Analyst, Information Security

Tabby

Tabby

IT

Posted on Jun 8, 2026
Apply now
The Information Security Analyst supports the Governance, Risk, and Compliance (GRC) function by assisting in the documentation, monitoring, and coordination of information security activities across the organization. The role contributes to maintaining a robust information security governance framework, supporting risk assessment processes, and helping ensure alignment with applicable regulatory requirements and industry standards (including SAMA, PDPL, ISO 27001, and PCI-DSS). Working under the guidance of senior GRC professionals, the role serves as a key operational contributor to the organization's overall information security program, awareness initiatives, and compliance monitoring efforts.

Department
InfoSec GRC
Employment Type
Full Time
Location
KSA
Workplace type
Onsite

Key Responsibilities

  1. Information Security Governance Tasks
    1. Assist in maintaining documentation related to the information security governance framework.
    2. Support efforts to ensure information security initiatives remain aligned with business objectives and regulatory requirements.
    3. Help in gathering and updating information related to legal and regulatory requirements affecting information security (e.g., GDPR, SAMA, ISO27001, PCI-DSS).
    4. Participate in identifying organisational drivers (technology, risk tolerance, business changes) and documenting their impact on information security.
    5. Assist in maintaining role and responsibility matrices for information security across the organisation.
    6. Support the preparation of internal and external communication materials related to information security governance.

  1. Information Risk Management Tasks
    1. Support the identification and documentation of information assets and their owners as part of asset classification activities.
    2. Assist in execution and documentation of basic information security risk assessments.
    3. Participate in business impact assessment (BIA) data collection activities.
    4. Support ongoing threat and vulnerability assessment activities by gathering data and preparing reports.
    5. Help in documenting existing controls and supporting the evaluation of their effectiveness.
    6. Assist in integrating risk and vulnerability data into lifecycle processes (e.g., procurement checks, project reviews).
    7. Assist in preparing risk reports and highlighting significant changes for review by senior staff.
  2. Information Security Program Development Tasks
    1. Assist in maintaining documentation supporting the information security program and strategy.
    2. Support tracking of cybersecurity activities, including SOC alerts and compliance monitoring.
    3. Help monitor adherence to cybersecurity policies, standards, and procedures.
    4. Assist in the investigation process for cybersecurity incidents by collecting logs or reports from relevant teams.
    5. Support threat intelligence gathering from internal and publicly available sources.
    6. Help coordinate cybersecurity reviews, audits, and assessments.
    7. Assist in maintaining information security awareness materials, training schedules, and communication plans.
    8. Support documentation and updates of standards, procedures, guidelines, and baselines.
    9. Assist in integrating information security requirements into procurement or project documentation.
    10. Help track program metrics (KPIs/KRIs) and prepare dashboards or reports.

  1. Generic:
    1. Support the maintenance of information security policies, standards, processes, and architecture documentation.
    2. Assist in information security initiatives across business and technology teams.
    3. Support establishing and monitoring compliance with information security policies, standards, and relevant regulations.
    4. Assist in performing information security reviews and preparing related reports.
    5. Support classification of information and systems and document security requirements for key projects.
    6. Assist in delivering information security awareness activities and materials.
    7. Help measure and track security-related KPIs and KRIs.
    8. Provide general administrative and analytical support to the GRC and Information Security teams.

Skills, Knowledge and Expertise

  • Bachelor's degree in Information Technology, Computer Science, Software Engineering, Cybersecurity, or a related field. Recent graduates and fresh university leavers are encouraged to apply
  • No minimum professional experience required but 0-2 years in the Information Security domain specifically is a plus.
  • Basic understanding of information security concepts, standards, and frameworks (e.g., ISO27001, NIST, SAMA CSF).
  • Basic awareness of data protection regulations (PDPL) is a plus.
  • Coursework, academic projects, or internships related to cybersecurity, risk management, or compliance are preferred.

About Tabby

Tabby creates financial freedom in the way people shop, earn and save, by reshaping their relationship with money.

The company’s flagship offering allows shoppers to split their payments online and in-store with no interest or fees. Over 32,000 global brands and small businesses, including Amazon, Noon, IKEA and Shein use Tabby to accelerate growth and gain loyal customers by offering easy and flexible payments online and in stores.

Tabby has generated over $7 billion in transaction volume for its partner brands and has the highest rated, most reviewed, largest and fastest growing app of any fintech in the GCC region.

Tabby launched operations in 2020 and has raised +$1 billion in equity and debt funding from global and regional investors.

Our Hiring Process

Stage 1:

Applied

Stage 2:

Review

Stage 3:

HR call @Tabby

Stage 4:

Technical interview @Tabby

Not quite right? Register your interest to be notified of any roles that come along that meet your criteria.

Register Your Interest
Apply now
See more open positions at Tabby