Part-time Chief Information Security Officer

About TiDB, powered by PingCAP

Join us as we scale our business by building on our tremendous success around the world. The massive database market is going to double over the next few years and TiDB is a global player positioned as a major disruptor with TiDB Database and Database as a Service offering. TiDB is an open-source, cloud-native, distributed SQL database for elastic scale and real-time analytics. Large and high-growth organizations in markets as varied as financial services, logistics, gaming, e-commerce and software as a service have successfully deployed and expanded their TiDB footprint on mission-critical applications. Our strong open-source community roots (39,500+ stars on GitHub), innovative products and inclusive culture draw passionate and dedicated people to our company. Learn more about TiDB careers and join our team to be at the forefront of innovation and growth.

Role Overview

We are seeking a part-time Chief Information Security Officer (CISO) to lead TiDB's global security strategy. This role will be responsible for defining and executing a comprehensive information security, risk management, and compliance program that protects TiDB's products, infrastructure, customers, and employees. As CISO, you will partner closely with product, sales, legal, and executive leadership to ensure security is embedded into everything we do — from the core of TiDB to our SaaS/cloud offerings and enterprise engagements.

Responsibilities

• Define, implement, and continuously evolve TiDB's global information security strategy and roadmap.
• Drive adoption of best practices in application security, data security, and infrastructure hardening.
• Establish and maintain a comprehensive risk management framework aligned with ISO 27001, SOC 2, GDPR, CCPA, and other relevant standards.
• Work with legal and compliance teams to monitor evolving regulations in key markets.
• Engage directly with enterprise customers to build trust in TiDB's security practices.
• Effectively represent the company through thought leadership, including written contributions and participation in public speaking engagements.

Qualifications

• Proven experience leading security at a global SaaS, cloud infrastructure, or database company.
• Deep understanding of distributed systems, cloud-native architectures, and DevSecOps practices.
• Strong knowledge of security frameworks and regulations (ISO 27001, SOC 2, NIST, GDPR, etc.).
• Demonstrated ability to lead incident response and crisis management.
• Excellent communication and executive presence; comfortable engaging with boards, regulators, and enterprise customers.
• Fluent public speaker or participates actively in a public facing security community.

Salary and Benefits

The annual anticipated base salary range for U.S. candidates for this role is USD $100,000 to $140,000K. Four zones are applied with different levels of the pay range. More details of the Geo Differential Pay Policy will be discussed during the HR conversation. The actual individual base pay will depend on various factors such as the complexity and responsibility of the role, work locations, job levels, and relevant experience and skills. This role is also eligible to participate in TiDB's Bonus and Equity Plan, as well as our Sales Compensation Plan if it is a sales role. In order to comply with local legislation and provide greater transparency to candidates, we share base salary ranges on all US job postings regardless of desired hiring location. Please note that actual salaries may vary and fall outside of this range depending on factors such as a candidate's qualifications, geographic location, skills, experience, and competencies. Other benefits include health insurance, flexible vacation time, paid holidays, and parental leave. Salaries for candidates outside the U.S. will vary based on local compensation structures.

Equal Opportunity Employer Statement

We encourage people from underrepresented groups to apply. Come advance with us! In keeping with our values, no employee or applicant will face discrimination/harassment based on: race, color, ancestry, national origin, religion, age, gender, marital domestic partner status, sexual orientation, gender identity, disability status, or veteran status. TiDB also strives to prevent other, subtler forms of inappropriate behavior (e.g., stereotyping) from ever gaining a foothold in our organization. Whether blatant or hidden, barriers to success have no place at TiDB.

Key skills/competency

• Chief Information Security Officer
• Information Security Strategy
• Risk Management
• Compliance Programs
• Cloud Security
• DevSecOps
• SaaS Security
• Incident Response
• Data Security
• Network Security