Chief Information Security Officer - Cloud Security - Saudi Arabia
Riyadh, Riyadh Province, Saudi Arabia · Full Time
Be the first to apply
- Experience
- 5+ yrs
- Salary
- —
- Openings
- 1
- Posted
- 3 weeks ago
- Work mode
- In office
- Education
- Bachelor’s degree in computer science, computer engineering, information technology, or a related field
- Eligibility
- Senior cybersecurity professionals with executive governance, risk, compliance, and cloud security experience, ideally with exposure to Saudi regulatory frameworks and the ability to work with boards and regulators.
- Resume
- Required to apply
Where you'll work
Job description
Role overview
The Cloud Security function supports the security assurance of ByteDance’s enterprise operations and the cloud platforms that underpin them. It covers key areas such as security architecture, secure SDLC, vulnerability management, incident handling, and security compliance. The broader goal is to keep ByteDance’s cloud environment secure and stable while supporting business growth.
The Chief Information Security Officer (CISO) will own the organization’s cybersecurity stance and ensure compliance with relevant cybersecurity laws, regulations, and frameworks, including the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC) in the Kingdom of Saudi Arabia (KSA).
This senior leader will provide independent oversight across governance, risk, and security operations. The ideal candidate is a practical, business-minded security executive with deep experience in cybersecurity, cloud security, and modern technology environments, and with the ability to manage and report risk in line with the company’s appetite and regulatory obligations.
The role works closely with senior leadership and offers the chance to influence strategic decisions, lower exposure to cyber risk, and support secure innovation across interconnected systems.
Cybersecurity governance and leadership
- Build and sustain an enterprise cybersecurity governance model aligned with SAMA CSF and NCA ECC expectations.
- Make sure cybersecurity functions have clear ownership, accountability, and separation of duties.
- Provide executive leadership with advice on threats, risk exposure, and how well controls are working.
- Ensure cyber risk is embedded into corporate governance and enterprise risk management.
Risk management and compliance
- Own the cybersecurity risk management framework end to end.
- Maintain ongoing compliance with applicable laws, regulations, and recognized industry practices.
- Track and close audit issues and regulatory observations in a timely manner.
- Serve as the main accountability point for cybersecurity matters with regulators.
Security operations and technology oversight
- Oversee monitoring, threat detection, vulnerability management, identity and access management, and incident response.
- Ensure the organization can prevent, detect, respond to, and recover from security events effectively.
- Guide the evaluation, adoption, and operation of cybersecurity tools and platforms.
- Promote security-by-design across infrastructure, applications, cloud systems, and data platforms.
Incident management and cyber resilience
- Ensure incident response and cyber crisis handling are effective and well-coordinated.
- Lead executive coordination during significant cybersecurity incidents.
- Align cyber response planning with business continuity and disaster recovery.
- Oversee reviews after incidents to capture lessons learned and corrective actions.
Third-party and outsourcing security
- Identify, assess, and manage cybersecurity risks associated with third parties.
- Ensure vendors meet regulatory and contractual security obligations.
- Oversee outsourced and managed security services.
People, culture, and capability
- Set up and maintain a cybersecurity operating model that remains compliant.
- Develop Saudi national cybersecurity talent in line with Saudization goals.
- Promote security awareness and a strong cyber culture across the business.
- Ensure teams have adequate staffing, capability, and training.
Authority and decision rights
- Define cybersecurity policies and standards.
- Escalate material risks and incidents to executive management.
- Approve or decline cybersecurity risk acceptances.
Qualifications
Applicants should hold a bachelor’s degree in computer science, computer engineering, information technology, or a closely related discipline. The role calls for at least 5 years of relevant experience in security strategy, cybersecurity governance, risk management, or a similar area.
Strong familiarity with widely used security frameworks and standards is required, including OWASP, SANS CWE Top 25, ISO 27001, PCI DSS, NIST, and SAMA/NCA frameworks. Candidates should also bring proven executive leadership experience in cybersecurity governance, risk management, and regulatory compliance.
Experience working with boards, regulators, and senior executives is essential, along with the ability to explain complex cybersecurity risks in clear business terms. The role also requires demonstrated success in building high-performing cybersecurity teams and developing national talent.
Preferred background
Additional strengths include confident decision-making and crisis leadership during major cybersecurity incidents, end-to-end security design experience, and ownership of cloud security product and service roadmaps. Professional certifications such as CISSP, CISM, CCSP, and GIAC are preferred.
About ByteDance
Founded in 2012, ByteDance’s mission is to inspire creativity and enrich life. Its portfolio includes products such as TikTok, Lemon8, CapCut, and Pico, along with China-specific platforms including Toutiao, Douyin, and Xigua.
Why ByteDance
ByteDance places creativity at the center of its mission and builds products that help people express themselves, discover new content, and connect with others. The company values curiosity, humility, and a strong drive to make an impact in a fast-growing technology environment. It follows an “Always Day 1” mindset and encourages continuous iteration and meaningful progress.
Diversity and inclusion
ByteDance is committed to building an inclusive workplace where people are respected for their skills, experience, and perspectives. The company aims to reflect the diversity of the communities it serves and values an environment where many voices are represented.