Chief Information Security Officer, Byteplus - Riyadh

Riyadh·Security·engineering
Apply on ByteDance (TikTok) →

About the team: The Cybersecurity team owns security for all services offered by Volcano Engine & BytePlus which is a cloud service provider owned by ByteDance, including IaaS, PaaS and SaaS. Join our forward-thinking security team dedicated to securing our cloud infrastructure with cutting-edge technologies and best practices. You will have the opportunity to design and implement robust security solutions for our cloud environments, ensuring the protection of sensitive data and the resilience of our systems. The Chief Information Security Officer (CISO) is responsible for the overall cybersecurity posture of the organization and for ensuring compliance with applicable cybersecurity laws, regulations, and regulatory frameworks, including the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC) within the Kingdom of Saudi Arabia (KSA). The CISO will provide independent executive leadership and oversight across cybersecurity governance, risk management, and security operations. The role requires a pragmatic, business-oriented leader with strong expertise in cybersecurity, cloud security, and modern technology environments, capable of ensuring that cybersecurity risks are identified, managed, and reported in alignment with the organization's risk appetite and regulatory expectations. You’ll collaborate closely with senior executives. This role offers the opportunity to shape strategic outcomes, reduce risk exposure, and drive secure innovation across complex, interconnected ecosystems. Responsibilities: Cybersecurity Governance & Leadership: - Establish and maintain enterprise-wide cybersecurity governance in line with SAMA CSF and NCA ECC requirements. - Ensure clear ownership, accountability, and segregation of duties across cybersecurity functions. - Advise executive management on cybersecurity risks, threats, and control effectiveness. - Ensure cybersecurity considerations are embedded into corporate governance and enterprise risk management. Cybersecurity Risk Management & Compliance: - Own and oversee the cybersecurity risk management framework. - Ensure continuous compliance with applicable regulations and industry good practices. - Ensure timely remediation of audit findings and regulatory observations. - Act as the primary point of accountability for cybersecurity matters with regulators. Security Operations & Technology Oversight: - Oversee cybersecurity operations including monitoring, detection, vulnerability management, IAM, and incident response. - Ensure effective prevention, detection, response, and recovery capabilities. - Govern the selection and operation of cybersecurity technologies. - Ensure security by design across infrastructure, applications, cloud, and data platforms. Incident Management & Cyber Resilience: - Ensure effective incident response and cyber crisis management. - Lead executive coordination during material cybersecurity incidents. - Ensure alignment with business continuity and disaster recovery. - Oversee post-incident reviews. Third-Party & Outsourcing Cybersecurity: - Ensure third-party cybersecurity risks are identified and managed. - Ensure compliance of vendors with regulatory and contractual obligations. - Oversee outsourced and managed security services. People, Culture & Capability: - Establish and maintain a compliant cybersecurity operating model. - Develop national cybersecurity talent in alignment with Saudization. - Promote cybersecurity awareness and culture. - Ensure adequate resourcing and training. Authority & Decision Rights: - Define cybersecurity policies and standards. - Escalate risks and incidents to executive management. - Approve or reject cybersecurity risk acceptances.

More open roles at ByteDance (TikTok)