Analyst, Information Security (GRC)

Get AI-powered advice on this job and more exclusive features. Direct message the job poster from SASREF

Perform information security GRC activities mainly covering: conduct cybersecurity reviews to ensure compliance with cybersecurity policies and requirements, lead internal and external cybersecurity audits and assessments, risk management by identifying, analyzing and mitigating cybersecurity risks for SASREF company including information technology (IT) networks and Operational Technology (OT) networks to ensure SASREF’s compliance to all regularity requirements by policy alignment and enforcement.

• Collaborate to define related Information security standards, procedures and develop supporting organizational policies for Compliance & Risk.
• Review and assess cybersecurity policies implementation and ensure proper enforcement.
• Stay up to date with new cybersecurity local and international regulatory compliance and cybersecurity requirements, and ensure proper implementation in SASREF.
• Manage the cybersecurity compliance solutions (e.g., compliance review, file integrity change tools).
• Work with various business units to ensure cybersecurity controls are adequate, appropriate, and effective.
• Perform periodic internal security audits on the company’s infrastructure to monitor security compliance with information security policies and procedures.
• Support internal and external audit process for relevant compliance concerns including NCA, NIST, ISO, and Shareholder audits.
• Stay up to date and informed on developing regulatory concerns and changing IT&OT and information security trends.
• Perform cybersecurity and compliance assessments on new and existing systems, processes, technology.
• Define, review and enhance cybersecurity risk framework.
• Identify, analyze, evaluate, and document information security risks and controls based on established risk criteria.
• Perform cybersecurity risk assessments for any new assets, changes, or third-party & in-house projects to identify the cybersecurity risks and suggest the mitigation controls accordingly.
• Oversee all information security activities within the organization and ensuring Information Technology remains as enabler for business tasks, and that Information Technology (IT) and Operational Technology (OT) risks are managed with the company risk appetite.
• Maintain risk registers and communicate it properly with risk owners and perform continuous monitoring.
• Communicate risk findings and recommendations that are clear and actionable by business stakeholders.
• Work with various business units to ensure cybersecurity controls are adequate, appropriate, and effective.

• Ensure that measures to protect personal safety and well-being are always in place and that personal actions do not jeopardize the safety and well-being of others.
• Adhere strictly to all IOWs, Safe Operating Procedures, and Safe Work Instructions - thus preventing potential WPS and PSM incidents at all times.
• Always comply with the SASREF HSE Policy, the 5 Safety Principles and 8 Life Saving Rules.

• No personal injury or injury to a third party.
• No WPS or PSM incident caused.

• Maintain SASREF’s cybersecurity by implementing security best practices.
• Adhere strictly to all cybersecurity requirements while dealing with SASREF’s assets and data.
• Comply always with SASREF’s information security policies.

• Reporting all suspicious emails including the phishing tests.
• 0 Failure to the phishing campaign tests.
• 100% Completion of the assigned cybersecurity awareness courses.
• 0 Cybersecurity violation or negative behavior.

-Qualification

Bachelor’s Degree in Computer Science, Cybersecurity or related field.

-Experience

Minimum of 4 years of experience in Cybersecurity GRC.

SASREF values its people as they are its greatest asset. We shaped our compensation and benefits to provide wide variety of excellent and competitive packages to our diverse employees. We aim to Attract, Maintain, Engage & Retain our employees.

Starting Date: 29-Dec-2025

End Date: 12-Jan-2026

• Not Applicable

• Full-time

• Information Technology

• Oil and Gas and Chemical Manufacturing

Referrals increase your chances of interviewing at SASREF by 2x

Get notified about new Information Security Analyst jobs in Jubail, Eastern, Saudi Arabia.

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.