Head Of Information Security

Head Of Information Security About The Role Thndr is looking for a Head of Information Security to serve as the company's most senior security leader, with full ownership of the information security program across strategy, governance, risk, and engineering. Reporting directly to executive leadership, you will set the vision and direction for how Thndr manages security risk, define the standards and accountability structures that govern how teams operate, and ensure the security function is performing at the level the business and its regulators expect. You will lead two established teams and be accountable for their output, development, and alignment to the broader security strategy: - Information Security (Governance, Risk & Assurance) — owns the security program at the governance level, including the policy and control framework, cyber risk management, regulatory alignment, and independent oversight and challenge across all business functions. - Security Engineering — designs, builds, and operates Thndr's core security capabilities and tech stack, from access controls and CI/CD security to logging, DLP, and the broader tooling estate. This is not a hands-on technical role. It is a leadership role for someone who knows the domain deeply enough to ask the right questions, set the right expectations, and hold the right people accountable — while building a function that is trusted by the business, respected by regulators, and capable of scaling with Thndr's growth across Egypt, the UAE, and KSA. What You'll Do Security Strategy & Program Ownership - Define and own Thndr's information security strategy and multi-year roadmap, balancing risk reduction, regulatory obligations, and business velocity. - Set the operating model for the security function, including how teams are structured, how accountability is distributed, and how performance is measured. - Act as Thndr's most senior security voice — advising executive leadership, representing the function in governance committees, and providing clear, independent views on residual risk and strategic priorities. Governance, Risk & Compliance - Own the information security program at the governance level: policy framework, control framework, and cyber risk management approach. - Drive the organization's alignment to applicable frameworks and regulations — including ISO 27001, NIST CSF, PCI DSS, SOC 2, and the regulatory requirements of EG-FRA, ADGM-FSRA, and the emerging KSA landscape. - Ensure the risk register, KPIs/KRIs, and maturity measures are maintained and used to drive accountability — with your teams executing the underlying work. - Commission and review independent reporting on the security program's effectiveness; challenge control owners where performance falls short of expectations. Team & Function Leadership - Provide unified leadership across both the Information Security and Security Engineering teams, ensuring they operate cohesively with clear mandates, aligned priorities, and shared accountability to the security strategy. - Lead, develop, and retain high-performing teams — creating clear career pathways, a culture of ownership, and a bench of future leaders, while holding functional leads accountable for outcomes without directing day-to-day work. - Build the security function's reputation as a trusted partner internally and a credible, independent voice on risk externally — with regulators, auditors, and commercial stakeholders alike. What You'll Need Experience - 8+ years in information security, with at least 4–5 years in a senior leadership role (CISO, Head of Security, or equivalent), owning a security function end-to-end. - Proven track record leading multi-disciplinary security teams spanning both GRC and technical/engineering domains. - Experience operating in a regulated financial services or fintech environment, with direct exposure to regulatory engagement and audit defense. - Demonstrated ability to build and scale security ... (truncated, view full listing at source)