{bc}
linkedin

Risk & Governance Analyst

Acuative Middle East
Jeddah, KSA
fulltime
Entry
Today
AnalystGovernanceRisk
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

AnalystGovernanceRisk
Smart Apply

Full Job Posting

Job Summary

The Risk & Governance Analyst is responsible for supporting the organization's cybersecurity governance, risk, and compliance (GRC) program.

The primary focus of this role is the management of the cybersecurity risk register, control assessments, evidence collection, governance activities, and security performance reporting.

The analyst works closely with business units, IT, internal audit, security operations, and compliance teams to ensure cybersecurity risks are identified, assessed, tracked, and reported, while maintaining compliance with organizational policies, industry standards, and regulatory requirements.

Risk Management

  • Maintain and administer the enterprise cybersecurity risk register.
  • Identify, assess, and document cybersecurity risks in collaboration with business and technical stakeholders.
  • Perform qualitative and quantitative risk assessments.
  • Track risk treatment plans and monitor remediation progress.
  • Facilitate periodic risk reviews and updates.
  • Escalate overdue or high-risk findings to management.
  • Support risk acceptance and exception management processes.
  • Prepare risk summaries and dashboards for leadership review.

Governance & Control Assessment

  • Coordinate security control assessments across technology and business environments.
  • Evaluate the design and effectiveness of security controls.
  • Perform gap assessments against internal security policies and industry frameworks.
  • Track control deficiencies and remediation activities.
  • Support periodic governance reviews and compliance meetings.
  • Maintain governance documentation, standards, and procedures.
  • Assist in developing and updating cybersecurity policies and standards.

Evidence Management

  • Coordinate the collection of evidence required for internal and external audits.
  • Maintain an organized repository of governance and compliance evidence.
  • Validate the completeness and accuracy of submitted evidence.
  • Support audit readiness activities.
  • Coordinate with control owners to obtain required documentation.
  • Track evidence submission deadlines and outstanding requests.

Performance Reporting

  • Prepare cybersecurity governance reports and executive dashboards.
  • Develop and maintain Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs).
  • Produce regular reporting on:
  • Risk register status
  • Control assessment results
  • Audit findings
  • Compliance status
  • Remediation progress
  • Policy compliance
  • Present governance metrics to security leadership and management.
  • Support board and executive reporting as required.

Compliance Support

  • Support compliance initiatives aligned with standards and regulations such as:
  • ISO/IEC 27001

• NIST SP 800-53

  • CIS Controls
  • PCI DSS
  • GDPR (where applicable)
  • Local regulatory requirements
  • Assist in preparing for certification and regulatory audits.
  • Monitor compliance obligations and track corrective actions.
  • Coordinate responses to audit findings.

Continuous Improvement

  • Identify opportunities to improve governance processes and reporting.
  • Recommend enhancements to risk management methodologies.
  • Assist in implementing governance and GRC tools.
  • Promote awareness of governance, risk, and compliance processes across the organization.
  • Support automation of governance reporting where applicable.

Required Qualifications

  • Bachelor's degree in Cybersecurity, Information Security, Information Technology, Business Administration, Risk Management, or a related field.
  • 3–5 years of experience in cybersecurity governance, risk management, compliance, audit, or information security.
  • Experience maintaining cybersecurity risk registers and performing risk assessments.
  • Familiarity with security control frameworks and governance processes.
  • Experience supporting audits and evidence collection.

• Security Control Assessments

  • Governance Frameworks
  • Audit Coordination
  • Evidence Management
  • Compliance Monitoring
  • Policy and Standards Development
  • KPI/KRI Development
  • Executive Reporting

• Microsoft Office Suite

  • GRC Platforms (e.g., ServiceNow GRC, RSA Archer, OneTrust, MetricStream, AuditBoard)

Knowledge Areas

  • ISO/IEC 27001 and ISO/IEC 27002

• Risk Management Methodologies

  • Internal Controls

• Third-Party Risk Management

  • Business Continuity and Disaster Recovery (basic understanding)

Preferred Certifications

  • ISO/IEC 27001 Lead Implementer or Lead Auditor
  • CRISC (Certified in Risk and Information Systems Control)

• CISA (Certified Information Systems Auditor)

  • CGRC (Certified in Governance, Risk and Compliance)
  • CISSP (preferred)
  • CompTIA Security+
  • COBIT Foundation

Soft Skills

  • Strong analytical and critical thinking skills.
  • Excellent organizational and documentation abilities.
  • High attention to detail and accuracy.
  • Strong written and verbal communication skills.
  • Ability to coordinate with multiple stakeholders across the organization.
  • Strong presentation and reporting skills.
  • Ability to manage multiple priorities and meet deadlines.
  • Professional judgment and discretion when handling sensitive information.

Key Performance Indicators (Kpis)

  • Percentage of risks reviewed and updated on schedule.
  • Timely completion of control assessments.
  • Audit evidence submission within agreed timelines.
  • Percentage of audit findings remediated within target dates.
  • Risk remediation completion rate.
  • Accuracy and timeliness of governance reports.
  • Compliance with policy review schedules.
  • Reduction in overdue risk treatment actions.
  • Stakeholder satisfaction with governance reporting.

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at Acuative Middle East