Information Security Quality Assurance Architect — Abu Dhabi – Onsite role
240,000 Dollars (first 140K tax free)
210,000 Euro’s tax free
£190K Tax Free
+ Benefits + Bonus + healthcare + education allowance + flights etc (If FTE)
Location: Abu Dhabi - Permanent FTE - includes relocation support + bonus + healthcare + bens) or Freelance Considered
Key Experience:- 5 Eyes and understanding complex Data Security challenges within Defence/National level projects/engineering projects and experienced setting up Frameworks, Structures and Architecture/process’s for managing across a multi-site/multi-company challenge - CISSP, CISA, or ISO 27001 Lead Auditor are nice to have’s.
About the opportunity
Join a leading global organisation at a pivotal moment: relocate to Abu Dhabi and lead the quality assurance capability that will realign the Group’s Data Strategy. This role is focused on establishing the processes, controls and verification lifecycle required to manage Secure and Non-Secure data consistently across on-premises and cloud environments. You will work directly with the Cyber Security Architect and senior stakeholders to translate policy and architecture into measurable, repeatable assurance and operational practices.
This is a high-impact, hands-on leadership opportunity for a practitioner who thrives on change: modernising hybrid infrastructures, reducing risk, and embedding practical governance across diverse teams and geographies.
What you will own
* Design and own the Information Security QA framework for data handling across the organisation and Group entities.
* Translate data classification policy into clear, testable acceptance criteria for Secure and Non-Secure data throughout the development and deployment lifecycle.
* Develop and maintain a Data Handling Test Library (automated and manual), non-prod sanitisation pipelines, and evidence packs for audit and compliance.
* Implement CI/CD security gates and automated controls (SAST/DAST/IaC/secret scanning, DLP, data masking tests) across pipelines and environments.
* Validate encryption, key management, access controls (RBAC/ABAC), logging/immutable audit trails, backups, and DLP across on-prem and cloud platforms (AWS/Azure/GCP).
* Conduct data flow verification, environment attestation, third-party control validation and periodic re-testing to prove ongoing control effectiveness.
* Partner with the Cyber Security Architect on threat modelling, design reviews and acceptance criteria; act as the independent verifier for security control implementation.
* Provide governance reporting, remediation tracking, and KPI metrics to InfoSec leadership and Group governance.
Why this role matters — the challenge
The organisation has been growing via acquisition and organic growth is operating across legacy on-prem platforms and rapidly evolving cloud estates. The strategic challenge is to create a single, auditable approach to Secure vs Non-Secure data that works at scale: consistent classification, enforceable controls, safe test data practices, and automated assurance that survives change. Success will require technical rigor, stakeholder influence, and practical engineering of test and CI/CD automation to ensure new processes become standard operating procedure across regions and business units.
Experience & skills we’re looking for
* Demonstrable experience building security QA or assurance practices focused on data handling in hybrid environments.
* Strong technical experience with encryption/KMS/HSM, DLP, data masking/synthetic data, secrets management (Vault/KMS), IAM/SSO and cloud platform security.
* Hands-on familiarity with SAST/DAST/IaC/static & dynamic testing, CI/CD integration and automated evidence collection.
* Experience working with compliance frameworks (ISO 27001, GDPR, others) and preparing audit-ready evidence.
* Excellent communicator: able to convert policy/architecture into testable criteria and influence product, engineering and operations teams.
* Desirable: certifications such as CISSP, CISA, or ISO 27001 Lead Auditor.
Measures of success
* Clear, signed acceptance criteria for Secure and Non-Secure data across critical systems.
* High percentage of test environments using masked or synthetic data.
* Reduction in data-handling incidents and measurable improvements in remediation MTTR.
* Automated QA coverage embedded in CI/CD for critical services.
* Audit-ready evidence packs and successful Group-level audit outcomes.
Package & relocation
FTE – includes flights over and home once a year - + bonus + private healthcare + dental, free lunch + 1 month hotel + relocation allowance + 25 days holiday + Tax Free Salary (140K USD only tax free for US Citizens) + Education allowance for children + visas for yourself/wife/husband etc.