Risk & Governance Analyst📣 Job Ad
| Contract Type | Full-time | |
| Workplace type | On-site | |
| Location | Makkah |
Job Description
About the Role
Acuative Middle East is seeking a Risk & Governance Analyst to join their team in Makkah, specifically supporting operations in Jeddah and Makkah. This full-time position requires 2-5 years of experience in cybersecurity governance, risk, and compliance.
Role Overview
The Risk & Governance Analyst will play a key role in supporting the organization's cybersecurity governance, risk, and compliance (GRC) program. The primary focus will be on managing the cybersecurity risk register, conducting control assessments, collecting evidence, overseeing governance activities, and generating security performance reports. This role involves close collaboration with business units, IT, internal audit, security operations, and compliance teams to ensure cybersecurity risks are identified, assessed, tracked, and reported, while maintaining adherence to organizational policies, industry standards, and regulatory requirements.
Key Responsibilities
- Administer and maintain the enterprise cybersecurity risk register.
- Identify, assess, and document cybersecurity risks in conjunction with business and technical stakeholders.
- Perform qualitative and quantitative risk assessments.
- Track risk treatment plans and monitor remediation progress.
- Facilitate periodic risk reviews and updates, escalating high-risk findings or overdue items.
- Support risk acceptance and exception management processes.
- Prepare risk summaries and dashboards for leadership.
- Coordinate security control assessments across technology and business environments, evaluating their design and effectiveness.
- Perform gap assessments against internal policies and industry frameworks, tracking control deficiencies and remediation.
- Support governance reviews and compliance meetings, and maintain governance documentation.
- Assist in developing and updating cybersecurity policies and standards.
- Coordinate the collection of evidence for internal and external audits, maintaining a repository of governance and compliance evidence.
- Validate evidence completeness and accuracy, supporting audit readiness activities.
- Prepare cybersecurity governance reports and executive dashboards, developing and maintaining Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs).
- Produce regular reports on risk register status, control assessment results, audit findings, compliance status, and remediation progress.
- Present governance metrics to security leadership and management.
- Support compliance initiatives aligned with standards such as ISO/IEC 27001, NIST Cybersecurity Framework, NIST SP 800-53, CIS Controls, PCI DSS, GDPR, and local regulatory requirements.
- Assist in preparing for certification and regulatory audits, monitoring compliance obligations, and tracking corrective actions.
- Identify opportunities for improving governance processes and reporting, recommending enhancements to risk management methodologies.
- Promote awareness of governance, risk, and compliance processes across the organization.
Qualifications and Requirements
- Bachelor's degree in Cybersecurity, Information Security, Information Technology, Business Administration, Risk Management, or a related field.
- 3–5 years of experience in cybersecurity governance, risk management, compliance, audit, or information security.
- Proven experience maintaining cybersecurity risk registers and performing risk assessments.
- Familiarity with security control frameworks and governance processes.
- Experience supporting audits and evidence collection.
- Proficiency in Microsoft Excel (advanced).
- Experience with GRC Platforms (*, ServiceNow GRC, RSA Archer, OneTrust, MetricStream, AuditBoard) is preferred.
- Knowledge of ISO/IEC 27001, NIST Cybersecurity Framework, NIST SP 800-53, and CIS Critical Security Controls.
- Strong analytical and critical thinking skills.
- Excellent organizational and documentation abilities with high attention to detail.
- Strong written and verbal communication skills.
- Ability to coordinate with multiple stakeholders and manage multiple priorities.
Preferred Skills and Certifications
- Experience with Microsoft Power BI.
- Familiarity with risk management methodologies, internal controls, and governance best practices.
- Knowledge of third-party risk management and a basic understanding of business continuity and disaster recovery.
- Preferred certifications include ISO/IEC 27001 Lead Implementer or Lead Auditor, CRISC, CISA, CGRC, CISSP, CompTIA Security+, or COBIT Foundation.
Requirements
- Requires 2-5 Years experience
Similar Jobs
You may also like
- Related Risk & Governance Analyst Opportunities
- Sales Manager Jobs in Riyadh
- Courier Jobs in Riyadh
- Receptionist Jobs in Riyadh
- Human Resources Specialist Jobs in Riyadh
- Marketing Specialist Jobs in Riyadh
- Other Job Fields in Makkah
- Sales Manager Jobs in Makkah
- Receptionist Jobs in Makkah
- Human Resources Specialist Jobs in Makkah
- Marketing Specialist Jobs in Makkah
- Sales Representative Jobs in Makkah
- Business Development Manager Jobs in Makkah
- Human Resources Manager Jobs in Makkah
- Seller Jobs in Makkah
- Security Cameras’ Observer Jobs in Makkah
- Administrative Assistant Jobs in Makkah
- Explore Jobs Across Saudi Arabia
- Sales Specialist Jobs in Tabuk
- Quality Controller Jobs in Al-Ahsa
- Receptionist Jobs in Buraydah
- Warehouse Technician Jobs in Makkah
- Marketing Specialist Jobs in Dammam
- Legal Researcher Jobs in Riyadh
- Cost Engineer Jobs in Riyadh
- Technical Support Specialist Jobs in Jeddah
- Medical Optics Technician Jobs in Jeddah
- Juice & Beverage Preparer Jobs in Dammam