CS Governance and Compliance Principal Analyst

Overview:

The CS Governance and Compliance Principal Analyst is responsible for building, implementing, and continuously improving cybersecurity governance frameworks developing, maintaining, and enforcing cybersecurity policies and standards, ensuring compliance with national and international regulatory frameworks. The role requires a deep understanding of risk-based cybersecurity governance, Saudi-specific compliance frameworks, and global standards such as ISO 27001 and NIST CSF. This position also acts as a GRC advisor to management on governance and compliance matters, driving a culture of cybersecurity and compliance across the organization.

Key Responsibilities:

• Develop, review, and maintain comprehensive cybersecurity policies, procedures, and technical standards.
• Ensure alignment of governance documents with global best practices and regulatory obligations (e.g., NCA, CST-CRF).
• Enforce cybersecurity policies across departments and assess their adoption and maturity.
• Lead compliance initiatives with national cybersecurity frameworks including NCA ECC, CST Cybersecurity Regulatory Frameworks
• Conduct regulatory compliance mapping and gap assessments against ISO 27001, NIST Cybersecurity Framework (CSF), and internal baselines.
• Monitor control effectiveness and compliance posture across business units and systems.
• Coordinate internal and external cybersecurity audits, including preparation, execution, and closure of findings.
• Track audit issues, ensure timely remediation, and maintain evidence for regulatory inquiries.
• Collaborate with Risk Management teams to ensure governance controls align with organizational risk appetite.
• Develop and deliver compliance awareness sessions and training materials tailored to employees, technical staff, and leadership.
• Prepare periodic compliance dashboards and reports for executive leadership, audit committees, and regulatory bodies.
• Maintain strong documentation and records to support traceability and audit-readiness.
• Handling Business Continuity Representative Cybersecurity.
• Oversee the integration of governance and compliance requirements into new projects, cloud services and third-party engagements, ensuring security by design principles are applied.

Qualifications:

Education:

• Bachelor’s degree in Cybersecurity, Information Security, Computer Engineering, Information Technology, or MIS. Master’s or Cybersecurity Master’s degree is a plus.
• Preferred to have a professional certificate such as (CISA, GCCC, CRISC, ISO/IEC 27001 Lead Auditor, ISO27001 Lead Implementer, and GSEC – GIAC Security Essentials (SANS 401)).

Experience:

• +4 years of experience in Cybersecurity Governance, Compliance, or Information Risk Management.
• Hands-on experience with Saudi regulatory compliance frameworks (e.g., NCA, CST) is highly preferred.
• Experience in handling ISO 27001 implementations or audits.
• Experience with GRC tools (e.g., ServiceNow GRC or similar) is a plus.
• Demonstrated success in managing relationships with external auditors and regulatory authorities.
• Proven experience in leading cross-functional governance or compliance programs.

Skills & Competencies:

• Strong knowledge of regulatory frameworks (NCA ECC, CST-CRF, ISO 27001, NIST CSF).
• Strong Knowledge and experience in developing policies and procedures.
• The ability to interpret and translate regulatory requirements into actionable governance controls.
• Audit coordination and issue management skills.
• Excellent communication and presentation skills, with the ability to engage effectively with technical and non-technical stakeholders, including executive leadership.
• Strong analytical and problem-solving skills.
• Ability to prioritize tasks under pressure.
• High level of integrity, ethics, and attention to detail ensuring confidentiality and compliance with legal requirements