Company Name : Tarabut Gateway

Information Security Officer

bayt.com

Job Description

Reports to: Information Security Manager 

Based: Riyadh, KSA – Remote with office space in FinTech Saudi 

Follow: You can find us on LinkedIn 

About TG… 

Tarabut Gateway (TG) is the first and largest regulated Open Banking platform in the MENA, with offices in the Kingdom of Bahrain and the UAE. TG connects a regional network of banks and FinTechs via a universal application programming interface (API). By offering tools that allow the facilitation and distribution of personalized financial services, TG enables financial institutions to build a new world of financial services in MENA.  

From our earliest days, we quickly became the region’s first applicant to a ‘regulatory sandbox’ through the Central Bank of Bahrain.  

The clear objective is to build an infrastructure that accelerates an industry transformation. A multisided platform that connects banks, FinTechs, merchants, in the MENA region all on one platform, enabling a new realm of partnerships to be forged.  

Fast forward to today, TG is in partnership with the largest banks in many countries. Our products are being built in Bahrain and are being shipped to other markets. At present we are focusing on scaling up our software engineering and product team to continue to better serve the lives of all 550 million people in the region.  

This is the beginning of our journey, and as we see early-stage fintech start to emerge in other jurisdictions, there is no better time than now for the TG Platform to play its part in driving this new realm of financial services in MENA.  

We’ve secured over $25million in funding, including the largest FinTech seed round in MENA history and investment from Tiger Global. 

 

Team TG… 

Working for TG could be the biggest challenge of your career! You will be exposed to every function of the business, have dialogues with inspiring colleagues that have unique ideas, and be given more autonomy than before to execute your ideas to scale. You will be challenged, held accountable and expected to run like it’s your own business.  

Curiosity is the gateway to learning. Thinking differently is key to our success. We don’t like normal, we prefer to create new rules for the game and redefine the status quo by challenging conventional thinking.  

We have distributed teams in the UK, Dubai, Bahrain, Saudi, and India.  

 

What you’ll do… 

The InfoSec team’s mission is to safeguard the confidentiality, integrity and availability of all TG systems by collaborating cross-functionally, contributing to creating a resilient infrastructure and a culture of security. You’ll enjoy working across TG as well as with our partners and regulators to implement, maintain, and continually improve the organisation’s security posture within KSA. 

You will be a key member of the teams responsible for the ISO 27001 certified Information Security Management System (ISMS) – its governance and compliance across the business. You’ll be responsible for implementing SAMA’s Cybersecurity Framework and achieving the necessary maturity level. You’ll collaborate with technical and non-technical teams to ensure the implementation, compliance and awareness of both technical and organisational controls are to the highest standards. 

We seek team players that have low ego but high ambition. You’ll want to join a mission driven company, building a world class customer experience, creating a world class technology and security operating that inspires high performing teams. 

 

We’re a remote-first company where teamwork and collaboration have no barriers. We embrace diversity and encourage talent who bring a range of perspectives to apply for our roles even if you do not match every requirement in the list above. TG makes hiring decisions based on experience, aptitude, skill and sharing our company values. We will not discriminate with regards to any legally protected characteristics. 

Skills

We’ll need you to 

  • Maintain, communicate, audit, and improve the organisation’s ISO 27001 certified Information Security Management System.   
  • Coordinate with the regulator on matters pertaining to cybersecurity threats, compliance with CSF etc.  
  • Deliver risk-based cyber security solutions that address people, process, and technology including information security policies & processes. 
  • Manage the cyber security activities, including: 
  • Monitoring of the cyber security activities (SOC monitoring). 
  • Monitoring of compliance with cyber security regulations, policies, standards, and procedures. 
  • Overseeing the investigation of cyber security incidents & performing cyber security reviews. 
  • Gathering and analysing threat intelligence from internal and external sources. 
  • Measure and review performance metrics to monitor compliance with SAMA’s Cybersecurity Framework and associated policies, procedures, and controls. 
  • Collaborate with clients, third parties, and regulators to complete effective due diligence processes demonstrating the maturity and effectiveness of the organisation’s policies and controls. 
  • Evangelise security across the business by delivering security awareness training, campaigns and initiatives through third parties, phishing and ransomware assessments, and the use of effective internal communication tools to build a security focused culture. 
  • Contribute the organisation’s security incident response programme responding and recovering from any threats. Including the evaluation and reporting of security incidents. 
  • Advocate data privacy. Perform data mapping and risk assessment and in order to implement strong controls. Align systems, policies, and procedures with these regulatory bodies and laws regarding data protection. 

 

Requirements 

  • Experience working in SAMA-Regulated financial institutions.  
  • Track record in information security roles and working across related projects end to end. 
  • Experience implementing SAMA’s Cybersecurity Framework and have achieved sufficient maturity levels 
  • Experience maintaining the risk management plan, actions, target dates and updating actions. 
  • Experience implementing ISO 27001/2 controls across the business, as well as conducting regular audits. 
  • Experience supporting the implementation of detective, preventative, and corrective security controls to embed the organisation’s security frameworks, policies, standards, and procedures effectively (SAMA, NIST, NCA etc). 
  • Experience preforming gap analysis and NIST maturity assessments.  
  • Experience using project delivery tooling e.g. Confluence, JIRA, LucidChart, Office 365, etc. 
  • Knowledgeable across a range of areas of IT, especially endpoint management, vulnerability management, network security, operating systems, and public cloud hosting (AWS / OCI). 
  • Knowledgeable of Data protection and experience implementing and maintaining processes in-line with government and regulatory requirements. 

Bonus points for: 

  • Experience working within cloud hosting environments preferably AWS and OCI (a bonus). 
  • Experience with security incident response, digital forensics investigations and mock tabletop exercises. You may have dealt with a major security breach in the past (a bonus). 
  • Experience in or been involved in the Open Banking/Financial Services/Banks/Payments/FinTech space (a bonus). 

 

share :