Analyst, Information Security

Department: InfoSec GRC

Employment Type: Full Time

Location: KSA

Description

The Information Security Analyst supports the Governance, Risk, and Compliance (GRC) function by assisting in the documentation, monitoring, and coordination of information security activities across the organization. The role contributes to maintaining a robust information security governance framework, supporting risk assessment processes, and helping ensure alignment with applicable regulatory requirements and industry standards (including SAMA, PDPL, ISO 27001, and PCI-DSS). Working under the guidance of senior GRC professionals, the role serves as a key operational contributor to the organization's overall information security program, awareness initiatives, and compliance monitoring efforts.

Key Responsibilities

• Information Security Governance Tasks
• Assist in maintaining documentation related to the information security governance framework.
• Support efforts to ensure information security initiatives remain aligned with business objectives and regulatory requirements.
• Help in gathering and updating information related to legal and regulatory requirements affecting information security (e.g., GDPR, SAMA, ISO27001, PCI-DSS).
• Participate in identifying organisational drivers (technology, risk tolerance, business changes) and documenting their impact on information security.
• Assist in maintaining role and responsibility matrices for information security across the organisation.
• Support the preparation of internal and external communication materials related to information security governance.
  
  

• Information Risk Management Tasks
• Support the identification and documentation of information assets and their owners as part of asset classification activities.
• Assist in execution and documentation of basic information security risk assessments.
• Participate in business impact assessment (BIA) data collection activities.
• Support ongoing threat and vulnerability assessment activities by gathering data and preparing reports.
• Help in documenting existing controls and supporting the evaluation of their effectiveness.
• Assist in integrating risk and vulnerability data into lifecycle processes (e.g., procurement checks, project reviews).
• Assist in preparing risk reports and highlighting significant changes for review by senior staff.
  
• Information Security Program Development Tasks
• Assist in maintaining documentation supporting the information security program and strategy.
• Support tracking of cybersecurity activities, including SOC alerts and compliance monitoring.
• Help monitor adherence to cybersecurity policies, standards, and procedures.
• Assist in the investigation process for cybersecurity incidents by collecting logs or reports from relevant teams.
• Support threat intelligence gathering from internal and publicly available sources.
• Help coordinate cybersecurity reviews, audits, and assessments.
• Assist in maintaining information security awareness materials, training schedules, and communication plans.
• Support documentation and updates of standards, procedures, guidelines, and baselines.
• Assist in integrating information security requirements into procurement or project documentation.
• Help track program metrics (KPIs/KRIs) and prepare dashboards or reports.
  
  

• Generic:
• Support the maintenance of information security policies, standards, processes, and architecture documentation.
• Assist in information security initiatives across business and technology teams.
• Support establishing and monitoring compliance with information security policies, standards, and relevant regulations.
• Assist in performing information security reviews and preparing related reports.
• Support classification of information and systems and document security requirements for key projects.
• Assist in delivering information security awareness activities and materials.
• Help measure and track security-related KPIs and KRIs.
• Provide general administrative and analytical support to the GRC and Information Security teams.
  
  
  

Skills, Knowledge and Expertise

• Bachelor's degree in Information Technology, Computer Science, Software Engineering, Cybersecurity, or a related field. Recent graduates and fresh university leavers are encouraged to apply
• No minimum professional experience required but 0-2 years in the Information Security domain specifically is a plus.
• Basic understanding of information security concepts, standards, and frameworks (e.g., ISO27001, NIST, SAMA CSF).
• Basic awareness of data protection regulations (PDPL) is a plus.
• Coursework, academic projects, or internships related to cybersecurity, risk management, or compliance are preferred.