Cybersecurity Compliance Analyst

The Cybersecurity Compliance Analyst will work on gap analysis, evaluating and aligning the organization’s information security practices with the Saudi Central Bank (SAMA) Cyber Security Framework. This role involves assessing current security controls, identifying gaps, recommending risk mitigation strategies, and ensuring ongoing compliance with SAMA’s regulatory requirements. Candidates with knowledge of the National Cybersecurity Authority (NCA) regulations in Saudi Arabia will be at an advantage.

1. Conduct Comprehensive Gap Assessments
   • Perform detailed reviews of existing security policies, procedures, and technical controls.
   • Map current practices to the SAMA Cyber Security Framework and NCA regulations, documenting any non‑conformities or control gaps.
2. Develop Risk Mitigation Strategies
   • Collaborate with cross‑functional teams (IT, Legal, Compliance, Operations) to prioritize discovered gaps.
   • Propose remediation plans with clear timelines and action items to address deficiencies.
3. Maintain Regulatory Compliance
   • Stay up to date on changes and updates in the SAMA Cyber Security Framework and NCA regulations.
   • Review and update internal policies and standards to ensure continuous alignment with regulatory requirements.
4. Reporting & Stakeholder Communication
   • Prepare compliance reports and presentations for executive leadership and relevant committees.
   • Communicate findings and recommendations clearly to both technical and non‑technical stakeholders.
5. Audit Readiness Support
   • Coordinate with internal and external audit teams to validate remedial actions and ensure readiness for formal SAMA reviews.
   • Provide evidence of compliance, track audit findings, and follow up on corrective actions.
6. Continuous Improvement
   • Evaluate and improve gap analysis methodologies and tools.
   • Advocate best practices for documentation, risk assessment, and compliance testing across the organization.

• Education: Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent practical knowledge).
• Technical Skillset: Hands‑on experience in IT Security, Compliance, or Risk Management—preferably in the financial sector.
• Experience: 3 years of relevant experience in GRC or CS Compliance is preferred; candidates with a strong understanding of cybersecurity gap analysis and compliance will also be considered.
• Must Have: Practical experience on SAMA Cyber Security Framework and its alignment with standards such as ISO 27001 or NIST.
• Data Privacy & Protection: Experience with Data Privacy and Protection, with a focus on Saudi PDPL and GDPR compliance.
• NCA Regulations: Awareness of NCA regulations and their implications for cybersecurity in the Saudi government sector.
• Tools: Familiarity with cybersecurity governance, risk, and compliance (GRC) tools or similar frameworks.
• Preferred Certifications:
  • ISO 27001 Lead Implementer or Lead Auditor
  • CISSP (Certified Information Systems Security Professional)
  • CISA (Certified Information Systems Auditor)
  • GRCP (GRC Professional)