Security Analyst

About LucidyaLucidya is an AI-native Customer Experience Intelligence platform empowering enterprises to understand, engage, and retain customers at scale. As we expand, security, compliance, and trust are at the core of our growth strategy.To support this expansion, we are strengthening our security organization and are looking for a Security Analyst to play a key role in bridging GRC, security engineering, and global compliance efforts.About the roleAs Lucidya grows internationally, maintaining strong security controls and achieving global compliance certifications is mission-critical. This role will directly contribute to implement and achieve security compliance frameworks, ensuring Lucidya meets the highest standards of data protection and information security.You’ll work at the intersection of GRC and Security Engineering, supporting compliance initiatives, strengthening internal controls, and enabling secure product development across cross-functional teams.What You’ll Be DoingWork closely with GRC and Security Engineering teams to support security, privacy, and compliance initiatives across Saudi Arabia, Qatar, international regions, and the U.S. marketAssist in the implementation and ongoing maintenance of ISO/IEC 27001, ISO/IEC 42001 (AI Management Systems), NCA and SOC 2 controlsSupport U.S. market migration efforts by helping align security and compliance practices with SOC 2, NIST frameworks, and U.S. data privacy requirementsContribute to regional data protection compliance activities, including KSA PDPL, Qatar PDPL, and U.S. states privacy laws, under guidance from senior team membersParticipate in the creation, update, and maintenance of security, privacy, and AI governance policies, procedures, and control documentationHelp with document control, evidence collection, and audit readiness for internal reviews, customer assessments, and external auditsWork cross-functionally with engineering, product, and operations teamsDay-to-Day ResponsibilitiesSupport daily security, privacy, and compliance activities across KSA, MEA and the U.S.Assist with maintaining and updating controls for ISO/IEC 27001, ISO/IEC 42001, NCA, DCC, NIST Help align systems and processes with U.S & Saudi market requirements, including SOC 2 evidence, NIST-aligned controls, and U.S & Saudi data privacy obligationsReview security controls for cloud infrastructure, SaaS environments, APIs, and integrationsMaintain policies, procedures, and control documentation, ensuring accuracy and version controlCollect, organize, and validate audit evidence for internal reviews, customer questionnaires, and external auditsTrack compliance tasks, findings, and remediation actions in coordination with GRC and Security Engineering teamsCollaborate with engineering, product, and operations teams to address security and compliance requirements in day-to-day workflowsSupport incident response documentation, risk assessments, and compliance reporting as neededSuccess MetricsISO & AI Governance ComplianceISO/IEC 27001 and ISO/IEC 42001 (AI Management System) controls assigned to the role remain implemented and evidenced, with zero high-risk audit findings related to security or AI governance.NIST Alignment & Risk ReductionSystems and processes mapped to NIST frameworks (e.g., NIST CSF / NIST AI RMF) show measurable risk reduction, with identified gaps documented and remediated within agreed timelines.Achieve ISO27001 or ISO 42001 lead implementorIndependent progression and ownership of assigned tasksFirst 90 DaysDevelop a comprehensive understanding of Lucidya’s security tools, processes, and system architecture.Actively contribute to the implementation of the ISO/IEC 42001 framework.Support ongoing compliance initiatives and audit activities.RequirementsWhat We’re Looking ForExperience & Background2 - 4 years of experience in a similar Security Analyst / GRC roleExperience working with US-based SaaS companiesStrong understanding of AI and US compliance frameworks:ISO/IEC 42001NISTUS data privacy regulationsExperience in B2B SaaS environmentsCompliance & Security KnowledgeISO/IEC ISO 27001, ISO/IEC 42001 implementation knowledge (Implementer certification preferred)SOC 2 understandingNCA understanding and practical experience.GDPR knowledge is a plusPenetration testing & vulnerability assessment knowledgeTechnical SkillsAPI security & integrationsBasic scripting (Python, Bash)Code review support for deployments (automated tools)Security reviews of CI/CD pipelinesRuby / Rails code review experience is highly advantageousCertificationsCISM (preferred)ISO/IEC 24001 Lead Implementer (mandatory)ISO/IEC 27001 Lead Implementer (mandatory)Soft SkillsExcellent professional documentation skillsStrong organizational and follow-up abilitiesExperience with document control and audit evidenceAbility to work effectively across distributed, cross-functional teamsNice-to-Have ExperiencePrior remote work with US-based teamsExperience supporting global compliance programsHands-on involvement in multiple certification cyclesIf you’re passionate about security, compliance, and global scale, and want to help shape the security foundation of a fast-growing AI company - we’d love to hear from you.Hiring Process:Screening Interview by Mawhub - “Esraa Adel - Senior Talent Acquisition Partner” First Technical interview - “Mostafa Asaad - Security Delivery Manager”Culture Fit Interview - Youssef Okal - “TA Lead @ Lucidya”BenefitsWhy Join Us?This role offers the opportunity to influence and enhance Lucidya’s governance, risk, and compliance practices at scale. You will contribute to strengthening security controls, driving compliance initiatives, mitigating organizational risk, and supporting a culture of security across the companyOriginally posted on Himalayas