Cybersecurity Compliance Analyst
The Cybersecurity Compliance Analyst will work on Gap Analysis, evaluating and aligning the organization’s information security practices with the Saudi Central Bank (SAMA) Cyber Security Framework. This role involves assessing current security controls, identifying gaps, recommending risk mitigation strategies, and ensuring ongoing compliance with SAMA’s regulatory requirements. Candidates with knowledge of the National Cybersecurity Authority (NCA) regulations in Saudi Arabia will be at an advantage.
Key Responsibilities
- Conduct Comprehensive Gap Assessments
- Develop Risk Mitigation Strategies
- Maintain Regulatory Compliance
- Reporting & Stakeholder Communication
- Audit Readiness & Support
- Continuous Improvement
Perform detailed reviews of existing security policies, procedures, and technical controls.
Map current practices to the SAMA Cyber Security Framework and NCA regulations, documenting any non-conformities or control gaps.
Collaborate with cross-functional teams (IT, Legal, Compliance, Operations) to prioritize discovered gaps.
Propose remediation plans with clear timelines and action items to address deficiencies.
Stay up to date on changes and updates in the SAMA Cyber Security Framework and NCA regulations.
Review and update internal policies and standards to ensure continuous alignment with regulatory requirements.
Prepare compliance reports and presentations for executive leadership and relevant committees.
Communicate findings and recommendations clearly to both technical and non-technical stakeholders.
Coordinate with internal and external audit teams to validate remedial actions and ensure readiness for formal SAMA reviews.
Provide evidence of compliance, track audit findings, and follow up on corrective actions.
Evaluate and improve gap analysis methodologies and tools.
Advocate best practices for documentation, risk assessment, and compliance testing across the organization.
Requirements
Education
Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent practical knowledge).
Technical Skillset
Hands-on experience in IT Security, Compliance, or Risk Management preferably in the financial sector.
3 years of relevant experience GRC or CS Compliance is preferred, candidates with a strong understanding of cybersecurity gap analysis and compliance will also be considered.
MUST HAVE Practical Experience on SAMA Cyber Security Framework and its alignment with standards like ISO 27001 or NIST.
Experience in Data Privacy and Protection, with a focus on Saudi PDPL and GDPR compliance.
Awareness of NCA regulations and their implications for cybersecurity in the Saudi government sector.
Familiarity with cybersecurity governance, risk, and compliance (GRC) tools or similar frameworks.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
