Head of Security

Become a part of Pemo’s incredible team!

We’re bold, collaborative, and ego-free. We challenge each other positively, encourage courageous decisions, and always aim high. Excited to be part of something big? We’re hiring a Head of Security.

The Role

Pemo is establishing a dedicated security function to formalize and elevate our cybersecurity posture. As Head of Security, you will be the first owner of this critical function, responsible for maintaining our compliance standards, strengthening our security controls, and building the frameworks necessary for our regulatory roadmap.

This role requires balancing technical security work with governance and compliance. You will work closely with engineering teams to implement security best practices while maintaining the documentation and processes required for PCI-DSS, ISO 27001/SOC 2, and EMI license preparation.

Required Qualifications

• 5–7 years of experience in information security, preferably in fintech or regulated industries
• Strong technical foundation with ability to review system architecture and assess security controls
• Hands-on experience maintaining compliance frameworks (PCI-DSS, ISO 27001, SOC 2)
• Proven ability to work with engineering teams and translate security requirements into practical implementations
• Experience with data privacy regulations and data localization requirements
• Strong documentation and process design skills
• Ability to manage vendor relationships and coordinate external audits
• Experience with risk assessment methodologies and security frameworks
  
  

Key Responsibilities

Compliance & Governance

• Maintain PCI-DSS Level 1 compliance and manage quarterly/annual audit cycles
• Lead implementation of ISO 27001 or SOC 2 Type II certification
• Manage and maintain the existing GRC system
• Conduct regular risk assessments and maintain risk register
• Develop and enforce information security policies and standards
• Ensure compliance with PDPL and other applicable data protection regulations
  
  

Technical Security & Engineering Collaboration

• Review system architecture and cloud infrastructure security
• Provide security guidance during software development lifecycle
• Assess and recommend security tooling (SAST, DAST, vulnerability management, CSPM)
• Conduct threat modeling and security architecture reviews
• Define security requirements for DevOps and software engineering teams
• Oversee vulnerability management and remediation processes
• Participate in incident response and conduct security investigations
  
  

Policy Implementation & Documentation

• Develop Standard Operating Procedures (SOPs) for security operations
• Create and maintain security documentation for audit and regulatory requirements
• Build security awareness and training programs for engineering teams
• Establish processes for security reviews and change management
• Document security controls, data flows, and system access policies
• Maintain security baselines and configuration standards
  
  

Data Protection & Privacy

• Implement and maintain data classification framework
• Ensure data residency and localization requirements are met across UAE/KSA operations
• Design and enforce access control policies
• Oversee data subject rights management and privacy incident response
• Partner with engineering on privacy-by-design implementation
• Conduct data protection impact assessments (DPIAs) as required
  
  

Vendor & Stakeholder Management

• Manage relationships with external auditors, penetration testing firms, and security service providers
• Coordinate security audits and ensure timely remediation of findings
• Report on security posture, key risks, and metrics to CTO and executive leadership
• Respond to customer security questionnaires and due diligence requests
• Collaborate with Legal and Compliance teams on regulatory matters
  
  

Reporting Structure

This position reports directly to the CTO and will be the sole owner of the security function initially. The role involves close collaboration with Engineering, DevOps, Product, Legal, and Compliance teams.

Why Pemo?

Work your way with flexible hours and freedom to take time off when you need it. Join a global team of fintech experts, backed by $18M+ from top investors and named in Forbes ME Top 50. At Pemo, you’ll innovate, grow, and help shape the future of spend management in MENA.

A Little More About Our Company

Pemo is a fintech company providing corporate expense management and card services in the UAE and KSA markets. We operate under full regulatory supervision and maintain:

• PCI-DSS Level 1 certification
• SAMA and CBUAE regulatory compliance
• Cloud-agnostic microservices architecture on GCP Dammam region
• PDPL compliance for data protection
  
  

We are backed by leading fintech investors including Cherry Ventures, Fintech Collective, and Speedinvest. At Pemo, we believe that all business owners deserve to be successful. Business owners deserve to spend their time and money doing what they do best - running their businesses. They deserve to stay in control of their finances, at any point in time, effortlessly! Thats why we have built the all-in-one spend management platform that empowers MENA business owners and their teams.

With Pemo, company spending becomes easy, fast and transparent. Teams can spend smarter and autonomously. Business owners can run more efficient workplaces and keep control of their finances. Pemo gives superpowers to businesses so they can be bold and fast.

---