Date: Feb 12, 2026
Location: The Hague, NL, 2595 AK
Company: Aramco Europe
Aramco is one of the world's largest integrated energy and chemicals companies.
Aramco Europe is headquartered in The Hague with offices across the continent. For over 60 years we have supported Aramco with a wide range of activities from facilitating safe and reliable delivery of energy to customers around the globe to pushing for breakthroughs in research and innovation.
Our services include in-depth technology advice and support in established and emerging sectors of oil, gas and energy, as well as finance, HR, legal, PR and communications.
We work with the very best industry suppliers to drive our operations to secure our position as a world leader in energy and chemicals.
General Profile
IT GRC Cybersecurity Analyst:
- Bachelor degree or equivalent in Technology, Computer Science or related fields
- Must be able to communicate and comprehend accurately, clearly and concisely in English at a level required to perform the key responsibilities as outlined.
- Minimum of 5 years work experience in IT GRC, IT Risk Assessment, IT Security or comparable field, preferably in a multinational environment.
- Preferably with relevant certifications such as CISA, CISSP, CRISC, or CISM.
- Strong analytical, communication, and project management skills.
Functional Specific Responsibilities
IT Governance
- Develop and implement internal IT policies, standards, and procedures aligned with governance frameworks.
- Ensure IT strategies are fully aligned with organisational business objectives.
- Monitor adherence to internal policies and external regulatory requirements.
Risk Management
- Identify, assess, and mitigate IT and cybersecurity risks across the organisation.
- Lead regular cybersecurity risk assessments and document findings.
- Develop, update, and maintain comprehensive risk management strategies and plans.
Compliance
- Ensure compliance with internal standards and key industry frameworks (e.g., ISO 27001, GDPR, NIST).
- Conduct periodic compliance assessments and prepare detailed reporting for stakeholders.
Security Awareness
- Design and deliver cybersecurity training and awareness programmes.
- Track, measure, and report on the effectiveness of awareness initiatives.
- Plan and execute security simulation campaigns (e.g., phishing, whaling) and analyse results to drive continuous improvement.
Third‑Party Risk Management
- Assess and monitor the security posture of third‑party vendors handling critical data or accessing company systems.
- Perform ongoing risk reviews, evaluate performance, and validate updated security documentation.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability.
Requisition ID: 980