Head Of Information Security at Thndr

About The Role Thndr is looking for a Head of Information Security to serve as the company's most senior security leader, with full ownership of the information security program across strategy, governance, risk, and engineering. Reporting directly to executive leadership, you will set the vision and direction for how Thndr manages security risk, define the standards and accountability structures that govern how teams operate, and ensure the security function is performing at the level the business and its regulators expect. You will lead two established teams and be accountable for their output, development, and alignment to the broader security strategy: - Information Security (Governance, Risk & Assurance) — owns the security program at the governance level, including the policy and control framework, cyber risk management, regulatory alignment, and independent oversight and challenge across all business functions. - Security Engineering — designs, builds, and operates Thndr's core security capabilities and tech stack, from access controls and CI/CD security to logging, DLP, and the broader tooling estate. This is not a hands-on technical role. It is a leadership role for someone who knows the domain deeply enough to ask the right questions, set the right expectations, and hold the right people accountable — while building a function that is trusted by the business, respected by regulators, and capable of scaling with Thndr's growth across Egypt, the UAE, and KSA. What You'll Do Security Strategy & Program Ownership - Define and own Thndr's information security strategy and multi-year roadmap, balancing risk reduction, regulatory obligations, and business velocity. - Set the operating model for the security function, including how teams are structured, how accountability is distributed, and how performance is measured. - Act as Thndr's most senior security voice — advising executive leadership, representing the function in governance committees, and providing clear, independent views on residual risk and strategic priorities. Governance, Risk & Compliance - Own the information security program at the governance level: policy framework, control framework, and cyber risk management approach. - Drive the organization's alignment to applicable frameworks and regulations — including ISO 27001, NIST CSF, PCI DSS, SOC 2, and the regulatory requirements of EG-FRA, ADGM-FSRA, and the emerging KSA landscape. - Ensure the risk register, KPIs/KRIs, and maturity measures are maintained and used to drive accountability — with your teams executing the underlying work. - Commission and review independent reporting on the security program's effectiveness; challenge control owners where performance falls short of expectations. Team & Function Leadership - Provide unified leadership across both the Information Security and Security Engineering teams, ensuring they operate cohesively with clear mandates, aligned priorities, and shared accountability to the security strategy. - Lead, develop, and retain high-performing teams — creating clear career pathways, a culture of ownership, and a bench of future leaders, while holding functional leads accountable for outcomes without directing day-to-day work. - Build the security function's reputation as a trusted partner internally and a credible, independent voice on risk externally — with regulators, auditors, and commercial stakeholders alike. What You'll Need Experience - 8+ years in information security, with at least 4–5 years in a senior leadership role (CISO, Head of Security, or equivalent), owning a security function end-to-end. - Proven track record leading multi-disciplinary security teams spanning both GRC and technical/engineering domains. - Experience operating in a regulated financial services or fintech environment, with direct exposure to regulatory engagement and audit defense. - Demonstrated ability to build and scale security programs in high-growth environments. Domain Knowledge - Deep understanding of the security landscape across GRC, application security, infrastructure security, IAM, and cloud environments — sufficient to set direction, challenge practitioners, and make informed risk trade-offs. - Familiarity with the tooling and capabilities underpinning a modern security function (SIEM, SAST/SCA, WAF, DLP, access management, etc.), without being expected to operate them directly. Frameworks & Compliance - Strong working knowledge of ISO 27001, NIST CSF, PCI DSS, and/or SOC 2 — including how to govern against them at scale. - Experience managing regulatory relationships and preparing board- and committee-level security reporting. Leadership & Communication - Exceptional executive presence — able to represent security credibly at the board level and translate complex risks into clear business language. - A natural leader who builds trust with technical and non-technical stakeholders alike, and who holds teams to high standards without micromanaging. - Strategic thinker with the judgment to prioritize effectively, navigate ambiguity, and make decisions under uncertainty. Nice to Have - Familiarity with financial regulatory requirements across Thndr's operating markets: EG-FRA (Egypt), ADGM-FSRA (UAE), and the emerging KSA regulatory landscape. - Relevant certifications: CISSP, CISM, or equivalent. Who Are We? Thndr was founded on a bold dream to democratize access to investing through smart tech and human-centric design. This is simply our way of saying we give anyone with a smartphone the simple and easy access they need to preserve and grow their wealth. At the same time, we’re shaping the future of investing while actively driving the economies we serve by promoting local investment products. History has shown that investing is the single greatest way to build long-term wealth, but before Thndr, only a very small percentage of people had access to it due to: - High barriers to entry — In the form of excessive minimum account balances, complex, outdated onboarding, and low financial literacy. - Irrelevant experience — Catered toward expert traders and financial specialists, therefore alienating the majority of the population. - Fragmented offering — Investment products were not gathered in a single, intuitive outlet. We don't just talk about change, we deliver it. Here's a glimpse into our impact so far: - 3 million app downloads - $8.8bn in annualized traded value - #1 platform in terms of traded value - 84% of our users are investing for the first time - 65% of our users come from outside of capital cities and have previously had limited access to financial institutions Building on the success of our core platform, we are continuing to change culture and break down barriers by launching Rumble, the subscription-based investment recommendations platform. Rumble was born with the vision to empower everyday individuals to build wealth confidently and intelligently through access to timely and in-depth advice from the industry’s top experts. Going beyond traditional investment advice, it offers long and short-term investment recommendations and financial content through engaging articles and videos that guide users on their financial journey and maximize their returns. At Thndr, we're looking for people driven by our mission to help us democratize investing across the MENA region.