager and CISO with conducting internal audits and prepare for potential regulatory inspections.
  
• Support the CISO and Cybersecurity Manager with periodic reporting to the Executive Risk Committee, ensuring that updates are prepared in advance and exploring automation opportunities.
  
• Conduct proactive annual threat-led risk assessments for critical assets, supporting the Cybersecurity Manager and CISO with a risk-based information and cybersecurity strategy and roadmap.
  
• Collaborate with IT, legal, compliance, and other teams as required to implement timely controls and reporting obligations while also supporting with information security training and awareness.
  
• Formulate a future-ready integrated control framework aimed at automating, streamlining, and enhancing the efficiency and effectiveness of information and cybersecurity regulatory and compliance requirements.
  
• Explore and propose a solution to automate information and cyber compliance monitoring, evidencing, and reporting, utilizing visual dashboards to demonstrate risk posture and compliance status to cross-functional leadership.
  
  

Qualifications

• Bachelor's degree in Cybersecurity or a related discipline; a Master's degree in a related field is preferred.
  
  
• Certifications: CISSP and CISA / CISM and Prince2 / PMP preferred.
  
  
• 6+ years of hands-on experience in information and cyber risk, compliance, control implementation and project management (with a Master's degree in a related discipline), or
  
• 8+ years of hands-on experience in information and cyber risk, compliance, control implementation and project management (with a Bachelor's degree in Cybersecurity or a related discipline).
  
• Extensive knowledge and experience with e.g. CBUAE Information Security and NESA UAE Information Assurance regulations, CIS Controls, PCI-DSS, ISO27001 and CBUAE directives.
  
• Strong command of English and excellent communication skills, with the ability to simplify complex concepts for non-technical audiences.
  
• Ability to manage multiple tasks in a high-pressure environment.
  
• Willingness to engage actively in task execution as well as management.
  
• Experience in financial services or fintech environments is essential.
  
• Experience in data security and broader data governance is a plus.
  

You'll be part of a team committed to secure innovation, balancing agility with discipline. We're reimagining risk culture through compliance that fosters trust, not just ticks boxes.

This role is based in Dubai (UAE).

What We Offer

• Competitive salary package, with health insurance and benefits.
  
• Professional growth and development opportunities.
  
• Opportunity to work with cutting-edge fintech solutions.
  
• Flexible work arrangements.
  
• A great team.
  

At myZoi we strive to create a both a product and a team that embraces equality, inclusion, diversity and freedom. We want people who can be themselves and bring their own brand of value to the team. Come and join us!