GRC Analyst
‍Job Description

Why SHELT:

‍

SHELT offers cloud-based security services to trusted global clients through a cybersecurity-as-a-service partnership model that is designed to sustainably and effectively shelter your company from data theft and cyberthreats. SHELT also offers network consultancy, design, implementation, and maintenance services.

‍

SHELT is where each person is unique, but we bring our talents to work as a team and make a difference, powering an inclusive future for all. We encourage the inclusivity of opinion and diversity of ideas. We want to have a positive impact on our customers, our employees, and society.

‍

‍

I-  Job Summary:

A Cybersecurity GRC Analyst oversees verifying that an organization's/Customers cybersecurity policies, procedures, and controls adhere to regulatory requirements and industry standards. This function includes analyzing risks, implementing compliance procedures, and maintaining governance structures to safeguard the organization's information assets. TheGRC Analyst is responsible for risk management and maintaining compliance withl egal and regulatory requirements.

II- Duties &Responsibilities:

‍

1.    Governance:

· Create, implement, and manage cybersecurity policies, standards, and procedures.

· Ensure that security practices are aligned with organizational/customer goals and regulatory needs.

· Conduct regular evaluations and updates on security policies and procedures.

‍

2.    Risk Management:

· Identify and evaluate cybersecurity risks to the organizations/customers.

· Create and implement risk management techniques and controls.

‍

3.    Compliance:

· Ensure compliance with applicable regulations, standards, and frameworks (e.g., GDPR, NDPR, NCA,SAMA, ISO 27001, NIST).

· Prepare and support internal and external audits and assessments.

· Track and report on compliance status and findings.

‍

4.    Incident Management:

· Create and maintain incident response plans and procedures.

· Coordinate incidentresponse operations to ensure a prompt and effective resolution.

· Conduct post-incident reviews to identify underlying causes and enhance response techniques.

‍

5.    Training and awareness:

· Create and conduct cybersecurity training and awareness initiatives for employees.

· Encourage a culture of security knowledge and compliance throughout the organization.

‍

6.    Reporting and Documentation:

· Maintain accurate and complete documentation for risk assessments, compliance activities, and incident reports.

· Create regular reports on the state of cybersecurity governance, risk management, and compliance initiatives.

· Share results and recommendations with senior management and customers.

III-  PositionExpectation:

‍

1.    Expertise and knowledge:

· Show a thorough understanding of cybersecurity governance, risk management, and compliance principles.

· Keep updated with the newest regulatory regulations, industry standards, and best practices.

‍

2.    Collaboration:

· Collaborate with IT, legal, and business groups to ensure a consistent strategy to cybersecurity GRC.

· Develop excellent relationships with internal and external customers to aid compliance initiatives.

‍

3.    Communication:

· Maintain excellent communication with management and customers on the GRC status and challenges.

· Create clear and straightforward documentation and reports.

‍

4.    Proactive Engagement:

· Demonstrate a proactive approach to detecting and addressing security flaws.

· Engage in continuous improvement initiatives to strengthen the organization's/customers GRCcapabilities.

IV-  Skills and Qualifications:

‍

1. Education:

· A bachelor's degree in computer science, information security, or a field that is related.

· Cybersecurity certifications, Certified in Risk and Information Systems Control (CRISC), CertifiedInformation Systems Auditor (CISA) are plus.

‍

2. Experience:

· 2-5 years of experience in cybersecurity, IT security, or related roles.

· Proven experience with regulatory compliance frameworks and standards.

‍

3. Languages:

·  Proficiency in English, both written and verbal, is required.

· Additional language skills are a plus, depending on the organization's global presence.

‍

4. Technology:

· Understanding of GRC tools and technologies for managing risk, compliance, and governance operations.

· Experience with security technologies such as SIEM, DLP, and vulnerability management tools.

· Basic knowledge of network and system administration.

‍

5. Competencies:

· Strong analytical and critical thinking skills.

· Capable of assessing risks, identifying vulnerabilities, and devising effective risk management solutions.

· Understanding of cybersecurity basics, tools, and methodologies.

· Ability to comprehend and apply regulatory requirements and industry standards.

· Effective problem-solving abilities for addressing compliance concerns and managing risks.

· Capability to think creatively and design unique GRC solutions.

· Clear and straightforward communication, both written and verbal.

· Capability to communicate complicated technical concepts and regulatory requirements to a differed audience.

· Collaborative approach andreadiness to help team members.

· Capability to manage andorganize cross-functional teams on GRC projects.

· Strong ethical andintegrity standards when dealing with sensitive security information.

· Commitment to protectingconfidentiality and following corporate policies.

‍