Risk & Governance Analyst📣 Job Ad
| Contract Type | Full-time | |
| Workplace type | On-site | |
| Location | Jeddah |
Job Description
About the Role
Acuative Middle East is seeking a Risk & Governance Analyst to join their team in Makkah, specifically supporting operations in Jeddah and Makkah. This full-time position requires 2-5 years of experience in cybersecurity governance, risk, and compliance.
Role Overview
The Risk & Governance Analyst will play a key role in supporting the organization's cybersecurity governance, risk, and compliance (GRC) program. The primary focus will be on managing the cybersecurity risk register, conducting control assessments, collecting evidence, overseeing governance activities, and generating security performance reports. This role involves close collaboration with business units, IT, internal audit, security operations, and compliance teams to ensure cybersecurity risks are identified, assessed, tracked, and reported, while maintaining adherence to organizational policies, industry standards, and regulatory requirements.
Key Responsibilities
- Administer and maintain the enterprise cybersecurity risk register.
- Identify, assess, and document cybersecurity risks in conjunction with business and technical stakeholders.
- Perform qualitative and quantitative risk assessments.
- Track risk treatment plans and monitor remediation progress.
- Facilitate periodic risk reviews and updates, escalating high-risk findings or overdue items.
- Support risk acceptance and exception management processes.
- Prepare risk summaries and dashboards for leadership.
- Coordinate security control assessments across technology and business environments, evaluating their design and effectiveness.
- Perform gap assessments against internal policies and industry frameworks, tracking control deficiencies and remediation.
- Support governance reviews and compliance meetings, and maintain governance documentation.
- Assist in developing and updating cybersecurity policies and standards.
- Coordinate the collection of evidence for internal and external audits, maintaining a repository of governance and compliance evidence.
- Validate evidence completeness and accuracy, supporting audit readiness activities.
- Prepare cybersecurity governance reports and executive dashboards, developing and maintaining Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs).
- Produce regular reports on risk register status, control assessment results, audit findings, compliance status, and remediation progress.
- Present governance metrics to security leadership and management.
- Support compliance initiatives aligned with standards such as ISO/IEC 27001, NIST Cybersecurity Framework, NIST SP 800-53, CIS Controls, PCI DSS, GDPR, and local regulatory requirements.
- Assist in preparing for certification and regulatory audits, monitoring compliance obligations, and tracking corrective actions.
- Identify opportunities for improving governance processes and reporting, recommending enhancements to risk management methodologies.
- Promote awareness of governance, risk, and compliance processes across the organization.
Qualifications and Requirements
- Bachelor's degree in Cybersecurity, Information Security, Information Technology, Business Administration, Risk Management, or a related field.
- 3–5 years of experience in cybersecurity governance, risk management, compliance, audit, or information security.
- Proven experience maintaining cybersecurity risk registers and performing risk assessments.
- Familiarity with security control frameworks and governance processes.
- Experience supporting audits and evidence collection.
- Proficiency in Microsoft Excel (advanced).
- Experience with GRC Platforms (*, ServiceNow GRC, RSA Archer, OneTrust, MetricStream, AuditBoard) is preferred.
- Knowledge of ISO/IEC 27001, NIST Cybersecurity Framework, NIST SP 800-53, and CIS Critical Security Controls.
- Strong analytical and critical thinking skills.
- Excellent organizational and documentation abilities with high attention to detail.
- Strong written and verbal communication skills.
- Ability to coordinate with multiple stakeholders and manage multiple priorities.
Preferred Skills and Certifications
- Experience with Microsoft Power BI.
- Familiarity with risk management methodologies, internal controls, and governance best practices.
- Knowledge of third-party risk management and a basic understanding of business continuity and disaster recovery.
- Preferred certifications include ISO/IEC 27001 Lead Implementer or Lead Auditor, CRISC, CISA, CGRC, CISSP, CompTIA Security+, or COBIT Foundation.
Requirements
- Requires 2-5 Years experience
Similar Jobs
You may also like
- Related Risk & Governance Analyst Opportunities
- Sales Manager Jobs in Riyadh
- Courier Jobs in Riyadh
- Receptionist Jobs in Riyadh
- Human Resources Specialist Jobs in Riyadh
- Marketing Specialist Jobs in Riyadh
- Other Job Fields in Jeddah
- Sales Manager Jobs in Jeddah
- Courier Jobs in Jeddah
- Receptionist Jobs in Jeddah
- Human Resources Specialist Jobs in Jeddah
- Marketing Specialist Jobs in Jeddah
- Sales Representative Jobs in Jeddah
- Business Development Manager Jobs in Jeddah
- Human Resources Manager Jobs in Jeddah
- Seller Jobs in Jeddah
- Security Cameras’ Observer Jobs in Jeddah
- Explore Jobs Across Saudi Arabia
- Medical Laboratory Scientist Jobs in Dammam
- Cashier Jobs in Khamis Mushayt
- Beauty Salon Manager Jobs in Dammam
- Financial Manager Jobs in Riyadh
- Customer Service Supervisor Jobs in Makkah
- Reservations Agent Jobs in Dhahran
- Cost Engineer Jobs in Dammam
- Real Estate Broker Jobs in Riyadh
- Receptionist Jobs in Rabigh
- Tourism Manager Jobs in Jeddah