Senior Information Security Analyst - Compliance & GRC

Role Summary:

We are seeking a highly experienced and results-driven Senior Information Security Analyst to serve as our entral Governance, Risk, and Compliance (GRC) resource. This is a pivotal role responsible for the overall design, maintenance, and enhancement of the organization's security and resilience frameworks. The core purpose of this position is to ensure continuous compliance with all relevant international and local standards, with a specific focus on leading our audit readiness and certification efforts.

Your Responsibilities:

Compliance and GRC Management

• Establish, maintain, and enhance the organization's Information Security Management System (ISMS) and Business Continuity & Supply Chain Management (BCSM) frameworks

• Ensure the organization's compliance with all relevant local, regional, and international regulations and standards, ISO 27001, ISO 22301)
• Act as the primary auditee and point of contact for all internal and external information security audits
• Proactively identify, assess, and manage information security and business continuity risks to protect the organization's information assets
• Drive a culture of security and resilience across the organization

Security Controls & Technical Oversight

• Conduct security assessments and audits of various IT platforms, including cloud infrastructure , on-premise servers (Windows, Linux), databases, and network devices.

• Utilize or interpret reports from vulnerability scanners and penetration testing tools to identify and prioritize security weaknesses
• Evaluate and enforce robust Identity and Access Management (IAM) controls, including role-based access control (RBAC) and multi-factor authentication (MFA)
• Review and ensure the security of cloud deployments (IaaS, PaaS, SaaS), including security groups, IAM policies, and logging
• Apply strong knowledge of secure configuration baselines and hardening standards (CIS Benchmarks) for operating systems, web servers, and network equipment

Requirements:
Your Qualifications:

• Education: Candidate must possess at least a Bachelor of Science or Bachelor of Computer Application

• Experience: A minimum of 5 - 10 years of experience in a similar environment
• Domain: Experience in Government Sector or Private Sector with Enterprise data Center Security Compliance
• Certifications: Essential certifications include ISO 27001, ISO 22301, CISSP, and CISA
• Language: Must be fluent in English, with Arabic as an added advantage.

Your Competencies:

Technical:

• Security Frameworks & Standards: Profound knowledge of ISO 27001, NIST, and CIS
• Security Controls: A solid understanding of network security (Firewalls, IDS/IPS), Endpoint Security (EDR), IAM principles, and Cryptography
• Tools: Practical experience with Vulnerability and Risk Assessment Tools and familiarity with SIEM platforms
• Software Proficiency: Experience with GRC Platforms and documentation tools (Microsoft Office Suite, SharePoint, Jira, Confluence)

Behavioral:

• Teamwork and Collaboration
• Quality and Results focused
• Learning Agility
• Business Acumen
• Decision Making
• Digital Savvy
• Agility and Adaptability
• Negotiation and influence
• Planning and Organizing