Chief Information Security Officer
Indexed description
About Fortis
Fortis is part of a fintech group with a 12-year history. Its core product transforms a standard payment terminal into a full business system — with a product catalogue, loyalty programmes, online payments, and analytics. Three years ago the group launched international expansion through Fortis in the UAE, now actively scaling across MENA in partnership with Network International. The strategic priority for this year is obtaining a financial licence from the Central Bank of the UAE.
Regulatory & Licensing
Act as the designated Information Security Officer before CBUAE. Complete the Fit & Proper assessment. Prepare and maintain the full documentation package — policies, procedures, and evidence. Accompany inspections and respond to regulatory requests.
Compliance & Audits
Maintain the information security risk register. Identify and close gaps against PCI DSS, PCI PIN, and CBUAE requirements. Coordinate internal and external audits; liaise with QSAs and payment schemes.
Security Governance
Adapt global IS policies to UAE requirements and Fortis context. Oversee local implementation. Participate in architecture reviews, infrastructure changes, and new product launches.
Incident Management
Serve as the primary point of contact for IS incidents at Fortis UAE. Manage the full incident lifecycle, notify CBUAE as required, conduct post mortems, and drive corrective actions.
Security Awareness
Run the security awareness program for the local team. Coordinate with global initiatives. Report on IS KPIs and compliance status.
Required:
- UAE resident, available for full-time permanent employment
- 3+ years in information security (5+ preferred)
- Experience in fintech, banking, PSP, or another regulated financial organisation
- Solid knowledge of PCI DSS — mandatory
- Experience operating in high-compliance, regulated environments
- Ability to prepare policies, procedures, and audit evidence packages
- Confidence representing the company before regulators, auditors, and external stakeholders
- Able to work autonomously without a direct team
- Experience in matrix structures and collaboration with global teams
Nice to have:
- Prior involvement in a CBUAE or equivalent financial licence process
- Direct experience working with the Central Bank of the UAE
- Knowledge of PCI PIN and other payment security standards
- Established professional network in the UAE financial sector
- Experience building Security Awareness programs
- Experience leading an IS function or team
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search