Job description

The Senior Information Security Analyst - Compliance & Governance, Risk, and Compliance (GRC) serves as the central Governance, Risk, and Compliance (GRC) resource and is a pivotal, results-driven role responsible for the overall design, maintenance, and enhancement of the organization’s security and resilience frameworks. The core purpose of this position is to ensure continuous compliance with all relevant local, regional, and international regulations and standards, with a specific focus on ISO 27001 and ISO 22301, while leading audit readiness and certification efforts. The role establishes, maintains, and enhances the Information Security Management System (ISMS) and Business Continuity & Supply Chain Management (BCSM) frameworks, ensuring alignment with ISO 27001, ISO 22301, NIST, and CIS standards. Acting as the primary auditee and point of contact for all internal and external information security audits, the analyst proactively identifies, assesses, and manages information security and business continuity risks to protect organizational information assets and drives a culture of security and resilience. From a technical oversight perspective, the role conducts security assessments and audits across diverse IT platforms, including cloud infrastructure, on-premise servers (Windows, Linux), databases, and network devices. It requires utilizing or interpreting reports from vulnerability scanners, Vulnerability and Risk Assessment Tools, and penetration testing tools to identify and prioritize security weaknesses. The position evaluates and enforces robust Identity and Access Management (IAM) controls, including role-based access control (RBAC) and multi-factor authentication (MFA), and reviews cloud deployments across IaaS, PaaS, and SaaS models, ensuring secure configuration of security groups, IAM policies, and logging. Strong knowledge and application of secure configuration baselines and hardening standards such as CIS Benchmarks for operating systems, web servers, and network equipment are required. The role demands a solid understanding of network security technologies including Firewalls and IDS/IPS, Endpoint Security (EDR), IAM principles, and Cryptography, along with practical experience in SIEM platforms and GRC Platforms. Software proficiency includes documentation and collaboration tools such as Microsoft Office Suite, SharePoint, Jira, and Confluence. The position is suited for candidates with experience in Government Sector or Private Sector environments involving Enterprise data Center Security Compliance and requires essential certifications including ISO 27001, ISO 22301, CISSP, and CISA, with fluency in English and Arabic considered an added advantage.