Head of Information Security

About the role

We are a fast-growing Alternative Payment Method (APM) provider a global footprint across India, the Middle East, Europe and South America, preparing for expansion into the Morocco. Our mission is to build secure, seamless, and accessible digital payment infrastructure across borders.

We are seeking a dynamic and experienced Head of Information Security to lead the design, implementation, and oversight of our cybersecurity and data protection frameworks as we scale operations in Morocco.

Key Responsibilities:

Security Strategy & Governance:

* Develop and execute a comprehensive information security strategy aligned with business objectives, risk appetite, and regulatory requirements.

Risk Management:

* Identify and assess cyber risks across platforms, vendors, and payment channels. Lead implementation of mitigation plans to address vulnerabilities.

Regulatory Compliance:

* Ensure adherence to Moroccan cybersecurity and data protection regulations (e.g., CNDP), and international standards such as PCI DSS, ISO 27001, GDPR, and local Bank Al-Maghrib guidelines.

Security Architecture:

* Oversee the development of secure infrastructure and applications. Collaborate with IT and product teams to embed security-by-design across systems.

Incident Response:

* Build and manage the incident response program, including detection, response, investigation, and post-mortem analysis of security breaches.

Third-Party Risk:

* Evaluate the security posture of third-party vendors, service providers, and partners involved in processing, storing, or transmitting sensitive data.

Training & Awareness:

* Drive a culture of security awareness through continuous education, training programs, and phishing simulation campaigns across the organization.

Leadership & Team Building:

* Build and lead a high-performing information security team in Morocco, collaborating with regional and global security counterparts.

Preferred Qualifications & Experience:

* Bachelor’s or Master’s degree in Information Security, Cybersecurity, Computer Science, or related field.
* Recognized certifications such as CISSP, CISM, CRISC, CEH, or ISO 27001 Lead Implementer.
* At least 7–10 years of experience in cybersecurity, with 3+ years in a leadership role, preferably in fintech, banking, or payment services.
* Strong knowledge of Moroccan data privacy and cybersecurity laws, and experience interacting with local regulators.
* Proven track record in implementing security frameworks in cloud-based and API-driven environments.
* Fluent in English and French (Arabic is an asset).
* Strong analytical, strategic thinking, and communication skills.