Senior IT Functional Analyst - CS - GRC

Job description / Role

Our client in Saudi Arabia is seeking a highly experienced and skilled Senior IT Functional Analyst - Cyber Security Governance to join their team in the Saudi Arabia.

We are seeking an experienced Governance Analyst with 10+ years of expertise in the Cybersecurity Governance, Risk, and Compliance (GRC) domain. The ideal candidate will be responsible for ensuring that our cybersecurity practices align with the organization policies, regulatory requirements, and industry best practices. This role involves developing governance frameworks, conducting compliance assessments, and collaborating with various stakeholders to foster a culture of security awareness and compliance throughout the organization.

Job Description:

• Design, implement, and maintain cybersecurity governance frameworks, develop and update governance policies, standards, and procedures, ensuring they are effectively communicated and adhered to across the organization.
• Conduct regular risk assessments to identify vulnerabilities and ensure that appropriate controls are in place.
• Collaborate with the risk management team to prioritize and address identified risks, ensuring alignment with business objectives.
• Ensure compliance with relevant regulations (e.g., NCA, HIPAA, etc.) and the organization policies by conducting assessments and audits, and prepare and submit compliance reports to senior management.
• Liaise with cross-functional teams, including IT, legal, and business units, to facilitate governance initiatives and compliance efforts.
• Act as a point of contact for governance-related inquiries and provide guidance on policy implementation.
• Should be able to develop and deliver training programs on cybersecurity governance and compliance to enhance employee awareness and adherence to policies.
• Support internal and external audits, udpate and track necessary documentation including evidence of compliance with governance frameworks and policies.
• Participate in audit planning and follow-up to ensure timely resolution of any identified issues.
• Should be able to identify opportunities for process improvements within the governance framework to enhance efficiency and effectiveness of the organization.

Key Competencies:

• Regulatory Frameworks Proficiency: Expert understanding of regulatory frameworks, including Personal Data Protection Law (PDPL), ISO 27001, and healthcare-specific standards, to ensure compliance and data protection best practices.
• Risk Assessment Expertise: Proficient in conducting risk assessment reviews and delivering effective mitigation strategies to safeguard IT systems and operations.
• Cloud Security Posture Assessment: Proficient in cloud architecture, deployment models, and multi-cloud integrations with a focus on maintaining confidentiality, integrity, and availability (CIA) according to best practices in cloud security.
• Control Measure Design: Assists in designing and implementing controls to address identified cybersecurity risks and vulnerabilities.
• Compliance Assessment Development: Develops questionnaires to evaluate compliance with cybersecurity policies and standards, identifying gaps for risk management.
• Third-party Vendor Assessment: Assists in the third-party vendor selection process to verify vendors’ compliance with existing information security standards.
• Ongoing Threat Modeling and Risk Reviews: Conducts periodic risk reviews to ensure threat models are current, particularly for systems handling sensitive patient data and critical care devices.

Qualifications:

• Bachelors in Computer Sciences, Cybersecurity or related field.
• IT and Cybersecurity related Certifications.

Experience - 10 plus years.

Key Competencies:

• Regulatory Frameworks Proficiency: Expert understanding of regulatory frameworks, including Personal Data Protection Law (PDPL), ISO 27001, and healthcare-specific standards, to ensure compliance and data protection best practices.
• Risk Assessment Expertise: Proficient in conducting risk assessment reviews and delivering effective mitigation strategies to safeguard IT systems and operations.
• Cloud Security Posture Assessment: Proficient in cloud architecture, deployment models, and multi-cloud integrations with a focus on maintaining confidentiality, integrity, and availability (CIA) according to best practices in cloud security.
• Control Measure Design: Assists in designing and implementing controls to address identified cybersecurity risks and vulnerabilities.
• Compliance Assessment Development: Develops questionnaires to evaluate compliance with cybersecurity policies and standards, identifying gaps for risk management.
• Third-party Vendor Assessment: Assists in the third-party vendor selection process to verify vendors’ compliance with existing information security standards.

Relevant Skills:

• Proven experience in preparing reports, presentations, and documentation for senior leadership.
• Storng project managemnt skills, and able demonstrated ability to collaborate effectively with diverse teams to achieve strategic goals.
• Relevant certifications such as CISA, CRISC, CISM, or CISSP are highly preferred.

Healthcare Industry preferred.

WORK LOCATION - SAUDI ARABIA.

About the Company

Black Pearl is a human resources and recruitment agency that provides a holistic business and talent solution in a progressive, dynamic, and efficient way.

We pride ourselves as a unique black pearl and strive to delight our clients with a personalized partnership that helps them propel towards success.

Whether you need to find top talent, your next great job opportunity, or a consulting solution for managing your business, engaging employees, evolving your work culture, planning your people strategy, or resourcing challenges, we can help.