Cyber Security Senior Analyst

Duties and Responsibilities

• Develop, review, and maintain cybersecurity policies, standards, and procedures in alignment with NCA ECC and IA CSF.
• Conduct cybersecurity compliance assessments and gap analyses, and track remediation actions to closure.
• Perform cybersecurity risk assessments and maintain the cybersecurity risk register.
• Establish and monitor cybersecurity KPIs and KRIs, and report on compliance and risk posture.
• Support the implementation and continuous improvement of cybersecurity governance practices and frameworks.
• Coordinate and support internal and external cybersecurity audits and regulatory inspections.
• Oversee third-party cybersecurity risk assessments and ensure compliance with security requirements.
• Review and validate security configurations and ensure proper implementation of security controls across systems and applications.
• Support vulnerability management activities and remediation tracking.
• Coordinate and review penetration testing and security assessment results.
• Ensure proper documentation, evidence management, and audit readiness always.
• Collaborate with IT and business units to embed cybersecurity controls into projects and operations.
• Support cybersecurity awareness and training initiatives across the organization.
• Stay updated on emerging threats, regulatory changes, and industry best practices to continuously enhance the cybersecurity posture.

• Design and enhance cybersecurity controls and defensive mechanisms in alignment with NCA ECC and SAMA CSF.
• Develop and update security standards, baselines, and hardening guidelines for systems, applications, and cloud environments.
• Evaluate and recommend new security technologies and solutions to strengthen the organization’s security posture.
• Support the implementation of secure architecture principles across IT and business systems.
• Develop and improve processes for vulnerability management, patching, and configuration management.
• Define and enhance identity and access management controls, including least privilege and segregation of duties.
• Establish and refine data protection controls, including encryption and data classification standards.
• Continuously assess control effectiveness and recommend improvements based on risk assessments and audit findings.
• Align new security protocols with regulatory requirements and industry best practices.
• Collaborate with IT teams to ensure secure deployment of new systems and technologies.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• Relevant professional certifications such as CISSP, CYSA+, CGRC, or ISO 27001 Lead Implementer/Auditor are highly desirable.

• Minimum 4 years of related work experience, various domains, systems, network, incident response tools, and packet analysis knowledge is needed.
• Experience in designing large scale security operation tools and processes.

• Outstanding computer and Cybersecurity skills related to IT security.
• Excellent analytical and problem-solving skills.