Cybersecurity GRC Analyst

Company Description

American Express Saudi Arabia, established in 1999, is a leading financial company in the Kingdom, renowned for delivering excellence and innovative payment solutions. Our mission is to empower individuals and businesses to progress through advanced payment solutions like Credit Cards, Charge Cards, and other services tailored to fit diverse needs. We lead the Card Business Payment sector, helping customers manage expenses and cash flow effectively. Join us to be part of a team that provides world-class experiences and business success.

About the Role:  We are seeking a motivated and detail-oriented Cybersecurity GRC Specialist to join our growing cybersecurity team. The ideal candidate will play a key role in developing and delivering cybersecurity awareness and training programs, supporting internal audits, assisting with third-party risk management and contributing to risk management initiatives. This role offers the opportunity to work across various cybersecurity governance, risk and compliance areas while developing your career in the dynamic field of cybersecurity.

Key Responsibilities include :

• Assist in identifying, assessing, and reporting cybersecurity risks across the organization.
• Support the development and maintenance of risk registers, tracking identified risks, and assisting in risk mitigation strategies.
• Support the planning and execution of internal cybersecurity audits to assess adherence to cybersecurity and regulatory requirements.
• Assist in preparing audit documentation, audit reports, and follow-up on audit findings with relevant departments.
• Conduct periodic reviews of third-party cybersecurity posture and assist in monitoring vendor performance in relation to compliance and risk management requirements.
• Collaborate with the procurement and legal teams to ensure third-party cybersecurity requirements are adequately addressed in vendor contracts and service level agreements (SLAs).
• Design, develop and implement cybersecurity awareness and training programs in alignment with international standards and regulations (e.g., ISO 27001, NCA, SAMA, PCI DSS).
• Deliver periodic cybersecurity awareness sessions (online and/or in person). Monitor employee engagement and completion.
• Track and report on training & phishing metrics to measure effectiveness and to identify risky areas for improvement.
• Plan and manage phishing simulations and analyze results.
• Governance of User Violations and Disciplinary Measures
• Maintain consistent communication about threats, trends, and best practices.
• Perform other duties as assigned by the GRC Manager.

Necessary Documents to Submit :

• Resume/CV
• Bachelor's degree in computer science, information security or a related field.
• Relevant certifications (e.g., CompTIA Security+, ISO 27001 Foundations).

Why Join AMEX :

• Working at American Express Saudi Arabia offers a unique opportunity to be part of a global brand with strong local presence. Employees benefit from competitive salaries, continuous training, and professional growth. The company fosters an inclusive and innovative work culture, led by strong leadership and a clear vision. With a focus on digital transformation and social responsibility, AMEX is a place where talent is valued and empowered.