About us
With three decades of creating iconic brands and producing groundbreaking award-winning content, MBC GROUP is the leading media organization in the MENA region and the number one Arabic media company in the world. MBC GROUP employs 3000+ staff from over 70 nationalities with a global audience of over 150 million viewers. It reaches audiences through multi-platform experiences – premium broadcasting, digital streaming, gaming, radio, apps, events, and more.
We are seeking a dedicated and detail-oriented Security GRC (Governance, Risk, and Compliance) Analyst to join our dynamic team. In this crucial role, you will help establish a new Cyber GRC function, ensuring our organization not only meets regulatory requirements but also effectively manages risks and implements robust governance frameworks. Your deep understanding of risk management, compliance processes, and governance principles will be vital in shaping the future success of our technology services and customer products.
Key Responsibilities:
Security Risk Management:
- Adhering to regional policy and industry standards facilitate the end-to-end security risk management process, ensuring that risks are proactively identified, assessed, recorded, and mitigated.
- Maintain a risk register and evaluate security risks based on their potential enterprise-wide & product impact, likelihood, and mitigation strategies.
- Serve as a trusted security advisor, collaborating with cross-functional teams including IT, Internal Audit, Development/Engineering, and other business operations teams to foster a culture of risk awareness.
- Ensure that all security risks align with regulatory requirements such as ISO 27001, NIST, GDPR, and other international security frameworks.
- Provide oversight and work closely with risk owners to manage the development and implementation of treatment plans that address identified risks
GRC Tool Management:
- Take ownership of, manage, and continuously enhance the GRC platform to deliver structured and scalable GRC reporting.
- Develop new features with a GRC product mindset, focusing on integrations and custom reporting in the management tool.
- Capable of planning and prioritizing tasks to develop a timely and coordinated delivery plan for projects.
- Setup and manage automated workflows that integrate compliance checks on security controls across cloud and on-premise environments
- Experienced in writing compliance as code with third-party tools
- Ability to utilize AI services for analyzing, organizing, automating, and managing compliance frameworks and complex regulatory requirements.
Audit & Compliance Requirements:
- Carry out a continuous assessment to ensure compliance with the necessary certifications and standards for the organization.
- Collaborate closely with the Cyber teams to ensure compliance with audit requirements and successful delivery for ISO 27001.
- Assist in addressing internal and external audit findings from reporting through to remediation and closure.
Governance:
- Assist in documenting, managing and maintaining a central repository of cyber & data policies to guide and inform teams within the organization.
- Help prepare management meeting reports by tracking updates on risk triage activities, changes to the critical risk register, and general strategies for risk mitigation.
- Assist in preparing management meeting reports by providing comprehensive tracking and updates on certification compliance milestones.
Security Team & Data Governance Collaboration:
- Establish a close collaborative working relationship with the Cyber Defense team.
- Utilize the cyber defense team's technical expertise to reduce risk and enhance compliance with security best practice.
- Establish a close collaborative working relationship with the Data Governance team.
- Utilize the Data Governance team's technical expertise to reduce risk and enhance compliance with data regulations.
Technical Expertise
Cloud Platforms:
- Experience with AWS, GCP, and Azure, including cloud security, architecture, and management.
Security Tools:
- Awareness of security tools and technologies such as SIEM (e.g., Splunk, ELK Stack), vulnerability management (e.g., Wiz, Tenable, Rapid7), WAF, DDoS protection (e.g., AWS Shield, Cloudflare), and endpoint security.
GRC Management:
- Proficient in using centralized GRC management tooling.
Analytics and Reporting:
- Experience in analyzing technical debt and historical incidents and generating risk insights.
- Ability to identify system performance patterns using observability tools.
Compliance and Governance:
- Familiarity with compliance standards and frameworks such as ISO 27001, NIST, GDPR, and CCPA.
Qualifications
Education:
- Bachelor’s degree in Information Security, Computer Science, or a related field.
Experience:
- Minimum of 3 years of experience in GRC, risk management, compliance, or a related role.
- Experience in the digital entertainment or VOD industry is a plus.
- Experience with Saudi Government's National Cybersecurity Authority (NCA) is a plus.
Skills:
- Strong understanding of regulatory requirements and industry standards.
- Excellent analytical and problem-solving skills.
- Effective communication and interpersonal skills.
- Ability to work independently and as part of a team.
- Professional certifications such as CRISC, CISA, or CISSP are a plus.
- Ability to work in a fast paced, dynamic environment.
REF: PL
