Analyst, Information Security

Overview

Information Security Governance Tasks

• Assist in maintaining documentation related to the information security governance framework.
• Support efforts to ensure information security initiatives remain aligned with business objectives and regulatory requirements.
• Help in gathering and updating information related to legal and regulatory requirements affecting information security (e.g., GDPR, SAMA, ISO27001, PCI-DSS).
• Participate in identifying organisational drivers (technology, risk tolerance, business changes) and documenting their impact on information security.
• Assist in maintaining role and responsibility matrices for information security across the organisation.
• Support the preparation of internal and external communication materials related to information security governance.

Information Risk Management Tasks

• Support the identification and documentation of information assets and their owners as part of asset classification activities.
• Assist in execution and documentation of basic information security risk assessments.
• Participate in business impact assessment (BIA) data collection activities.
• Support ongoing threat and vulnerability assessment activities by gathering data and preparing reports.
• Help in documenting existing controls and supporting the evaluation of their effectiveness.
• Assist in integrating risk and vulnerability data into lifecycle processes (e.g., procurement checks, project reviews).
• Assist in preparing risk reports and highlighting significant changes for review by senior staff.

Information Security Program Development Tasks

• Assist in maintaining documentation supporting the information security program and strategy.
• Support tracking of cybersecurity activities, including SOC alerts and compliance monitoring.
• Help monitor adherence to cybersecurity policies, standards, and procedures.
• Assist in the investigation process for cybersecurity incidents by collecting logs or reports from relevant teams.
• Support threat intelligence gathering from internal and publicly available sources.
• Help coordinate cybersecurity reviews, audits, and assessments.
• Assist in maintaining information security awareness materials, training schedules, and communication plans.
• Support documentation and updates of standards, procedures, guidelines, and baselines.
• Assist in integrating information security requirements into procurement or project documentation.
• Help track program metrics (KPIs/KRIs) and prepare dashboards or reports.

Generic

• Support the maintenance of information security policies, standards, processes, and architecture documentation.
• Assist in information security initiatives across business and technology teams.
• Support establishing and monitoring compliance with information security policies, standards, and relevant regulations.
• Assist in performing information security reviews and preparing related reports.
• Support classification of information and systems and document security requirements for key projects.
• Assist in delivering information security awareness activities and materials.
• Help measure and track security-related KPIs and KRIs.
• Provide general administrative and analytical support to the GRC and Information Security teams.