Business Analyst - Cyber Security

Job Title : Business Analyst - Cybersecurity

Location : Riyadh, Saudi Arabia

Client Domain : Banking / Financial Services / Government Sector

Experience Required : 5 to 10 Years (KSA experience preferred)

Notice Period : Immediate Joiners Preferred

Work Timings, Days & Holiday Calendar : As per KSA regulations

Role Overview :

We are seeking an experienced Business Analyst - Cybersecurity to join our clients cybersecurity governance and compliance team in Riyadh, Saudi Arabia.

The selected candidate will act as a key liaison between business stakeholders, cybersecurity teams, and regulatory authorities, ensuring that cybersecurity initiatives are aligned with organizational goals and national cybersecurity frameworks.

The ideal professional will have hands-on experience in business and regulatory analysis, cybersecurity project documentation, and governance modernization aligned with SAMA Cybersecurity Framework (CSF) and NCA Essential Cybersecurity Controls (ECC).

Roles and Responsibilities :

- Elicit, analyze, and document business, functional, and technical requirements for cybersecurity projects.

- Translate regulatory requirements (SAMA CSF, NCA ECC) into actionable cybersecurity control implementation and monitoring processes.

- Conduct gap analysis between existing controls and regulatory or internal policy requirements.

- Design and document process flows for identity management, access governance, incident handling, and threat-response frameworks.

- Collaborate with IT, cybersecurity, and compliance teams to create technical use cases, data flow diagrams, and architecture references.

- Develop business cases, ROI analyses, and cost-benefit justifications for cybersecurity investments.

- Support RFP preparation, vendor evaluation, and technical solution assessments during security procurements.

- Prepare project documentation, governance reports, and dashboards for PMO, CISO Office, and regulatory audits.

- Coordinate with national regulators (SAMA, NCA) for compliance reviews, data protection assessments, and cybersecurity maturity evaluations.

- Ensure new initiatives align with Saudi Arabias national cybersecurity strategies and digital transformation mandates.

Technical & Professional Skills :

- 5 to 10 years of experience in business analysis, cybersecurity governance, or compliance projects within the banking or government sectors.

- Strong understanding of SAMA CSF, NCA ECC, ISO 27001, and IT governance frameworks.

- Hands-on experience with requirements modeling and documentation tools such as JIRA, Confluence, Visio, or ARIS.

- Proven expertise in coordinating between business, technical, and regulatory stakeholders.

- Excellent analytical, documentation, and presentation skills with strong attention to detail.

- Experience working within the Kingdom of Saudi Arabia (KSA) is highly preferred.

Preferred Certifications :

- CBAP (Certified Business Analysis Professional) or PMI-PBA (Professional in Business Analysis)

- CISM (Certified Information Security Manager) or CISSP (Certified Information Systems Security Professional)

- ISO 27001 Lead Auditor / Lead Implementer

- ITIL Foundation or COBIT 2019 Foundation

- SAMA / NCA Cybersecurity Framework Familiarization (desirable)

Personal Attributes :

- Self-driven, structured, and analytical with strong documentation discipline.

- Excellent communication, coordination, and stakeholder management abilities.

- Proactive and adaptive to fast-paced regulatory environments.

Immediate availability preferred.

Willingness to work onsite in Riyadh, Saudi Arabia.