Engineering Manager (Security & Compliance) at Yassir

Role Overview:

• As the Engineering Manager (Security & Compliance), you will play a pivotal role in ensuring the security and compliance of our products and systems. You will collaborate
• with cross-functional teams, drive best practices, and champion security initiatives.

As an Engineering Manager with your team, you will focus on:

• Developing and Implementing Policies: Creating and enforcing security and compliance policies and procedures to ensure adherence to regulatory requirements and industry best practices
• Risk Assessment and Management: Identifying, assessing, and mitigating security risks and compliance gaps through regular audits, vulnerability assessments, and risk management strategies
• Security Architecture and Design: Designing and implementing secure network architectures, systems, and applications to protect against unauthorized access, data breaches, and other security threats
• Security Monitoring and Incident Response: Monitoring systems and networks for security breaches or incidents, and responding promptly to mitigate the impact, investigate root causes, and implement corrective actions
• Compliance Audits and Reporting: Conducting internal and external compliance audits to ensure adherence to regulatory standards, industry certifications, and contractual obligations, and preparing reports for stakeholders
• Security Awareness Training: Providing ongoing security awareness training and education to employees to promote a culture of security and compliance within the organization
• Vendor and Third-Party Risk Management: Assessing the security posture of vendors and third-party service providers, and implementing risk management strategies to protect against supply chain vulnerabilities
• Data Protection and Privacy: Implementing measures to protect sensitive data, including encryption, access controls, and data loss prevention, to ensure compliance with data protection regulations and safeguard customer privacy
• Incident Response Planning: Developing and maintaining incident response plans and procedures to guide the organization's response to security incidents, data breaches, and other emergencies
• Continuous Improvement: Continuously evaluating and improving security and compliance processes, technologies, and controls to adapt to evolving threats and regulatory requirements

You may be a fit for this role if you have some of these inclinations:

• Bachelor's or master’s degree in a related field such as cybersecurity or information technology. Advanced degrees or relevant certifications are a plus
• Experience working in a rapidly growing startup
• Proven experience in emergency management, incident response, or crisis communication, preferably in a security or compliance-focused role
• Strong understanding of security frameworks, compliance standards (e.g., GDPR, HIPAA, PCI DSS), and regulatory requirements relevant to the organization's industry
• Excellent leadership and interpersonal skills with the ability to effectively communicate and collaborate with cross-functional teams
• Crisis management experience, including the ability to remain calm and make sound decisions under pressure
• Analytical mindset with the ability to assess complex situations, identify root causes, and develop effective solutions
• Strong project management skills with the ability to prioritize tasks, manage resources, and meet deadlines in a fast-paced environment
• Commitment to continuous learning and professional development to stay abreast of evolving threats and best practices in emergency management and cybersecurity

Projects you could work on:

• Establishing and maintaining information security strategy for developing company
• Setting up SSDLC process in the product focused company
• Setting security operations processes and enabling security monitoring