Cybersecurity Analyst

**Overview**:
**Responsibilities**:

- Governance Framework Optimization:

- Enhance and refine existing cybersecurity governance frameworks, policies, and procedures to align with best practices.
- Continuous Risk Assessment:

- Conduct ongoing risk assessments to identify, analyze, and prioritize risks to the organization’s information assets, ensuring alignment with business objectives.
- Compliance Verification:

- Monitor and validate compliance with industry regulations and standards (e.g SAMA, NCA) and internal security policies through regular audits and assessments.
- Policy Implementation:

- Collaborate with stakeholders to implement and regularly update security policies and procedures that reflect current regulatory requirements and operational realities.
- Incident Response Readiness:

- Support incident response operations by ensuring that the organization’s policies and procedures are effectively implemented and adhered to during incidents.
- Training and Awareness Programs:

- Develop and conduct advanced training programs to foster a culture of compliance and risk awareness among employees.
- Audit Coordination:

- Facilitate internal and external audits by coordinating documentation, processes, and responses to audit findings.
- Reporting and Metrics Analysis:

- Prepare and present comprehensive reports and metrics related to compliance status, risk assessments, and security incidents for executive review.
- Cross-Functional Engagement:

- Collaborate with IT, legal, and business units to ensure that security governance and compliance requirements are integrated into daily operations.
- Continuous Improvement Initiatives:

- Lead initiatives to evaluate and enhance existing GRC processes, ensuring they remain efficient, effective, and aligned with organizational goals.
- Education:

- Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field.
- Experience:

- Minimum of 3 years of experience in cybersecurity, with a strong focus on governance, risk management, and compliance in a mature environment.
- Knowledge:

- In-depth understanding of GRC frameworks and methodologies (e.g., ISO, SAMA, NCA, CST) standards).
- Familiarity with regulatory requirements related to data protection and cybersecurity.
- Technical Skills:

- Proficiency in risk assessment tools and compliance management software.
- Knowledge of security controls and best practices in a mature GRC setting.
- Certifications:

- Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are preferred.
- Analytical Skills:

- Strong analytical and problem-solving skills to effectively assess risks and compliance issues.
- Communication Skills:

- Excellent verbal and written communication skills for reporting and facilitating training.
- Collaboration:

- Ability to work collaboratively across teams and effectively communicate with both technical and non-technical stakeholders.
- Attention to Detail:

- Strong attention to detail with the capability to manage multiple tasks simultaneously.