Risk & Governance Analyst
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Acuative Middle East is seeking a Risk & Governance Analyst to support its cybersecurity GRC program in Jeddah. The role involves managing the risk register, conducting control assessments, and supporting compliance with frameworks like ISO 27001 and NIST.
Key Skills for This Role
Responsibilities
- Maintain and administer the enterprise cybersecurity risk register
- Identify, assess, and document cybersecurity risks in collaboration with stakeholders
- Perform qualitative and quantitative risk assessments
- Track risk treatment plans and monitor remediation progress
- Coordinate security control assessments across technology and business environments
- Evaluate the design and effectiveness of security controls
- Coordinate the collection of evidence required for internal and external audits
- Prepare cybersecurity governance reports and executive dashboards
Requirements
- Bachelor's degree in Cybersecurity, Information Security, Information Technology, Business Administration, Risk Management, or related field
- 3–5 years of experience in cybersecurity governance, risk management, compliance, audit, or information security
- Experience maintaining cybersecurity risk registers and performing risk assessments
- Familiarity with security control frameworks and governance processes
- Experience supporting audits and evidence collection
- Strong analytical and critical thinking skills
- Excellent organizational and documentation abilities
- Strong written and verbal communication skills
Full Job Posting
Job Summary
- The Risk & Governance Analyst is responsible for supporting the organization's cybersecurity governance, risk, and compliance (GRC) program.
Risk Management
- Maintain and administer the enterprise cybersecurity risk register.
- Identify, assess, and document cybersecurity risks in collaboration with business and technical stakeholders.
- Perform qualitative and quantitative risk assessments.
- Track risk treatment plans and monitor remediation progress.
- Facilitate periodic risk reviews and updates.
- Escalate overdue or high risk findings to management.
- Support risk acceptance and exception management processes.
- Prepare risk summaries and dashboards for leadership review.
Governance & Control Assessment
- Coordinate security control assessments across technology and business environments.
- Evaluate the design and effectiveness of security controls.
- Perform gap assessments against internal security policies and industry frameworks.
- Track control deficiencies and remediation activities.
- Support periodic governance reviews and compliance meetings.
- Maintain governance documentation, standards, and procedures.
- Assist in developing and updating cybersecurity policies and standards.
Evidence Management
- Coordinate the collection of evidence required for internal and external audits.
- Maintain an organized repository of governance and compliance evidence.
- Validate the completeness and accuracy of submitted evidence.
- Support audit readiness activities.
- Coordinate with control owners to obtain required documentation.
- Track evidence submission deadlines and outstanding requests.
Performance Reporting
- Prepare cybersecurity governance reports and executive dashboards.
- Develop and maintain Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs).
- Produce regular reporting on risk register status, control assessment results, audit findings, compliance status, remediation progress, and policy compliance.
- Present governance metrics to security leadership and management.
- Support board and executive reporting as required.
Compliance Support
- Support compliance initiatives aligned with standards such as ISO/IEC 27001, NIST Cybersecurity Framework, NIST SP 800 53, CIS Controls, PCI DSS, GDPR, and local regulatory requirements.
- Assist in preparing for certification and regulatory audits.
- Monitor compliance obligations and track corrective actions.
- Coordinate responses to audit findings.
Continuous Improvement
- Identify opportunities to improve governance processes and reporting.
- Recommend enhancements to risk management methodologies.
- Assist in implementing governance and GRC tools.
- Promote awareness of governance, risk, and compliance processes across the organization.
- Support automation of governance reporting where applicable.
Required Qualifications
- Bachelor's degree in Cybersecurity, Information Security, Information Technology, Business Administration, Risk Management, or a related field.
- 3–5 years of experience in cybersecurity governance, risk management, compliance, audit, or information security.
- Experience maintaining cybersecurity risk registers and performing risk assessments.
- Familiarity with security control frameworks and governance processes.
- Experience supporting audits and evidence collection.
Technical Skills
- Enterprise Risk Management (ERM)
- Cybersecurity Risk Assessment
- Risk Register Management
- Security Control Assessments
- Governance Frameworks
- Audit Coordination
- Evidence Management
- Compliance Monitoring
- Policy and Standards Development
- KPI/KRI Development
- Executive Reporting
- Microsoft Excel (advanced)
Knowledge Areas
- ISO/IEC 27001 and ISO/IEC 27002
- NIST Cybersecurity Framework (CSF)
- NIST SP 800 53
- CIS Critical Security Controls
- Risk Management Methodologies
- Internal Controls
- Governance Best Practices
- Information Security Policies
- Third Party Risk Management
- Business Continuity and Disaster Recovery (basic understanding)
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Acuative Middle East
Power BI Developer
Jeddah, KSA
Acuative Middle East is seeking a highly skilled Power BI Developer to design, develop, and maintain enterprise reporting and BI solutions. The role requires strong experience in Power BI, SQL, data visualization, report
Network Security Architect
Jeddah, KSA
Acuative Middle East is hiring a Network Security Architect to administer, operate, and improve network and infrastructure security. The role focuses on firewalls, IPS, secure connectivity, and enterprise security infras
Compliance Manager
Jeddah, KSA
Acuative Middle East seeks a Compliance Manager (GRC Lead) to lead cybersecurity governance, risk management, and compliance. The role requires expertise in NCA ECC, NIST CSF, ISO 27001, and ICAO standards, with at least
Endpoint & Email Security Engineer
Jeddah, KSA
We are seeking an Endpoint & Email Security Engineer to operate, administer, and optimize endpoint and email security platforms. The role involves monitoring, investigating, and remediating security incidents, managing s
Senior Security Architect
Jeddah, KSA
Acuative Middle East seeks a Senior Security Architect to define and advance cybersecurity architecture across enterprise, cloud, network, and application environments. The role leads secure design reviews, Zero Trust Ar
Senior Security Architect
Jeddah, KSA
Acuative Middle East seeks a Security Architecture & GRC Lead to lead security architecture and governance initiatives. The role defines security standards, conducts secure design reviews, drives Zero Trust, and ensures
Security Operations Manager
Jeddah, KSA
Acuative Middle East seeks a Security Operations Lead to manage the SOC, oversee security analysts, and drive incident response. The role requires 7+ years of cybersecurity experience with at least 3 years in a senior SO
Power BI Developer
Jeddah, KSA
Acuative Middle East seeks a Power BI Developer to design, develop, and maintain enterprise reporting and BI solutions. The role requires strong experience in Power BI, SQL, data visualization, and Python scripting, with
Power BI Developer
Jeddah, KSA
Network Security Architect
Jeddah, KSA
Compliance Manager
Jeddah, KSA
Endpoint & Email Security Engineer
Jeddah, KSA
Senior Security Architect
Jeddah, KSA
Senior Security Architect
Jeddah, KSA
Security Operations Manager
Jeddah, KSA
Power BI Developer
Jeddah, KSA