Co-founding Cto

 

Description:

MandateAI is building the next generation of regulatory intelligence for the UAE — starting with ADGM and VARA compliance. We replace slow, expensive manual compliance processes with an AI-native platform that monitors regulatory obligations, tracks tasks, flags breaches, and delivers real-time intelligence to both regulated firms and the consultancy firms that advise them.

We built our working proof-of-concept using Claude Code and Anthropic's MCP architecture. The platform already has multi-tenant firm management, AI-powered gap assessments, breach logging, WhatsApp and Teams notifications, and a full regulatory task engine. We are now looking for a Co-Founding CTO to take that PoC to a commercial MVP and own the technical direction of the company through pre-seed, seed, and beyond.

This is not a "help us build a prototype" role. There is substance here. You will inherit real infrastructure and real decisions.

What You Will Inherit

A working, deployed product — not a blank page:

•     FastAPI (Python) backend on Railway with modular API surface across compliance, AI, admin, and firm-management layers

•     Supabase (PostgreSQL, Frankfurt) with row-level security, multi-tenant schema, and audit logging

•     Static HTML/JS frontend with multi-role access: regulated firms, consultancy firm admins, and platform admins

•     Anthropic Claude integration for gap assessments, AI chat, regulatory Q&A, and agentic task orchestration via MCP

•     Notification layer: Microsoft Teams webhooks, Twilio WhatsApp, and email alerts

•     Compliance engine: breach logging, overdue task triggers, daily digest scheduler, declaration closing alerts

•     Consultancy multi-tenancy: firm onboarding, client management, sales pipeline and admin tooling

•     Deployed, live and in development as a PoC

The Role

As Co-Founding CTO you will own every layer of the technical stack and drive the product from proof-of-concept to commercial-grade platform. You will work directly with the Founder & CEO (non-technical) and be the single technical decision-maker at the company.

Your core responsibilities:

• PoC to MVP: Harden the existing codebase for production — security, testing, CI/CD, observability, and reliability at scale.

• AI-Augmented Architecture: Extend the Anthropic/Claude MCP integration. Build agentic workflows that go beyond chat — automated regulatory monitoring, intelligent task generation, and proactive compliance alerting.

• UAE-Sovereign Infrastructure: Evaluate and implement the right cloud and storage strategy for UAE data residency requirements (ADGM, VARA). Coordinate AWS or local cloud where relevant.

• Platform Scalability: Design the multi-tenant architecture to support hundreds of consultancy firms and thousands of end clients without re-platforming.

• Security & Compliance: Implement enterprise-grade security posture: penetration testing readiness, SOC 2 groundwork, role-based access hardening, and audit trail integrity.

• Co-Founder Leadership: Represent the technical vision in pre-seed fundraising conversations, investor due diligence, and strategic partnership discussions.

• Hiring Foundation: Define the engineering culture and hiring criteria for the first 2-3 engineers once funding lands.

Your First 90 Days

• Days 1–30: Full codebase audit. Identify technical debt, security gaps, and architectural decisions that need to be locked in. Align with the founder on product roadmap priorities and define the MVP definition.

• Days 31–60: Harden the backend (auth, rate limiting, error handling, test coverage). Stand up CI/CD. Begin UAE infrastructure assessment and begin first agentic AI feature in production.

• Days 61–90: MVP feature-complete and staged for pilot clients. Technical narrative ready for pre-seed investor deck. First engineering hire spec written.

What We Are Looking For

You operate in the AI-supercharged paradigm — not just using AI tools, but building systems where AI is a first-class architectural component:

•     5+ years engineering experience with strong Python backend and cloud infrastructure depth

•     Demonstrable experience building with LLMs in production — prompt engineering, RAG, tool use, or agentic architectures (Anthropic, OpenAI, or equivalent)

•     Experience with MCP (Model Context Protocol) or willingness to become the go-to expert on it

•     PostgreSQL and Supabase (or equivalent managed Postgres) at production scale

•     Security-minded: understands OWASP, JWT/session hygiene, RLS, and compliance-sensitive data handling

•     RegTech, FinTech, or LegalTech domain exposure is a strong plus — you do not need to be a lawyer but must be willing to become fluent in regulatory concepts

•     UAE timezone alignment (you do not need to be UAE-based at day one, but physical presence will be required within 6 months)

•     Startup disposition: you solve first, escalate second, and are comfortable owning decisions without a committee