Enable job alerts via email!
Senior Information Security Analyst - Compliance & GRC
Agility
Qatif
On-site
SAR 150,000 - 200,000
Full time
Job summary
A leading logistics and supply chain company in Saudi Arabia is seeking a Senior Information Security Analyst to oversee compliance and governance frameworks. This role involves managing internal and external audits, conducting security assessments, and ensuring adherence to international standards. The ideal candidate has extensive experience in information security, risk management, and a strong understanding of ISO standards. A collaborative work environment and opportunities for professional growth are offered.
Qualifications
- Extensive knowledge in establishing and managing ISMS and BCSM frameworks.
- Proven experience with internal and external audits in information security.
- Strong understanding of compliance with industry regulations and standards.
Responsibilities
- Establish and enhance the organization's Information Security Management System.
- Ensure compliance with local and international regulations.
- Drive culture of security and resilience across the organization.
Skills
Tools
We are seeking a highly experienced and results-driven Senior Information Security Analyst to serve as our central Governance, Risk, and Compliance (GRC) resource. This is a pivotal role responsible for the overall design, maintenance, and enhancement of the organization's security and resilience frameworks. The core purpose of this position is to ensure continuous compliance with all relevant international and local standards, with a specific focus on leading our audit readiness and certification efforts.
Compliance and GRC Management
- Establish, maintain, and enhance the organization's Information Security Management System (ISMS) and Business Continuity & Supply Chain Management (BCSM) frameworks
- Ensure the organization's compliance with all relevant local, regional, and international regulations and standards, ISO 27001, ISO 22301)
- Act as the primary auditee and point of contact for all internal and external information security audits
- Proactively identify, assess, and manage information security and business continuity risks to protect the organization's information assets
- Drive a culture of security and resilience across the organization
Security Controls & Technical Oversight
- Conduct security assessments and audits of various IT platforms, including cloud infrastructure, on‑premise servers (Windows, Linux), databases, and network devices.
- Utilize or interpret reports from vulnerability scanners and penetration testing tools to identify and prioritize security weaknesses
- Evaluate and enforce robust Identity and Access Management (IAM) controls, including role-based access control (RBAC) and multi-factor authentication (MFA)
- Review and ensure the security of cloud deployments (IaaS, PaaS, SaaS), including security groups, IAM policies, and logging
- Apply strong knowledge of secure configuration baselines and hardening standards (CIS Benchmarks) for operating systems, web servers, and network equipment
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
