KAPSARC is seeking a Governance, Risk, and Compliance (GRC) Analyst. The GRC analyst will be responsible for gathering data and evaluating KAPSARC’s governance, risk, and compliance posture as they relate to its information assets. The GRC analyst will support internal risk assessments, assist in audit and regulatory compliance projects, contribute to policy drafting/finalization, support security awareness initiatives, and support other GRC and cybersecurity projects as assigned in cooperation with the various relevant functions.
- Bachelor’s or master’s degree in information security, cybersecurity or related field.
- Working experience in GRC.
- NCA Compliance frameworks working experience
- Holds at least one professional certification in the cybersecurity field.
- Excellent command of the Arabic language (spoken/written).
- Excellent command of the English language (spoken/written).
- Strong knowledge of information security and associated tools and trends.
- Strong written and oral communication skills, self-motivated and a self-starter, should maintain a curiosity and desire to learn, and be able to work well in a team environment.
- Ability to prioritize and manage many open cases at one time.
- Experience in reporting and emergency response planning.
- Ability to self-direct and work well under pressure to meet deadlines.
- Ability to build strong working relationships with related stakeholders.
- Strong analytic and problem-solving skills.
- Ability to manage in a high demand/volume work environment with changing priorities.
- Collaborate to define IS/IT security standards and develop supporting organizational policies.
- Performs periodic gap assessments to validate compliance on an ongoing basis.
- Conducts and tracks information security assessments of third-party vendors to determine their ability to protect data.
- Oversees and tracks findings from assessments to ensure they are brought to closure.
- Identifies, assesses and manages an organization’s cybersecurity risks to protect its information and technology assets in line with organizational policies and procedures and related laws and regulations.
- Ensures KAPSARC’s cybersecurity program complies with applicable requirements, policies and standards.
- Develops, updates and maintains cybersecurity policies to support and align with KAPSARC’s cybersecurity requirements.
- Analyzes cybersecurity controls and assesses their effectiveness.
- Designs, performs and manages cybersecurity audits to assess KAPSARC’s compliance with applicable requirements, policies, standards and controls. Prepares audit reports and communicates them to authorized parties.
- Defines reporting and monitoring methods, including information security audit procedures.
- Prepares awareness material on information security threats and other subjects and delivers training sessions to employees.
The link has been copied to the clipboard