Search by job, company or skills

LINK Datacenter

Senior GRC Analyst

Save
  • Posted a day ago
  • Be among the first 10 applicants
Early Applicant

Job Description

Key Responsibilities

  • Design, implement, and continuously improve GRC frameworks, processes, and tools to support enterprise-wide risk and compliance objectives.
  • Lead the development, review, and enforcement of information security policies, standards, and procedures, ensuring alignment with business goals and regulatory requirements.
  • Own and execute the end-to-end risk assessment process, including third-party risk, operational risk, and technology risk, while recommending and tracking remediation plans.
  • Partner with cross-functional teams (IT, Legal, Internal Audit, Business Units) to ensure compliance with ISO 27001, NIST CSF, SAMA, NCA, and other relevant standards.
  • Manage the documentation lifecycle of controls, risks, and compliance evidence, ensuring audit readiness at all times.
  • Lead or co-lead internal and external audits, including scoping, evidence collection, stakeholder coordination, and driving findings to closure with corrective action plans.
  • Define and monitor key risk and performance indicators (KRIs/KPIs) for security controls, producing executive-level dashboards and risk reports.
  • Proactively track regulatory and industry changes (local and international), assess their impact, and drive necessary policy or control updates.
  • Lead or significantly contribute to security awareness and training initiatives, mentoring junior team members and fostering a risk-aware culture.
  • Serve as a subject matter expert (SME) on GRC matters, advising management and project teams on risk-based decision making.

Requirements

  • Bachelor's degree in Information Security, Computer Science, Risk Management, or a related field. A Master's degree is a plus.
  • 3–6 years of progressive experience in GRC, Information Security, or IT Risk Management, with at least 1–2 years operating at a mid-to-senior level.
  • Deep, hands-on expertise in ISO 27001, NIST (preferably NIST CSF or 800-53), and common risk assessment methodologies (e.g., FAIR, OCTAVE, or qualitative/quantitative methods).
  • Proven experience leading audit engagements (internal or external) and managing remediation lifecycles independently.
  • Strong ability to translate complex regulatory and security requirements into practical, business-friendly controls and processes.
  • Exceptional written and verbal communication skills, including the ability to present risk findings to senior leadership and non-technical stakeholders.
  • Advanced analytical and problem-solving skills, with high attention to detail and a proactive, ownership mindset.
  • Experience working in Saudi Arabia or the broader Middle East region, with familiarity of local regulations (e.g., NCA, SAMA, CST, PDPL) strongly preferred.
  • Relevant certifications are highly preferred, such as:
  • ISO 27001 Lead Implementer or Lead Auditor
  • CISM, CRISC, CISA, or CISSP
  • GRC-specific certifications (e.g., GRCP, GRCA) are a plus.

Preferred Attributes (Nice to Have)

  • Experience with GRC platforms (e.g., ServiceNow GRC, Archer, MetricStream, or similar).
  • Prior experience mentoring or guiding junior analysts or interns.
  • Ability to write and test business continuity, disaster recovery, or incident response plans from a compliance perspective.

More Info

Job Type:
Industry:
Employment Type:

About Company

Job ID: 151309125