Chief Information Security Officer - Cloud Security

About the Job

The Cloud Security team is responsible for the security assurance of the company enterprise businesses and the underlying cloud platform, covering areas such as security architecture, software development lifecycle (SDLC), vulnerability management, security incident response, and security compliance. The team aims to ensure the security and stability of the company cloud platforms while enabling the success of the cloud business.

The Chief Information Security Officer (CISO) is responsible for the overall cybersecurity posture of the organization and for ensuring compliance with applicable cybersecurity laws, regulations, and regulatory frameworks, including the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC) within the Kingdom of Saudi Arabia (KSA). The CISO will provide independent executive leadership and oversight across cybersecurity governance, risk management, and security operations.

The role requires a pragmatic, business-oriented leader with strong expertise in cybersecurity, cloud security, and modern technology environments, capable of ensuring that cybersecurity risks are identified, managed, and reported in alignment with the organization's risk appetite and regulatory expectations. You’ll collaborate closely with senior executives, offering the opportunity to shape strategic outcomes, reduce risk exposure, and drive secure innovation across complex, interconnected ecosystems.

Key Responsibilities Include:

• Cybersecurity Governance & Leadership:

  • Establish and maintain enterprise-wide cybersecurity governance in line with SAMA CSF and NCA ECC requirements.
  • Ensure clear ownership, accountability, and segregation of duties across cybersecurity functions.
  • Advise executive management on cybersecurity risks, threats, and control effectiveness.

• Cybersecurity Risk Management & Compliance:

  • Own and oversee the cybersecurity risk management framework.
  • Ensure continuous compliance with applicable regulations and industry good practices.
  • Act as the primary point of accountability for cybersecurity matters with regulators.

• Security Operations & Technology Oversight:

  • Oversee cybersecurity operations including monitoring, detection, vulnerability management, identity and access management (IAM), and incident response.

• Incident Management & Cyber Resilience:

  • Ensure effective incident response and cyber crisis management.

• Third-Party & Outsourcing Cybersecurity:

  • Manage third-party cybersecurity risks and ensure compliance with regulatory and contractual obligations.

• People, Culture & Capability:

  • Develop national cybersecurity talent in alignment with Saudization and promote cybersecurity awareness.

Qualifications:

• Minimum Qualifications:

  • Education: A bachelor’s degree in computer science, information technology, or a related field.
  • Experience: 5+ years in security strategy, governance, risk management, or related domains.
  • Knowledge of industry standards such as OWASP, ISO 27001, PCI DSS, NIST, and SAMA/NCA frameworks.

• Preferred Qualifications:

  • Proven executive leadership in cybersecurity governance and regulatory compliance.
  • Sound decision-making and crisis leadership during cybersecurity incidents.
  • CISSP, CISM, CCSP, GIAC Certifications are a plus.

Work Conditions

On-site, Full-time

Location

Riyadh, Riyadh, Saudi Arabia

Language Requirements

There are no specific language requirements mentioned for this position.