GRC and Security Analyst

This is a fully remote position, open to applicants in Saudi Arabia.

📋 Description

• About Lucidya: Lucidya is an AI-native Customer Experience Intelligence platform that empowers enterprises to comprehend, engage, and retain customers on a large scale. As we grow, our core strategy focuses on security, compliance, and trust.

• To facilitate this growth, we are enhancing our security organization and seeking a Security Analyst who will play a vital role in integrating GRC, security engineering, and global compliance efforts.

• About the role: As Lucidya expands internationally, it is crucial to maintain robust security controls and achieve global compliance certifications. This position will directly aid in implementing and attaining security compliance frameworks, ensuring that Lucidya upholds the highest standards of data protection and information security.

• You will operate at the crossroads of GRC and Security Engineering, supporting compliance initiatives, reinforcing internal controls, and enabling secure product development across cross-functional teams.

• What You’ll Be Doing:

• - Collaborate closely with GRC and Security Engineering teams to support security, privacy, and compliance initiatives across Saudi Arabia, Qatar, international regions, and the U.S. market.

• - Assist in implementing and continuously maintaining ISO/IEC 27001, ISO/IEC 42001 (AI Management Systems), NCA, and SOC 2 controls.

• - Aid in U.S. market migration efforts by aligning security and compliance practices with SOC 2, NIST frameworks, and U.S. data privacy requirements.

• - Contribute to regional data protection compliance activities, including KSA PDPL, Qatar PDPL, and U.S. states privacy laws, under the guidance of senior team members.

• - Engage in the creation, updating, and maintenance of security, privacy, and AI governance policies, procedures, and control documentation.

• - Assist with document control, evidence collection, and audit readiness for internal reviews, customer assessments, and external audits.

• - Collaborate cross-functionally with engineering, product, and operations teams.

• Day-to-Day Responsibilities:

• - Support daily security, privacy, and compliance activities across KSA, MEA, and the U.S.

• - Help maintain and update controls for ISO/IEC 27001, ISO/IEC 42001, NCA, DCC, and NIST.

• - Assist in aligning systems and processes with U.S. & Saudi market requirements, including SOC 2 evidence, NIST-aligned controls, and U.S. & Saudi data privacy obligations.

• - Review security controls for cloud infrastructure, SaaS environments, APIs, and integrations.

• - Maintain policies, procedures, and control documentation, ensuring accuracy and version control.

• - Collect, organize, and validate audit evidence for internal reviews, customer questionnaires, and external audits.

• - Track compliance tasks, findings, and remediation actions in coordination with GRC and Security Engineering teams.

• - Collaborate with engineering, product, and operations teams to address security and compliance requirements in daily workflows.

• - Support incident response documentation, risk assessments, and compliance reporting as necessary.

• Success Metrics:

• - ISO & AI Governance Compliance: ISO/IEC 27001 and ISO/IEC 42001 (AI Management System) controls assigned to the role should remain implemented and evidenced, with zero high-risk audit findings related to security or AI governance.

• - NIST Alignment & Risk Reduction: Systems and processes mapped to NIST frameworks (e.g., NIST CSF / NIST AI RMF) should show measurable risk reduction, with identified gaps documented and remediated within agreed timelines.

• - Achieve ISO27001 or ISO 42001 lead implementor status.

• - Independent progression and ownership of assigned tasks.

• First 90 Days:

• - Develop a thorough understanding of Lucidya’s security tools, processes, and system architecture.

• - Actively contribute to the implementation of the ISO/IEC 42001 framework.

• - Support ongoing compliance initiatives and audit activities.

⛳️ Requirements

• What We’re Looking For: Experience & Background

• - 2 - 4 years of experience in a similar Security Analyst / GRC role.

• - Experience working with U.S.-based SaaS companies.

• - Strong knowledge of AI and U.S. compliance frameworks:

• - ISO/IEC 42001.

• - NIST.

• - U.S. data privacy regulations.

• - Experience in B2B SaaS environments.

• Compliance & Security Knowledge:

• - ISO/IEC 27001, ISO/IEC 42001 implementation knowledge (Implementer certification preferred).

• - Understanding of SOC 2.

• - Familiarity with NCA and practical experience.

• - GDPR knowledge is a plus.

• - Knowledge of penetration testing & vulnerability assessment.

• Technical Skills:

• - API security & integrations.

• - Basic scripting (Python, Bash).

• - Code review support for deployments (automated tools).

• - Security reviews of CI/CD pipelines.

• - Ruby / Rails code review experience is highly advantageous.

• Certifications:

• - CISM (preferred).

• - ISO/IEC 24001 Lead Implementer (mandatory).

• - ISO/IEC 27001 Lead Implementer (mandatory).

• Soft Skills:

• - Excellent professional documentation abilities.

• - Strong organizational and follow-up skills.

• - Experience with document control and audit evidence.

• - Capability to work effectively across distributed, cross-functional teams.

• Nice-to-Have Experience:

• - Previous remote work with U.S.-based teams.

• - Experience supporting global compliance programs.

• - Hands-on involvement in multiple certification cycles.

🏝️ Benefits

• **Why Join Us?** This position provides the chance to influence and enhance Lucidya’s governance, risk, and compliance practices on a large scale. You will play a key role in strengthening security controls, driving compliance initiatives, mitigating organizational risk, and fostering a culture of security throughout the company.