img
نوع العقددوام كامل
طبيعة الوظيفةبالموقع
الموقعمكة المكرمة

وصف الوظيفة

About the Role

Acuative Middle East is seeking a Risk & Governance Analyst to join their team in Makkah, specifically supporting operations in Jeddah and Makkah. This full-time position requires 2-5 years of experience in cybersecurity governance, risk, and compliance.

Role Overview

The Risk & Governance Analyst will play a key role in supporting the organization's cybersecurity governance, risk, and compliance (GRC) program. The primary focus will be on managing the cybersecurity risk register, conducting control assessments, collecting evidence, overseeing governance activities, and generating security performance reports. This role involves close collaboration with business units, IT, internal audit, security operations, and compliance teams to ensure cybersecurity risks are identified, assessed, tracked, and reported, while maintaining adherence to organizational policies, industry standards, and regulatory requirements.

Key Responsibilities

  • Administer and maintain the enterprise cybersecurity risk register.
  • Identify, assess, and document cybersecurity risks in conjunction with business and technical stakeholders.
  • Perform qualitative and quantitative risk assessments.
  • Track risk treatment plans and monitor remediation progress.
  • Facilitate periodic risk reviews and updates, escalating high-risk findings or overdue items.
  • Support risk acceptance and exception management processes.
  • Prepare risk summaries and dashboards for leadership.
  • Coordinate security control assessments across technology and business environments, evaluating their design and effectiveness.
  • Perform gap assessments against internal policies and industry frameworks, tracking control deficiencies and remediation.
  • Support governance reviews and compliance meetings, and maintain governance documentation.
  • Assist in developing and updating cybersecurity policies and standards.
  • Coordinate the collection of evidence for internal and external audits, maintaining a repository of governance and compliance evidence.
  • Validate evidence completeness and accuracy, supporting audit readiness activities.
  • Prepare cybersecurity governance reports and executive dashboards, developing and maintaining Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs).
  • Produce regular reports on risk register status, control assessment results, audit findings, compliance status, and remediation progress.
  • Present governance metrics to security leadership and management.
  • Support compliance initiatives aligned with standards such as ISO/IEC 27001, NIST Cybersecurity Framework, NIST SP 800-53, CIS Controls, PCI DSS, GDPR, and local regulatory requirements.
  • Assist in preparing for certification and regulatory audits, monitoring compliance obligations, and tracking corrective actions.
  • Identify opportunities for improving governance processes and reporting, recommending enhancements to risk management methodologies.
  • Promote awareness of governance, risk, and compliance processes across the organization.

Qualifications and Requirements

  • Bachelor's degree in Cybersecurity, Information Security, Information Technology, Business Administration, Risk Management, or a related field.
  • 3–5 years of experience in cybersecurity governance, risk management, compliance, audit, or information security.
  • Proven experience maintaining cybersecurity risk registers and performing risk assessments.
  • Familiarity with security control frameworks and governance processes.
  • Experience supporting audits and evidence collection.
  • Proficiency in Microsoft Excel (advanced).
  • Experience with GRC Platforms (*, ServiceNow GRC, RSA Archer, OneTrust, MetricStream, AuditBoard) is preferred.
  • Knowledge of ISO/IEC 27001, NIST Cybersecurity Framework, NIST SP 800-53, and CIS Critical Security Controls.
  • Strong analytical and critical thinking skills.
  • Excellent organizational and documentation abilities with high attention to detail.
  • Strong written and verbal communication skills.
  • Ability to coordinate with multiple stakeholders and manage multiple priorities.

Preferred Skills and Certifications

  • Experience with Microsoft Power BI.
  • Familiarity with risk management methodologies, internal controls, and governance best practices.
  • Knowledge of third-party risk management and a basic understanding of business continuity and disaster recovery.
  • Preferred certifications include ISO/IEC 27001 Lead Implementer or Lead Auditor, CRISC, CISA, CGRC, CISSP, CompTIA Security+, or COBIT Foundation.

متطلبات الوظيفة

  • تتطلب ٢-٥ سنوات خبرة

وظائف مشابهة