About the Job
We are looking for a Security Compliance Officer to lead Lean’s regulatory compliance efforts and ensure our security frameworks align with the highest industry standards. This role will be critical in maintaining ISO 27001, SOC 2, UAE NESA, and UAE Central Bank compliance, managing security audits, risk assessments, and data privacy requirements across the company.
Additionally, this role will support UAE banking license security requirements and work closely with engineering, legal, and risk teams to implement security best practices while enabling Lean’s growth in the Open Banking sector.
Who are we
Lean enables companies to seamlessly connect to their users’ bank accounts to initiate real-time payments and retrieve their account information. Our products have garnered the trust of leading companies and enabled them to deliver powerful experiences when connected with a user’s bank account, allowing users to perform prudent financial planning, get better rates on loans, transfer money to friends, and more, without compromising on privacy or security.
Some of Lean’s clients include the likes of Binance, Etisalat Group, Careem, Sarwa, and many more, making it the region’s most valuable Open Banking platform. The company has now processed hundreds of millions of dollars, and its products are also connected with hundreds of thousands of accounts. Lean envisions a fully inclusive financial ecosystem that serves everyone, no matter where they bank or live in the MENAP region.
Responsibilities
- Ensure Regulatory Compliance – Maintain and enforce SOC 2, ISO 27001, UAE NESA, and UAE Central Bank security compliance frameworks.
- Lead Internal & External Audits – Prepare for security audits, certification renewals, and regulatory assessments.
- Support UAE Banking License Applications – Ensure Lean meets all security requirements necessary for banking license applications and ongoing compliance.
- Risk Assessment & Management – Identify, assess, and mitigate security risks while ensuring proper reporting to regulators and senior management.
- Data Privacy & Protection – Implement data privacy policies and compliance measures across the company, ensuring alignment with UAE data protection laws, and other relevant regulations.
- Third-Party & Vendor Security – Conduct security due diligence for vendors, ensuring compliance with Lean’s security policies and contractual requirements.
- Security Awareness & Training – Implement security awareness programs and educate employees on compliance, fraud prevention, and data protection best practices.
- Governance & Reporting – Provide security & compliance reports to senior management and regulators, ensuring Lean’s risk posture remains strong.
Minimum Qualifications
- 7-10 years of experience in security compliance, risk management, or regulatory security in fintech, banking, or financial services.
- Deep expertise in ISO 27001, SOC 2, UAE NESA, and UAE Central Bank regulatory requirements.
- Proven track record of managing security audits, certification processes, and banking license security requirements.
- Experience with data privacy frameworks (e.g., GDPR, UAE data protection regulations) and implementing company-wide data security policies.
- Hands-on experience with SIEM, EDR (e.g., BitDefender), IAM/PAM tools, and cloud security (preferably GCP).Strong understanding of data encryption, secure data transfer, and data residency requirements.
- Experience conducting third-party security risk assessments and vendor security reviews.
- Strong communication skills, with the ability to collaborate with technical and non-technical stakeholders.
Desired Qualifications
- CISSP, CISM, CISA, ISO27001 Lead Auditor/Implementor or similar certifications are highly
- preferred.Experience with SAMA CSF and exposure to KSA security frameworks (e.g., SAMA cybersecurity regulations, banking security standards, or experience with SAMA audits)
- is a plus.Familiarity with Open Banking security, API security, and financial sector compliance
- challenges.Knowledge of GRC tools for tracking compliance, audits, and risk reporting.
