Cybersecurity GRC Senior Analyst

Role Overview

This position will be responsible for supporting broader Cybersecurity Governance, Risk, and Compliance (GRC) initiatives aligned with local laws, regulations, internal processes and standards, and best practices. The position will also be responsible for developing, maintaining, and ensuring the execution of the Business Continuity Management (BCM) program in compliance with SAMA BCM Framework requirements.

Key ResponsibilitiesGovernance, Risk, and Compliance (GRC)

• Support and lead the implementation and continuous compliance with the SAMA Cyber Security Framework (CSF).

  
  

• Develop, review, and update cybersecurity policies, standards, and procedures.

  
  

• Establish, coordinate, and maintain cyber risk management activities.

  
  

• Conduct regular compliance assessments and gap analyses.

  
  

• Track remediation of identified compliance gaps.

  
  

• Prepare documentation for regulatory examinations and audits.

  
  

Business Continuity Management (BCM)

• Develop, maintain, and ensure the execution of the BCM program in compliance with the SAMA BCM Framework.

  
  

• Lead the Business Impact Analysis (BIA) process to identify critical business functions and dependencies.

  
  

• Establish Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) for critical systems and processes.

  
  

• Develop and maintain Business Continuity Plans and Disaster Recovery Plans (BCP/DR).

  
  

• Design and facilitate BCM training programs for all staff levels.

  
  

• Plan and execute regular BCM testing exercises (tabletop exercises, functional tests, full-scale simulations).

  
  

• Develop and maintain BCM documentation, including plans, procedures, and test results.

  
  

Business Continuity Training and Coordination

• Develop and implement BCM programs.

  
  

• Create role-specific training for BCM coordinators and response teams.

  
  

• Conduct regular awareness sessions on BCM best practices.

  
  

• Develop and distribute educational materials on security and BCM topics.

  
  

Reporting and Communication

• Communicate and collaborate with regional and global partners and team members.

  
  

• Develop and deliver regular status reports to senior management on BCM and GRC activities.

  
  

• Prepare compliance status reports for regulatory submissions.

  
  

• Coordinate with auditors and regulators on BCM and cybersecurity compliance matters.

  
  

Qualifications

• Bachelor's or Master's degree in Information Security, Cybersecurity, Computer Science, or a related field.

  
  

• Relevant certifications such as CISSP, CISM, CRISC, or equivalent are preferred.

  
  

• Minimum of 5+ years of proven experience in cybersecurity governance, risk management, and compliance.

  
  

• Strong understanding of the SAMA Cyber Security Framework and BCM Framework.

  
  

• Excellent analytical, problem-solving, and communication skills.

  
  

• Ability to work independently and as part of a team.
  

  
  

Skillset

• Technical Skills:
  • Strong understanding of Business Continuity Management (BCM) and Disaster Recovery (DR) principles and practices.
  • Proficiency in implementing and maintaining compliance with the SAMA Cyber Security Framework (CSF) and BCM Framework.
  • Experience with risk management, including conducting risk assessments and gap analyses.
  • Knowledge of cybersecurity policies, standards, and procedures.
  • Familiarity with regulatory requirements and compliance processes in the insurance industry, particularly within the KSA region
• Communication Skills:
  • Excellent written and verbal communication skills for preparing documentation, reports, and regulatory submissions (Arabic and English)
  • Ability to develop and deliver training programs and awareness sessions on BCM and cybersecurity (Arabic and English).
  • Strong interpersonal skills to coordinate with auditors, regulators, and internal stakeholders.
  • Ability to work collaboratively with cross-functional teams and senior management.
    

What we Offer :

• Hybrid mode
• Flexibly
• International exposure
• Pleasant environment ( Cigna KSA got recently certified as “Great Place to Work” )
  

Working hours: As per KSA Labor Law

About The Cigna Group

Doing something meaningful starts with a simple decision, a commitment to changing lives. At The Cigna Group, we’re dedicated to improving the health and vitality of those we serve. Through our divisions Cigna Healthcare and Evernorth Health Services, we are committed to enhancing the lives of our clients, customers and patients. Join us in driving growth and improving lives.

Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you require reasonable accommodation in completing the online application process, please email: SeeYourselfEMEA@cigna.com for support. Do not email SeeYourselfEMEA@cigna.com for an update on your application or to provide your resume as you will not receive a response.