Chief Information Security Officer (CISO) – Saudi Arabia/Middle-East
Job location:Riyadh, Saudi Arabia
Ant International powers the future of global commerce with digital innovation for everyone and every business to thrive. In close collaboration with partners, we support merchants of all sizes worldwide to realize their growth aspirations through a comprehensive range of tech-driven digital payment and financial services solutions.
Ant International strives to become the most trusted digital services connector to achieve sustainable growth of global commerce.
With a focus on Travel, Trade, Technology, and Talent, Ant International is committed to enhancing the digital mindset and capacities of businesses worldwide. Through fostering collaborative efforts with partners, we are driving responsible innovation and increase market accessibility for global SMEs.
We do so across our 4 key businesses: Alipay+, Antom, WorldFirst and ANEXT Bank.
Job description:
We are seeking a Chief Information Security Officer (CISO) to lead and oversee our cyber and information security programs in Saudi Arabia.
- Develop and maintain cyber security strategy, security policy, security architecture, and security risk management process.
- Ensure detailed cyber security standards and procedures are established and implemented.
- Monitor compliance with cyber security regulations, policies, standards and procedures.
- Work with Legal, Compliance, Audit, Privacy and IT Technology functions in audit and inspection projects to assure compliance with SAMA regulations and industry security certification programs.
- Lead to deliver risk-based security solutions in a business context. Review and ensure security requirements of all Data, Applications (SDL), Cloud and Infrastructure (network, system, database) are compliant with cyber security and compliance standards.
- Proactively support other functions on cyber security, including security requirements for important projects, security review and third-party risk management.
- Measure and report KRIs on security compliance, security awareness program and key security improvements.
- As member of cyber security committee to present, advise security risk postures and recommendations.
- Be a focal point for business/product/technology to understand challenges and security impacts, and help stakeholders make well-informed decisions.
Requirements:
- Position holder must be Saudi national.
- Experience in a similar Director of Information Security or CISO position, preferably in the Financial Services sector.
- Demonstrable experience running security compliance programmes.
- Experience maintaining compliance with information security standards and regulations such as PCI DSS, ISO27001, GDPR and SAMA Cyber Security Framework.
- Good security foundation knowledge and practices in identity and access management, authentication, authorization, crypto, protocol security, perimeter security, OS hardening, threat intelligence, vulnerability assessment and penetration testing.
- Strong stakeholder management skills, working across the regional and global team to leverage knowledge and resources from this network to get things done.
- Excellent relationship building and communication skills with the ability to engage people from diverse cultures and different levels.
- Preferably with either CISSP, CISA, CRISC certification.
- Must be fluent in the English language both written and verbal. Other locally used languages would be advantageous.