This page was automatically translated and may contain errors. View in English.
Acuative Middle East

Risk & Governance Analyst

Acuative Middle East

Jeddah, Makkah Province, Saudi Arabia • Vollzeit

Bewerben Sie sich als Erste/r!

Erfahrung
3–5 Jahre
Gehalt
Stellenangebote
1
Veröffentlicht
vor 2 Stunden
Arbeitsmodus
Im Büro
Ausbildung
Bachelor-Abschluss
Teilnahmeberechtigung
Professionals with a bachelor’s degree and 3–5 years of relevant experience in cybersecurity governance, risk, compliance, audit, or information security can apply.
Wieder aufnehmen
Bewerbung erforderlich

Wo Sie arbeiten werden

Stellenbeschreibung

Role overview

The Risk & Governance Analyst supports the organization’s cybersecurity governance, risk, and compliance function. This position centers on keeping the cybersecurity risk register current, coordinating control reviews, gathering audit evidence, and producing governance and security performance reports.

In this role, you will work with business teams, IT, internal audit, security operations, and compliance stakeholders to make sure cybersecurity risks are identified, evaluated, monitored, and communicated appropriately, while also helping the organization stay aligned with internal policies, industry standards, and regulatory obligations.

Risk management

  • Own the administration and upkeep of the enterprise cybersecurity risk register.
  • Work with technical and business stakeholders to discover, evaluate, and record cybersecurity risks.
  • Carry out both qualitative and quantitative risk analyses.
  • Monitor treatment plans and follow through on remediation status.
  • Support regular risk review cycles and refreshes.
  • Escalate overdue items and high-severity risks to management.
  • Help manage risk acceptance and exception workflows.
  • Build risk summaries and leadership dashboards.

Governance and control assessment

  • Coordinate reviews of security controls across technology and business areas.
  • Assess how well controls are designed and whether they operate effectively.
  • Compare current practices with internal security policies and recognized industry frameworks.
  • Track weaknesses in controls and the related remediation work.
  • Support governance meetings and periodic compliance reviews.
  • Maintain governance records, standards, and procedures.
  • Contribute to the creation and revision of cybersecurity policies and standards.

Evidence management

  • Organize and coordinate evidence collection for internal and external audits.
  • Keep a well-structured repository of compliance and governance evidence.
  • Check that submitted evidence is complete and accurate.
  • Assist in keeping the organization audit-ready.
  • Work with control owners to gather required documentation.
  • Monitor evidence deadlines and outstanding requests.

Performance reporting

  • Prepare governance reports and executive-level dashboards for cybersecurity.
  • Develop and maintain KRIs and KPIs.
  • Report on risk register status, control assessment outcomes, audit findings, compliance position, remediation progress, and policy adherence.
  • Present governance metrics to security leadership and management.
  • Support reporting needs for executive and board-level audiences when required.

Compliance support

  • Assist with compliance work aligned to standards and regulations such as ISO/IEC 27001, NIST Cybersecurity Framework, NIST SP 800-53, CIS Controls, PCI DSS, GDPR where applicable, and local regulatory requirements.
  • Support certification and regulatory audit preparation.
  • Track compliance obligations and corrective actions.
  • Coordinate responses to audit observations and findings.

Continuous improvement

  • Identify ways to strengthen governance processes and reporting.
  • Recommend improvements to risk management methods.
  • Help deploy governance and GRC tools.
  • Encourage awareness of governance, risk, and compliance practices across the organization.
  • Support automation efforts for governance reporting where relevant.

Qualifications

This role calls for a bachelor’s degree in Cybersecurity, Information Security, Information Technology, Business Administration, Risk Management, or a similar discipline, along with 3–5 years of experience in cybersecurity governance, risk management, compliance, audit, or information security.

Candidates should have hands-on experience with cybersecurity risk registers, risk assessments, security control frameworks, governance processes, audits, and evidence gathering.

Technical and domain knowledge

The position requires working knowledge of enterprise risk management, cybersecurity risk assessment, risk register administration, security control evaluations, governance frameworks, audit coordination, evidence handling, compliance tracking, policy and standards development, KPI/KRI creation, executive reporting, advanced Microsoft Excel, Microsoft Office, and preferably Microsoft Power BI. Familiarity with GRC platforms such as ServiceNow GRC, RSA Archer, OneTrust, MetricStream, or AuditBoard is also relevant.

Knowledge is expected in ISO/IEC 27001 and ISO/IEC 27002, the NIST Cybersecurity Framework, NIST SP 800-53, CIS Critical Security Controls, risk management methods, internal controls, governance best practices, information security policies, third-party risk management, and basic business continuity and disaster recovery concepts.

Preferred certifications

  • ISO/IEC 27001 Lead Implementer or Lead Auditor
  • CRISC
  • CISA
  • CGRC
  • CISSP, preferred
  • CompTIA Security+
  • COBIT Foundation

Soft skills

Success in this role depends on strong analytical thinking, excellent organization and documentation habits, careful attention to detail, clear written and verbal communication, the ability to coordinate across multiple stakeholders, strong presentation/reporting skills, effective prioritization, and sound judgment when handling sensitive information.

Performance measures

  • Percentage of risks reviewed and refreshed on time
  • Speed of completing control assessments
  • Audit evidence delivered within agreed timelines
  • Percentage of audit findings resolved by the target date
  • Completion rate of risk remediation actions
  • Accuracy and timeliness of governance reporting
  • Adherence to policy review schedules
  • Decrease in overdue risk treatment items
  • Stakeholder satisfaction with governance reporting

Lassen Sie es so, wenn Sie eine Antwort wünschen – wir werden es für nichts anderes verwenden.

Zum Durchsuchen klicken, per Drag & Drop, oder Paste ein Screenshot

PNG, JPG, GIF, MP4, WebM, MOV · Maximal 20 MB pro Datei · Bis zu 5 Dateien

🤖
Broxer-Assistent
Online · Sofortige KI-Hilfe
🤖
KI-gestützt · Antworten von Broxer Help