Cybersecurity Analyst - Governance, Risk and Compliance

at  Lendo

OVERVIEW:

The Cybersecurity Analyst specializing in Governance, Risk, and Compliance (GRC) will focus on operationalizing and enhancing the organization’s mature GRC framework. This role requires a comprehensive understanding of established compliance frameworks, risk management practices, and security governance. The successful candidate will assess ongoing compliance, evaluate risks, and collaborate with cross-functional teams to optimize and maintain effective security policies and procedures.

• Governance Framework Optimization:
• Enhance and refine existing cybersecurity governance frameworks, policies, and procedures to align with best practices.
• Continuous Risk Assessment:
• Conduct ongoing risk assessments to identify, analyze, and prioritize risks to the organization’s information assets, ensuring alignment with business objectives.
• Compliance Verification:
• Monitor and validate compliance with industry regulations and standards (e.g SAMA, NCA) and internal security policies through regular audits and assessments.
• Policy Implementation:
• Collaborate with stakeholders to implement and regularly update security policies and procedures that reflect current regulatory requirements and operational realities.
• Incident Response Readiness:
• Support incident response operations by ensuring that the organization’s policies and procedures are effectively implemented and adhered to during incidents.
• Training and Awareness Programs:
• Develop and conduct advanced training programs to foster a culture of compliance and risk awareness among employees.
• Audit Coordination:
• Facilitate internal and external audits by coordinating documentation, processes, and responses to audit findings.
• Reporting and Metrics Analysis:
• Prepare and present comprehensive reports and metrics related to compliance status, risk assessments, and security incidents for executive review.
• Cross-Functional Engagement:
• Collaborate with IT, legal, and business units to ensure that security governance and compliance requirements are integrated into daily operations.
• Continuous Improvement Initiatives:
• Lead initiatives to evaluate and enhance existing GRC processes, ensuring they remain efficient, effective, and aligned with organizational goals.
• Education:
• Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field.
• Experience:
• Minimum of 3 years of experience in cybersecurity, with a strong focus on governance, risk management, and compliance in a mature environment.
• Knowledge:
• In-depth understanding of GRC frameworks and methodologies (e.g., ISO, SAMA, NCA, CST) standards).
• Familiarity with regulatory requirements related to data protection and cybersecurity.
• Technical Skills:
• Proficiency in risk assessment tools and compliance management software.
• Knowledge of security controls and best practices in a mature GRC setting.
• Certifications:
• Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are preferred.
• Analytical Skills:
• Strong analytical and problem-solving skills to effectively assess risks and compliance issues.
• Communication Skills:
• Excellent verbal and written communication skills for reporting and facilitating training.
• Collaboration:
• Ability to work collaboratively across teams and effectively communicate with both technical and non-technical stakeholders.
• Attention to Detail:
• Strong attention to detail with the capability to manage multiple tasks simultaneously.