Information Security Officer

About Us:

Bamboo Card is the Middle East's leading Digital Prepaid Products Distributor and Rewards Fulfilment agency. Committed to trust, dependability, and excellence, we have been revolutionizing global loyalty programs since 2018. Our comprehensive range of offerings includes eGift Cards, Prepaid Cards, and Top-Ups, providing versatile solutions to meet the diverse needs of digital prepaid products. With strategic services such as a robust API and Client Portal, we not only simplify but also enhance the seamless delivery of rewards.

Role Overview:

As our first dedicated security hire, you’ll define and implement Bamboo Card’s information security strategy. This role is both strategic and hands-on. You will partner closely with engineering, product, and operations teams to ensure secure development and delivery of digital products, and build strong foundations for regulatory compliance and risk management.

Job requirements

What Excites Us

• 5+ years of experience in Information Security, Cybersecurity, or DevSecOps.
• Solid understanding of cloud security (especially AWS), modern software architecture, and API protection.
• Hands-on experience with security tooling (SAST/DAST scanners, vulnerability scanners, SIEM, secrets managers).
• Experience building or contributing to an SDLC security program.
• Working knowledge of standards such as PCI DSS, ISO 27001, SOC 2, and GDPR.
• Familiarity with common attack vectors (OWASP Top 10) and countermeasures.
• Previous experience in fintech, payments, or digital product distribution is a strong plus.
• Excellent communication and documentation skills.

What Excites You

• Being the security architect in a high-growth, high-impact company.
• Defining and enforcing security at the core of digital payments and gift card infrastructure.
• Working directly with engineers on DevSecOps, secure deployment, and scalable cloud infrastructure.
• Designing a modern, lean security program from scratch and seeing it mature.
• Enabling innovation by reducing risk, not just blocking threats.

Job responsibilities

What You’ll Do

• Build Security by Design: Guide the software team in implementing secure architecture across our APIs, card storage workflows, and B2B platforms.
• Define & Enforce Policy: Create and maintain security policies, procedures, and documentation tailored to our business model and compliance goals.
• Secure the SDLC: Integrate security into the software development lifecycle (SDLC) through static/dynamic analysis, threat modeling, and secure code reviews.
• Monitor & Respond: Establish alerting, monitoring, and incident response plans for card-related or infrastructure breaches.
• Lead Risk Management: Own risk assessment, vulnerability management, and mitigation planning across internal systems and external integrations.
• Audit & Comply: Drive readiness for standards like ISO 27001, SOC 2, PCI DSS, and ensure alignment with GDPR and partner requirements.
• Collaborate Cross-Functionally: Work closely with Engineering, IT, and Business Operations to embed security into everyday decision-making.
• Train & Champion: Elevate security awareness through team training, internal documentation, and regular
•  security exercises.

Job benefits

• Paid Time Off: Enjoy 11 working days of paid annual leave, accrued on a pro-rata basis, plus 7 days of paid sick leave, in line with UAE labor laws (applicable after probation).
• Growth & Learning: Get a USD 1,000 annual Professional Development allowance to invest in courses, certifications, or conferences, available after you complete your probation.
• Performance Bonus: We reward impact! Employees are eligible for a performance-based annual bonus, aligned with individual and company milestones.