ByteDance تعلن عن وظيفة كبير مسؤولي أمن المعلومات - أمن السحابة - السعودية في الرياض
Chief Information Security Officer - Cloud Security - Saudi Arabia
🏢 ByteDance
تفاصيل الوظيفة
تعلن ByteDance (مالكة تطبيقات TikTok وCapCut وغيرها) عن توفر وظيفة كبير مسؤولين أمن المعلومات - أمن السحابة (Chief Information Security Officer - Cloud Security) في الرياض، المملكة العربية السعودية. يتولى الفريق مسؤولية ضمان أمن الأعمال المؤسسية والمنصة السحابية، بما في ذلك هندسة الأمن، دورة حياة تطوير البرمجيات، إدارة الثغرات، الاستجابة للحوادث، والامتثال. يشغل المرشح دوراً قيادياً مستقلاً يشرف على حوكمة الأمن السيبراني، إدارة المخاطر، وعمليات الأمن، مع ضمان الامتثال للوائح الهيئة الوطنية للأمن السيبراني (NCA) وغيرها.
المهام والمسؤوليات
- إنشاء وصيانة حوكمة الأمن السيبراني على مستوى المؤسسة بما يتوافق مع إطار SAMA CSF ومتطلبات NCA ECC.
- ضمان ملكية واضحة، مساءلة، وفصل المهام عبر وظائف الأمن السيبراني.
- تقديم المشورة للإدارة التنفيذية حول مخاطر الأمن السيبراني، التهديدات، وفعالية الضوابط.
- دمج اعتبارات الأمن السيبراني في حوكمة الشركة وإدارة المخاطر المؤسسية.
- امتلاك والإشراف على إطار إدارة مخاطر الأمن السيبراني.
- ضمان الامتثال المستمر للوائح والممارسات الصناعية الجيدة.
- ضمان معالجة ملاحظات التدقيق والملاحظات التنظيمية في الوقت المناسب.
- العمل كنقطة مساءلة رئيسية لمسائل الأمن السيبراني مع الجهات التنظيمية.
- الإشراف على عمليات الأمن السيبراني بما في ذلك المراقبة، الكشف، إدارة الثغرات، إدارة الهوية والوصول، والاستجابة للحوادث.
- ضمان قدرات فعالة للوقاية، الكشف، الاستجابة، والتعافي.
- حوكمة اختيار وتشغيل تقنيات الأمن السيبراني.
- ضمان مراعاة الأمن في التصميم عبر البنية التحتية، التطبيقات، السحابة، ومنصات البيانات.
- ضمان الاستجابة الفعالة للحوادث وإدارة الأزمات السيبرانية.
- قيادة التنسيق التنفيذي أثناء حوادث الأمن السيبراني الجوهرية.
- ضمان التوافق مع استمرارية الأعمال والتعافي من الكوارث.
- الإشراف على مراجعات ما بعد الحوادث.
- تحديد وإدارة مخاطر الأمن السيبراني للجهات الخارجية.
- ضمان امتثال الموردين للالتزامات التنظيمية والتعاقدية.
- الإشراف على خدمات الأمن المُدارة والمُسنَدة للخارج.
- إنشاء وصيانة نموذج تشغيل أمن سيبراني متوافق.
- تطوير المواهب الوطنية في الأمن السيبراني بما يتماشى مع السعودة.
- تعزيز الوعي والثقافة المتعلقة بالأمن السيبراني.
- ضمان الموارد والتدريب المناسبين.
- تحديد سياسات ومعايير الأمن السيبراني.
- رفع المخاطر والحوادث إلى الإدارة التنفيذية.
- الموافقة على قبول مخاطر الأمن السيبراني أو رفضها.
الشروط والمتطلبات
- درجة البكالوريوس في علوم الحاسب، هندسة الحاسب، تقنية المعلومات، أو مجال ذي صلة.
- خبرة لا تقل عن 5 سنوات في مجال استراتيجية الأمن، حوكمة الأمن السيبراني، إدارة المخاطر، أو المجالات ذات الصلة.
- الإلمام بمعايير الصناعة مثل OWASP، SANS CWE Top 25، ISO 27001، PCI DSS، NIST، وأطر SAMA/NCA.
- خبرة مثبتة في القيادة التنفيذية في حوكمة الأمن السيبراني، إدارة المخاطر، والامتثال التنظيمي.
- خبرة قوية في التعامل مع مجالس الإدارة، الجهات التنظيمية، وكبار التنفيذيين في مسائل الأمن السيبراني.
- القدرة على ترجمة مخاطر الأمن السيبراني المعقدة إلى آثار تجارية ومخاطرية واضحة.
- قيادة مثبتة في بناء فرق أمن سيبراني عالية الأداء وتطوير المواهب الوطنية.
المهارات المطلوبة
- اتخاذ القرارات السليمة والقيادة أثناء الأزمات في حوادث الأمن السيبراني الجوهرية.
- تصميم أمني شامل وخارطة طريق استراتيجية لمنتجات وخدمات أمن السحابة.
- شهادات احترافية: CISSP، CISM، CCSP، GIAC.
عرض النص الأصلي للإعلان
Responsibilities
About the team:
The Cloud Security team is responsible for the security assurance of ByteDance enterprise businesses and the underlying cloud platform, covering areas such as security architecture, SDLC, vulnerability management, security incident response, and security compliance. The team aim to ensure the security and stability of the ByteDance cloud platforms while enabling the success of the cloud business.
The Chief Information Security Officer (CISO) is responsible for the overall cybersecurity posture of the organization and for ensuring compliance with applicable cybersecurity laws, regulations, and regulatory frameworks, including the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC) within the Kingdom of Saudi Arabia (KSA).
The CISO will provide independent executive leadership and oversight across cybersecurity governance, risk management, and security operations. The role requires a pragmatic, business-oriented leader with strong expertise in cybersecurity, cloud security, and modern technology environments, capable of ensuring that cybersecurity risks are identified, managed, and reported in alignment with the organization's risk appetite and regulatory expectations.
You’ll collaborate closely with senior executives. This role offers the opportunity to shape strategic outcomes, reduce risk exposure, and drive secure innovation across complex, interconnected ecosystems.
Responsibilities:
Cybersecurity Governance & Leadership:
- Establish and maintain enterprise-wide cybersecurity governance in line with SAMA CSF and NCA ECC requirements.
- Ensure clear ownership, accountability, and segregation of duties across cybersecurity functions.
- Advise executive management on cybersecurity risks, threats, and control effectiveness.
- Ensure cybersecurity considerations are embedded into corporate governance and enterprise risk management.
Cybersecurity Risk Management & Compliance:
- Own and oversee the cybersecurity risk management framework.
- Ensure continuous compliance with applicable regulations and industry good practices.
- Ensure timely remediation of audit findings and regulatory observations.
- Act as the primary point of accountability for cybersecurity matters with regulators.
Security Operations & Technology Oversight:
- Oversee cybersecurity operations including monitoring, detection, vulnerability management, IAM, and incident response.
- Ensure effective prevention, detection, response, and recovery capabilities.
- Govern the selection and operation of cybersecurity technologies.
- Ensure security by design across infrastructure, applications, cloud, and data platforms.
Incident Management & Cyber Resilience:
- Ensure effective incident response and cyber crisis management.
- Lead executive coordination during material cybersecurity incidents.
- Ensure alignment with business continuity and disaster recovery.
- Oversee post-incident reviews.
Third-Party & Outsourcing Cybersecurity:
- Ensure third-party cybersecurity risks are identified and managed.
- Ensure compliance of vendors with regulatory and contractual obligations.
- Oversee outsourced and managed security services.
People, Culture & Capability:
- Establish and maintain a compliant cybersecurity operating model.
- Develop national cybersecurity talent in alignment with Saudization.
- Promote cybersecurity awareness and culture.
- Ensure adequate resourcing and training.
Authority & Decision Rights:
- Define cybersecurity policies and standards.
- Escalate risks and incidents to executive management.
- Approve or reject cybersecurity risk acceptances.
Qualifications
Minimum Qualifications:
- Education: A bachelor’s degree in computer science, computer engineering, information technology, or a related field.
- Experience: 5+ years of relevant experience in security strategy, cybersecurity governance, risk management, or related domains.
- Security Frameworks Knowledge: Familiarity with industry standards such as OWASP, SANS CWE Top 25, ISO 27001, PCI DSS, NIST, and SAMA/NCA frameworks.
- Proven executive leadership in cybersecurity governance, risk management, and regulatory compliance.
- Strong experience engaging with Boards, regulators, and senior executives on cybersecurity matters.
- Ability to translate complex cybersecurity risks into clear business and risk implications
- Demonstrated leadership in building high-performing cybersecurity teams and national talent.
Preferred Qualifications:
- Sound decision-making and crisis leadership during material cybersecurity incidents Proven executive leadership in cybersecurity governance, risk management, and regulatory compliance.
- End-to-end security design and strategic roadmap of cloud security products and services.
- CISSP, CISM, CCSP, GIAC Certifications
About Us
Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Lemon8, CapCut and Pico as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.
Why Join ByteDance
Inspiring creativity is at the core of ByteDance's mission. Our innovative products are built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and enrich life - a mission we work towards every day.
As ByteDancers, we strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our Company, and our users. When we create and grow together, the possibilities are limitless. Join us.
Diversity & Inclusion
ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
About the team:
The Cloud Security team is responsible for the security assurance of ByteDance enterprise businesses and the underlying cloud platform, covering areas such as security architecture, SDLC, vulnerability management, security incident response, and security compliance. The team aim to ensure the security and stability of the ByteDance cloud platforms while enabling the success of the cloud business.
The Chief Information Security Officer (CISO) is responsible for the overall cybersecurity posture of the organization and for ensuring compliance with applicable cybersecurity laws, regulations, and regulatory frameworks, including the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC) within the Kingdom of Saudi Arabia (KSA).
The CISO will provide independent executive leadership and oversight across cybersecurity governance, risk management, and security operations. The role requires a pragmatic, business-oriented leader with strong expertise in cybersecurity, cloud security, and modern technology environments, capable of ensuring that cybersecurity risks are identified, managed, and reported in alignment with the organization's risk appetite and regulatory expectations.
You’ll collaborate closely with senior executives. This role offers the opportunity to shape strategic outcomes, reduce risk exposure, and drive secure innovation across complex, interconnected ecosystems.
Responsibilities:
Cybersecurity Governance & Leadership:
- Establish and maintain enterprise-wide cybersecurity governance in line with SAMA CSF and NCA ECC requirements.
- Ensure clear ownership, accountability, and segregation of duties across cybersecurity functions.
- Advise executive management on cybersecurity risks, threats, and control effectiveness.
- Ensure cybersecurity considerations are embedded into corporate governance and enterprise risk management.
Cybersecurity Risk Management & Compliance:
- Own and oversee the cybersecurity risk management framework.
- Ensure continuous compliance with applicable regulations and industry good practices.
- Ensure timely remediation of audit findings and regulatory observations.
- Act as the primary point of accountability for cybersecurity matters with regulators.
Security Operations & Technology Oversight:
- Oversee cybersecurity operations including monitoring, detection, vulnerability management, IAM, and incident response.
- Ensure effective prevention, detection, response, and recovery capabilities.
- Govern the selection and operation of cybersecurity technologies.
- Ensure security by design across infrastructure, applications, cloud, and data platforms.
Incident Management & Cyber Resilience:
- Ensure effective incident response and cyber crisis management.
- Lead executive coordination during material cybersecurity incidents.
- Ensure alignment with business continuity and disaster recovery.
- Oversee post-incident reviews.
Third-Party & Outsourcing Cybersecurity:
- Ensure third-party cybersecurity risks are identified and managed.
- Ensure compliance of vendors with regulatory and contractual obligations.
- Oversee outsourced and managed security services.
People, Culture & Capability:
- Establish and maintain a compliant cybersecurity operating model.
- Develop national cybersecurity talent in alignment with Saudization.
- Promote cybersecurity awareness and culture.
- Ensure adequate resourcing and training.
Authority & Decision Rights:
- Define cybersecurity policies and standards.
- Escalate risks and incidents to executive management.
- Approve or reject cybersecurity risk acceptances.
Qualifications
Minimum Qualifications:
- Education: A bachelor’s degree in computer science, computer engineering, information technology, or a related field.
- Experience: 5+ years of relevant experience in security strategy, cybersecurity governance, risk management, or related domains.
- Security Frameworks Knowledge: Familiarity with industry standards such as OWASP, SANS CWE Top 25, ISO 27001, PCI DSS, NIST, and SAMA/NCA frameworks.
- Proven executive leadership in cybersecurity governance, risk management, and regulatory compliance.
- Strong experience engaging with Boards, regulators, and senior executives on cybersecurity matters.
- Ability to translate complex cybersecurity risks into clear business and risk implications
- Demonstrated leadership in building high-performing cybersecurity teams and national talent.
Preferred Qualifications:
- Sound decision-making and crisis leadership during material cybersecurity incidents Proven executive leadership in cybersecurity governance, risk management, and regulatory compliance.
- End-to-end security design and strategic roadmap of cloud security products and services.
- CISSP, CISM, CCSP, GIAC Certifications
About Us
Founded in 2012, ByteDance's mission is to inspire creativity and enrich life. With a suite of more than a dozen products, including TikTok, Lemon8, CapCut and Pico as well as platforms specific to the China market, including Toutiao, Douyin, and Xigua, ByteDance has made it easier and more fun for people to connect with, consume, and create content.
Why Join ByteDance
Inspiring creativity is at the core of ByteDance's mission. Our innovative products are built to help people authentically express themselves, discover and connect – and our global, diverse teams make that possible. Together, we create value for our communities, inspire creativity and enrich life - a mission we work towards every day.
As ByteDancers, we strive to do great things with great people. We lead with curiosity, humility, and a desire to make impact in a rapidly growing tech company. By constantly iterating and fostering an "Always Day 1" mindset, we achieve meaningful breakthroughs for ourselves, our Company, and our users. When we create and grow together, the possibilities are limitless. Join us.
Diversity & Inclusion
ByteDance is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. At ByteDance, our mission is to inspire creativity and enrich life. To achieve that goal, we are committed to celebrating our diverse voices and to creating an environment that reflects the many communities we reach. We are passionate about this and hope you are too.
المصدر: LinkedIn — أُضيفت للموقع في 11 يونيو 2026