About Lucidya

Lucidya is an AI-native Customer Experience Intelligence platform empowering enterprises to understand, engage, and retain customers at scale. As we expand, security, compliance, and trust are at the core of our growth strategy.

To support this expansion, we are strengthening our security organization and are looking for a Security Analyst to play a key role in bridging GRC, security engineering, and global compliance efforts.

About The Role

As Lucidya grows internationally, maintaining strong security controls and achieving global compliance certifications is mission-critical. This role will directly contribute to achieving multiple compliance certifications per quarter, ensuring Lucidya meets the highest standards of data protection and information security.

You'll work at the intersection of GRC and Security Engineering, supporting compliance initiatives, strengthening internal controls, and enabling secure product development across cross-functional teams.

What You'll Be Doing

Work closely with GRC and Security Engineering teams to support security, privacy, and compliance initiatives across Saudi Arabia, Qatar, international regions, and the U. S. market Assist in the implementation and ongoing maintenance of ISO/IEC 27001, ISO/IEC 42001 (AI Management Systems), and SOC 2 controls Support U. S. market migration efforts by helping align security and compliance practices with SOC 2, NIST frameworks, and U. S. data privacy requirements Contribute to regional data protection compliance activities, including KSA PDPL, Qatar PDPL, and U. S. state privacy laws, under guidance from senior team members Participate in the creation, update, and maintenance of security, privacy, and AI governance policies, procedures, and control documentation Support penetration testing, vulnerability management, and security assessments, and help track remediation actions Help with document control, evidence collection, and audit readiness for internal reviews, customer assessments, and external audits Work cross-functionally with engineering, product, and operations teams

Day-to-Day Responsibilities

Support daily security, privacy, and compliance activities across KSA, MEA, international regions, and the U. SAssist with maintaining and updating controls for ISO/IEC 27001, ISO/IEC 42001, and SOC 2Help align systems and processes with U. S. market requirements, including SOC 2 evidence, NIST-aligned controls, and U. S. data privacy obligations Review security controls for cloud infrastructure, Saa S environments, APIs, and integrations Support vulnerability management, penetration testing coordination, and remediation tracking Maintain policies, procedures, and control documentation, ensuring accuracy and version control Collect, organize, and validate audit evidence for internal reviews, customer questionnaires, and external audits Track compliance tasks, findings, and remediation actions in coordination with GRC and Security Engineering teams Collaborate with engineering, product, and operations teams to address security and compliance requirements in day-to-day workflows Support incident response documentation, risk assessments, and compliance reporting as needed

Success Metrics

ISO & AI Governance Compliance ISO/IEC 27001 and ISO/IEC 42001 (AI Management System) controls assigned to the role remain implemented and evidenced, with zero high-risk audit findings related to security or AI governance NIST Alignment & Risk Reduction Systems and processes mapped to NIST frameworks (e.g., NIST CSF / NIST AI RMF) show measurable risk reduction, with identified gaps documented and remediated within agreed timelines Achieve ISO27001 lead implementor (if not already have it) Independent progression and ownership of assigned tasks

First 90 Days

Develop a comprehensive understanding of Lucidya security tools, processes, and system architecture Actively contribute to the implementation of the ISO/IEC 42001 framework Support ongoing compliance initiatives and audit activities.s

Requirements

What We're Looking For

Experience & Background

2 - 4 years of experience in a similar Security Analyst / GRC role Experience working with US-based Saa S companies Strong understanding of AI and US compliance frameworks:ISO/IEC 42001ISO/IEC 27001NISTUS data privacy regulations Experience in B2B Saa S environments

Compliance & Security Knowledge

ISO/IEC ISO 27001, ISO/IEC 42001 implementation knowledge (Implementer certification preferred) SOC 2 (NCE) understanding GDPR knowledge is a plus Penetration testing & vulnerability assessment knowledge

Technical Skills

API security & integrations Basic scripting (Python, Bash) Code review support for deployments (automated tools) Security reviews of CI/CD pipelines Ruby / Rails code review experience is highly advantage

Certifications

CISM (Mandatory) ISO/IEC 27001 Lead Implementer (Mandatory) ISO/IEC 24001 Lead Implementer (preferred)

Soft Skills

Excellent professional documentation skills Strong organizational and follow-up abilities Experience with document control and audit evidence Ability to work effectively across distributed, cross-functional teams

Nice-to-Have Experience

Prior remote work with US-based teams Experience supporting global compliance programs Hands-on involvement in multiple certification cycles

If you're passionate about security, compliance, and global scale, and want to help shape the security foundation of a fast-growing AI company - we'd love to hear from you