GRC Analyst

Key ResponsibilitiesImplement and maintain Governance, Risk, and Compliance (GRC) processes and tools.Support the development, implementation, and monitoring of information security policies and procedures.Conduct risk assessments to identify, evaluate, and mitigate potential risks across systems and processes.Work with different teams to ensure compliance with ISO 27001, NIST, and other relevant standards.Prepare and maintain documentation, reports, and audit evidence for internal and external reviews.Assist in internal and external audits, ensuring timely closure of findings.Monitor and report on security controls and risk mitigation measures.Stay up to date with regulatory and compliance requirements, industry best practices, and security trends.Support security awareness initiatives and contribute to improving organizational security culture.RequirementsBachelor’s degree in Information Security, Computer Science, or a related field.1–3 years of experience in GRC, Information Security, or IT Risk Management.Solid understanding of ISO 27001, NIST, and risk management frameworks.Strong knowledge of information security controls, audit processes, and compliance standards.Excellent communication and documentation skills.Analytical mindset with strong attention to detail.Experience in Saudi Arabia or regional knowledge is a plus.Relevant certifications such as ISO 27001 Lead Implementer/Auditor, CISM, or CRISC are an advantage.