Senior GRC Analyst

Key Responsibilities

• Implement and maintain Governance, Risk, and Compliance (GRC) processes and tools.
• Support the development, implementation, and monitoring of information security policies and procedures.
• Conduct risk assessments to identify, evaluate, and mitigate potential risks across systems and processes.
• Work with different teams to ensure compliance with ISO 27001, NIST, and other relevant standards.
• Prepare and maintain documentation, reports, and audit evidence for internal and external reviews.
• Assist in internal and external audits, ensuring timely closure of findings.
• Monitor and report on security controls and risk mitigation measures.
• Stay up to date with regulatory and compliance requirements, industry best practices, and security trends.
• Support security awareness initiatives and contribute to improving organizational security culture.

Requirements

• Bachelor's degree in Information Security, Computer Science, or a related field.
• 13 years of experience in GRC, Information Security, or IT Risk Management.
• Solid understanding of ISO 27001, NIST, and risk management frameworks.
• Strong knowledge of information security controls, audit processes, and compliance standards.
• Excellent communication and documentation skills.
• Analytical mindset with strong attention to detail.
• Experience in Saudi Arabia or regional knowledge is a plus.
• Relevant certifications such as ISO 27001 Lead Implementer/Auditor, CISM, or CRISC are an advantage.