Job Description

Roles & Responsibilities

1. Operate a squad's 4-workstream delivery (AppSec / AI Governance / Continuous Security Validation / Compliance Trail) against 2LoD approved policies, with measurable SLA adherence and CBUAE inspection-readiness.

2. Own the consolidated tooling stack (e.g. SonarQube, Snyk, ServiceNow IRM, Security Agent, Claude, Codex, OPA, Microsoft Defender for Cloud, AWS Security Hub) — vendor consolidation, integration architecture, and DefectDojo→Attestation→Power BI evidence chain.

3. Act as 1LoD counterpart to 2LoD and AI CoE — chairing the Security Champions Guild, arbitrating cross-workstream priorities, and presenting the monthly DevSecOps Governance Dashboard to 2LoD. in cybersecurity engineering with proven leadership across DevSecOps, cloud security (Azure + AWS), and AI/LLM security.

Banking or regulated-industry experience essential, including hands-on delivery against CBUAE (Decree-Law 6/2025, Enabling Technologies Guidelines, AI/ML Guidance Note), NIST AI RMF and ISO/IEC 42001.

Demonstrated experience operating within a 3-Lines-of-Defense model — implementing controls in 1LoD while engaging credibly with 2LoD on policy, assurance and independent testing.

Desired Candidate Profile

• CISSP (mandatory) · CCSP or AWS Certified Security – Specialty or Azure Security Engineer Associate · CISM or ISO/IEC 42001 Lead Implementer · Certified DevSecOps Professional (CDP) or equivalent. Desirable: SABSA, GIAC GCSA. Experience- 12 + years