Information Protection Analyst (Saudi Arabia)

Eram Talent, a leading Talent Acquisition Consultancy based in Saudi Arabia, is seeking a highly skilled Information Protection Analyst to join our team. We specialize in providing exceptional recruitment solutions to clients in various industries, including Oil & Gas, Petroleum, Infrastructure, Energy, Water, Transportation, Science & Technology, and Health Care.

The Information Protection Analyst will be responsible for safeguarding sensitive information and ensuring the integrity, availability, and confidentiality of data. This includes implementing and maintaining security controls, conducting risk assessments, and monitoring compliance with information protection policies and procedures.

The main purpose of the Information Protection Analyst is to perform the assigned jobs under one of the following functions:

• Access Management
• Security & Vulnerability Management
• Security Intelligence Center

• The main responsibilities of the Information Protection Analyst are to perform duties under one of the following IT Information Protection sections:
• Access Management
• Security & Vulnerability Management
• Security Intelligence Center
• Also, he/she will be responsible/accountable for the following activities:
• Identifies, analyzes, monitors, mitigates, and manages threats and vulnerabilities to IT systems and networks.
• Applies service-oriented security architecture principles to meet the organization's confidentiality, integrity, and availability requirements.
• Uses defensive measures and multi-source information to report events and respond to incidents.
• Uses data collected from cyber defense tools to analyze events that occur within the organization to detect and mitigate cyber threats.
• Ensures all systems security operations and maintenance activities are properly documented and updated as necessary.
• Tests, implements, deploys, maintains, and administers hardware and software that protect and defend systems and networks against cybersecurity threats.
• Manages individuals' and entities' identities and access to resources through applying identification, authentication, and authorization systems and processes.
• Ensures identity access management implementations follow the organization's standards and policies.
• Performs vulnerability assessments of systems and networks, identifies deviations from acceptable configurations or applicable policies, and measures the effectiveness of defense-in-depth architecture against known vulnerabilities.
• Collects and analyzes digital evidence, investigates cybersecurity incidents to derive useful information to mitigate system and network vulnerabilities.
• Identifies, collects, examines, and preserves evidence using controlled and documented analytical and investigative techniques.
• Collects and analyzes multi-source information about cybersecurity threats to develop deep understanding and awareness of cyber threats and actors' Tactics, Techniques, and Procedures (TTPs), to derive and report indicators that help organizations detect and predict cyber incidents and protect systems and networks from cyber threats.
• Proactively searches for undetected threats in networks and systems, identifies their Indicators of Compromise (IOCs), and recommends mitigation plans.
• Designs and oversees the development, implementation, and configuration of cybersecurity systems and networks.
• Ensures that protection and detection capabilities are aligned with the organization's cybersecurity strategy, policies, and other related documentation.

• Bachelor's degree in Computer Science, Information Security, or related field.
• Minimum of 5 years of experience in information protection or cybersecurity.
• Strong knowledge of information security principles, best practices, and technologies.
• Experience in conducting risk assessments and vulnerability scans.
• Knowledge of relevant industry regulations and compliance frameworks.
• Excellent problem-solving and analytical skills.
• Strong communication and interpersonal skills.
• Certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) are preferred.
• Fluency in English and Arabic is required.
• Experience working in Saudi Arabia or knowledge of Saudi Arabian information security regulations is a plus.