Aktuelle Jobs

Role Purpose

The Executive Manager – Squad Cyber Technical Lead is responsible for leading a multi-disciplinary DevSecOps squad delivering secure engineering capabilities across Application Security, AI Governance, Continuous Security Validation, and Compliance Trail.

This role serves as the first line of defence (1LoD) technical leader, ensuring alignment with 2LoD-approved policies, maintaining CBUAE regulatory readiness, and driving end-to-end ownership of the cybersecurity engineering tooling ecosystem. The position also plays a critical role in bridging engineering, risk, and AI governance functions.

Key Responsibilities

1. Squad Leadership & Multi-Workstream Delivery

• Lead and manage delivery across four security workstreams:
  • Application Security (AppSec)
  • AI Governance
  • Continuous Security Validation
  • Compliance Trail & Evidence Management
• Ensure all workstreams operate in alignment with 2LoD-approved policies and frameworks
• Define and track KPIs, KRIs, and SLA adherence across the squad
• Maintain continuous CBUAE inspection readiness, including audit trails and documentation
• Drive execution discipline, backlog prioritization, and delivery governance

2. Enterprise Security Tooling Ownership

• Own and govern the end-to-end DevSecOps tooling stack, including:
  • SonarQube, Snyk (Application Security)
  • ServiceNow IRM (Risk & Compliance)
  • Microsoft Defender for Cloud, AWS Security Hub (Cloud Security)
  • OPA (Policy-as-Code)
  • AI tooling (e.g., Claude, Codex)
  • Security Agent platforms
• Lead vendor consolidation, tool rationalization, and cost optimization initiatives
• Define and implement integration architecture across tools and CI/CD pipelines
• Establish and manage the evidence chain architecture:
  • DefectDojo → Attestation → Power BI reporting dashboards
• Drive automation and ensure seamless visibility of security posture across environments

3. Governance, Stakeholder Engagement & 3LoD Alignment

• Act as the 1LoD counterpart to:
  • 2LoD Risk & Compliance teams
  • AI Centre of Excellence (CoE)
• Operate effectively within the 3 Lines of Defense model, ensuring:
  • Strong control implementation (1LoD)
  • Credible engagement on assurance and independent testing (2LoD)
• Chair the Security Champions Guild, promoting secure development practices across engineering teams
• Resolve cross-workstream dependencies and prioritization conflicts
• Present the monthly DevSecOps Governance Dashboard to:
  • CISO
  • Risk Committees
  • 2LoD stakeholders

4. Regulatory Compliance & Framework Alignment

• Ensure compliance with:
  • CBUAE Decree-Law No. 6/2025
  • Enabling Technologies Guidelines
  • AI/ML Guidance Notes
• Align engineering practices with:
  • NIST AI Risk Management Framework (AI RMF)
  • ISO/IEC 42001 (AI Management Systems)
• Embed compliance-as-code and policy-as-code principles
• Ensure audit readiness and support regulatory inspections

5. Cloud, AI & Security Engineering Oversight

• Drive secure engineering practices across:
  • Azure and AWS cloud platforms
  • AI/ML and LLM-based systems
• Implement controls for:
  • AI/LLM risks (e.g., prompt injection, data leakage, misuse)
  • Cloud misconfigurations and vulnerabilities
• Lead continuous security validation approaches:
  • Automated testing
  • Red teaming and attack simulations

6. Reporting, Metrics & Executive Communication

• Develop and oversee enterprise-level dashboards (Power BI) including:
  • Vulnerability posture
  • SLA performance
  • Compliance status
  • Risk trends
• Translate technical issues into business risk insights for senior stakeholders
• Present actionable insights and recommendations to leadership and regulators

Qualifications & Experience

Education

• Bachelor’s or Master’s degree in:
  • Cybersecurity
  • Computer Science
  • Engineering or related field

Experience

• 12–15+ years in cybersecurity engineering / DevSecOps / cloud security
• Proven experience leading cross-functional security squads or engineering teams
• Strong background in banking or regulated industries (mandatory)
• Demonstrated delivery aligned to:
  • CBUAE regulatory requirements
  • NIST AI RMF and ISO/IEC 42001
• Hands-on experience operating within 3 Lines of Defense (3LoD)

Technical Skills

• Deep expertise in:
  • DevSecOps and secure SDLC implementation
  • Application security (SAST, DAST, SCA)
  • Cloud security (Azure & AWS)
• Strong experience with:
  • Security tooling ecosystems (SonarQube, Snyk, Defender, AWS Security Hub, OPA)
  • GRC tools (ServiceNow IRM or equivalent)
• Knowledge of:
  • AI/LLM security risks and governance frameworks
  • Policy-as-code and automation frameworks

Leadership & Behavioral Competencies

• Strategic leadership with hands-on execution capability
• Strong stakeholder and regulatory engagement skills
• Ability to influence across technical and non-technical audiences
• Decision-making under complexity and competing priorities
• Strong governance, risk, and control mindset

Key Competencies

• DevSecOps & Secure Engineering Leadership
• AI Security & Governance
• Cloud Security & Architecture
• Regulatory Compliance (CBUAE, NIST, ISO)
• Tooling Integration & Automation
• Risk & Control Management (3LoD)

Certifications (Preferred)

• CISSP / CISM
• CCSP (Cloud Security)
• Certified DevSecOps Professional
• ISO 27001 Lead Implementer/Auditor
• AI / Responsible AI certifications

Ideal Candidate Profile

• Senior leader with strong DevSecOps and cybersecurity engineering experience at scale
• Proven ability to bridge engineering, risk, and compliance functions
• Experience presenting to CISO, risk committees, and regulators
• Deep understanding of AI governance and emerging risks in regulated environments