GRC Analyst

Key Responsibilities

• Implement and maintain Governance, Risk, and Compliance (GRC) processes and tools.
• Support the development, implementation, and monitoring of information security policies and procedures.
• Conduct risk assessments to identify, evaluate, and mitigate potential risks across systems and processes.
• Work with different teams to ensure compliance with ISO 27001, NIST, and other relevant standards .
• Prepare and maintain documentation, reports, and audit evidence for internal and external reviews.
• Assist in internal and external audits , ensuring timely closure of findings.
• Monitor and report on security controls and risk mitigation measures.
• Stay up to date with regulatory and compliance requirements , industry best practices, and security trends.
• Support security awareness initiatives and contribute to improving organizational security culture.

Requirements

• Bachelor’s degree in Information Security, Computer Science, or a related field .
• 1–3 years of experience in GRC, Information Security, or IT Risk Management .
• Solid understanding of ISO 27001, NIST, and risk management frameworks .
• Strong knowledge of information security controls, audit processes, and compliance standards .
• Excellent communication and documentation skills.
• Analytical mindset with strong attention to detail.
• Experience in Saudi Arabia or regional knowledge is a plus.
• Relevant certifications such as ISO 27001 Lead Implementer/Auditor, CISM, or CRISC are an advantage.