Risk & Governance Analyst📣 إعلان
| نوع العقد | دوام كامل | |
| طبيعة الوظيفة | بالموقع | |
| الموقع | مكة المكرمة |
وصف الوظيفة
About the Role
Acuative Middle East is seeking a Risk & Governance Analyst to join their team in Makkah, specifically supporting operations in Jeddah and Makkah. This full-time position requires 2-5 years of experience in cybersecurity governance, risk, and compliance.
Role Overview
The Risk & Governance Analyst will play a key role in supporting the organization's cybersecurity governance, risk, and compliance (GRC) program. The primary focus will be on managing the cybersecurity risk register, conducting control assessments, collecting evidence, overseeing governance activities, and generating security performance reports. This role involves close collaboration with business units, IT, internal audit, security operations, and compliance teams to ensure cybersecurity risks are identified, assessed, tracked, and reported, while maintaining adherence to organizational policies, industry standards, and regulatory requirements.
Key Responsibilities
- Administer and maintain the enterprise cybersecurity risk register.
- Identify, assess, and document cybersecurity risks in conjunction with business and technical stakeholders.
- Perform qualitative and quantitative risk assessments.
- Track risk treatment plans and monitor remediation progress.
- Facilitate periodic risk reviews and updates, escalating high-risk findings or overdue items.
- Support risk acceptance and exception management processes.
- Prepare risk summaries and dashboards for leadership.
- Coordinate security control assessments across technology and business environments, evaluating their design and effectiveness.
- Perform gap assessments against internal policies and industry frameworks, tracking control deficiencies and remediation.
- Support governance reviews and compliance meetings, and maintain governance documentation.
- Assist in developing and updating cybersecurity policies and standards.
- Coordinate the collection of evidence for internal and external audits, maintaining a repository of governance and compliance evidence.
- Validate evidence completeness and accuracy, supporting audit readiness activities.
- Prepare cybersecurity governance reports and executive dashboards, developing and maintaining Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs).
- Produce regular reports on risk register status, control assessment results, audit findings, compliance status, and remediation progress.
- Present governance metrics to security leadership and management.
- Support compliance initiatives aligned with standards such as ISO/IEC 27001, NIST Cybersecurity Framework, NIST SP 800-53, CIS Controls, PCI DSS, GDPR, and local regulatory requirements.
- Assist in preparing for certification and regulatory audits, monitoring compliance obligations, and tracking corrective actions.
- Identify opportunities for improving governance processes and reporting, recommending enhancements to risk management methodologies.
- Promote awareness of governance, risk, and compliance processes across the organization.
Qualifications and Requirements
- Bachelor's degree in Cybersecurity, Information Security, Information Technology, Business Administration, Risk Management, or a related field.
- 3–5 years of experience in cybersecurity governance, risk management, compliance, audit, or information security.
- Proven experience maintaining cybersecurity risk registers and performing risk assessments.
- Familiarity with security control frameworks and governance processes.
- Experience supporting audits and evidence collection.
- Proficiency in Microsoft Excel (advanced).
- Experience with GRC Platforms (*, ServiceNow GRC, RSA Archer, OneTrust, MetricStream, AuditBoard) is preferred.
- Knowledge of ISO/IEC 27001, NIST Cybersecurity Framework, NIST SP 800-53, and CIS Critical Security Controls.
- Strong analytical and critical thinking skills.
- Excellent organizational and documentation abilities with high attention to detail.
- Strong written and verbal communication skills.
- Ability to coordinate with multiple stakeholders and manage multiple priorities.
Preferred Skills and Certifications
- Experience with Microsoft Power BI.
- Familiarity with risk management methodologies, internal controls, and governance best practices.
- Knowledge of third-party risk management and a basic understanding of business continuity and disaster recovery.
- Preferred certifications include ISO/IEC 27001 Lead Implementer or Lead Auditor, CRISC, CISA, CGRC, CISSP, CompTIA Security+, or COBIT Foundation.
متطلبات الوظيفة
- تتطلب ٢-٥ سنوات خبرة
وظائف مشابهة
قد يعجبك أيضاً
- وظائف ذات صلة بـ Risk & Governance Analyst
- وظائف مدير مبيعات في الرياض
- وظائف مندوب توصيل في الرياض
- وظائف موظف استقبال في الرياض
- وظائف أخصائي عمليات موارد بشرية في الرياض
- وظائف أخصائي تسويق في الرياض
- مجالات وظيفية أخرى في مكة المكرمة
- وظائف مدير مبيعات في مكة المكرمة
- وظائف موظف استقبال في مكة المكرمة
- وظائف أخصائي عمليات موارد بشرية في مكة المكرمة
- وظائف أخصائي تسويق في مكة المكرمة
- وظائف مدير تطوير اعمال في مكة المكرمة
- وظائف مدير موارد بشرية في مكة المكرمة
- وظائف بائع في مكة المكرمة
- وظائف مراقب كاميرات أمنية في مكة المكرمة
- وظائف مساعد إداري في مكة المكرمة
- وظائف فني مختبر طبي في مكة المكرمة
- استكشف الوظائف في أنحاء المملكة
- وظائف sales engineer في الدمام
- وظائف اخصائي تربية خاصة في الرياض
- وظائف موظف تذاكر سفر في المدينة المنورة
- وظائف فني مختبر طبي في الرياض
- وظائف محاسب زبائن (كاشير) في المبرز
- وظائف Hotel Manager في مكة المكرمة
- وظائف أخصائي توظيف في الرياض
- وظائف موظف تأجير سيارات في الخبر
- وظائف مدير مشتريات في مكة المكرمة
- وظائف أخصائي خدمة عملاء في الرياض