GRC Analyst – Governance, Risk & Compliance

About the role

We are looking for a proactive GRC Analyst to join our security team. The role focuses on implementing and maintaining governance, risk and compliance processes, supporting policy development and ensuring adherence to international standards.

Key responsibilities

• Implement and maintain Governance, Risk, and Compliance (GRC) processes and tools.
• Support the development, implementation, and monitoring of information security policies and procedures.
• Conduct risk assessments to identify, evaluate, and mitigate potential risks across systems and processes.
• Collaborate with cross‑functional teams to ensure compliance with ISO 27001, NIST, and other relevant standards.
• Prepare and maintain documentation, reports, and audit evidence for internal and external reviews.
• Assist in internal and external audits, ensuring timely closure of findings.
• Monitor and report on security controls and risk mitigation measures.
• Stay up to date with regulatory requirements, industry best practices, and security trends.
• Support security awareness initiatives and help improve the organization’s security culture.

Required profile

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• 1–3 years of experience in GRC, Information Security, or IT Risk Management.
• Solid understanding of ISO 27001, NIST, and risk management frameworks.
• Strong knowledge of information security controls, audit processes, and compliance standards.
• Excellent communication and documentation skills.
• Analytical mindset with strong attention to detail.
• Experience in Saudi Arabia or regional knowledge is a plus.
• Relevant certifications such as ISO 27001 Lead Implementer/Auditor, CISM, or CRISC are an advantage.

Required skills

• ISO 27001
• NIST
• Risk management frameworks
• Information security controls
• Audit processes
• Compliance standards