Company Description

PayLater is Qatar’s first Qatar Central Bank (QCB) licensed, Sharia-compliant Buy Now, Pay Later (BNPL) provider, built to make every transaction smarter, safer, and more rewarding. Founded in 2023, PayLater empowers consumers to split their purchases into four equal, interest-free installments over a period of three months, with no hidden fees or surprises. The platform promotes responsible spending and provides users with the flexibility to manage their budgets confidently. Merchants benefit from measurable growth by boosting conversions, increasing basket sizes, and reducing checkout drop-offs. With instant payouts, seamless API integration, and zero repayment risk, merchants enjoy guaranteed revenue and a smoother customer experience.

Role Description

We are looking for an Information Security Lead to build and mature our security function. This role will work closely with Technology, Product, Risk, and Compliance to protect our platform, secure customer data, and ensure full alignment with Qatar Central Bank’s cybersecurity expectations. You will play a central role in shaping our InfoSec roadmap, strengthening our defences, and embedding security into every part of our technology stack.

Role location: Doha, Qatar.

What will you be doing?

In this role, you will be responsible for building a strong, practical, and scalable security foundation for PayLater. Your day-to-day will include:

• Developing and maintaining PayLater’s Information Security Framework aligned with ISO 27001, PCI-DSS, NIST, and global best practices
• Ensuring end-to-end compliance with QCB Technology Risk & Cybersecurity requirements
• Leading governance activities: policies, procedures, risk assessments, internal audits, and control reviews
• Strengthening cloud and application security across AWS/Azure, microservices, APIs, and mobile/web platforms
• Embedding DevSecOps into our engineering culture - CI/CD security, code scanning, and secure infrastructure automation
• Monitoring, investigating, and responding to vulnerabilities, incidents, and emerging threats
• Managing identity and access controls, MFA enforcement, and privileged access (PAM)
• Conducting vendor and third-party security assessments and ensuring outsourcing compliance
• Partnering with Product & Engineering to ensure every feature is secure by design
• Leading penetration testing cycles and driving remediation efforts to closure
• Preparing regular security insights, dashboards, and executive updates for leadership

What are our requirements?

We are looking for someone who brings both depth and practicality to InfoSec:

• 6–8 years of cybersecurity experience, ideally in fintech, payments, banking, or high growth digital platforms
• Strong understanding of cloud security (AWS/GCP), API security, mobile and web application security
• Hands-on experience with SIEM, WAF, vulnerability scanning tools, encryption, IAM, and securing distributed systems
• Proven experience running ISO 27001 programs, participating in audits, and working with PCI-DSS
• Familiarity with secure SDLC practices and modern engineering workflows
• Working knowledge of QCB regulations is a strong advantage
• Ability to independently structure and mature an InfoSec function from the ground up
• Experience working with cross-functional technical teams

What can you bring to the table?

We will be excited to meet you if you bring:

• A security-first mindset and the ability to anticipate risks before they escalate
• Strong critical thinking and the confidence to challenge assumptions when needed
• The ability to translate complex technical security topics into clear, actionable language
• A collaborative approach, comfortable working with engineering, product, compliance, and leadership
• Proactiveness in identifying risks and implementing preventive measures
• Passion for scaling secure, cloud-native fintech platforms