Lucidya
Security Analyst (GRC & Compliance, SaaS/AI)
- Permanent
- Riyadh, Saudi Arabia
- Experience 2 - 5 yrs
- Urgent
Job expiry date: 17/03/2026
Job overview
Date posted
01/02/2026
Location
Riyadh, Saudi Arabia
Salary
SAR 20,000 - 30,000 per month
Compensation
Comprehensive package
Experience
2 - 5 yrs
Seniority
Experienced
Qualification
Bachelors degree
Expiration date
17/03/2026
Job description
The Security Analyst at Lucidya supports security, privacy, and compliance initiatives across Saudi Arabia, Qatar, international regions, and the U.S. market. The role bridges GRC, security engineering, and global compliance efforts, ensuring ISO/IEC 27001, ISO/IEC 42001, and SOC 2 controls are implemented and maintained. The analyst contributes to regional data protection compliance activities, supports penetration testing and vulnerability management, maintains security, privacy, and AI governance documentation, and prepares audit evidence for internal, customer, and external assessments. The position involves collaborating with engineering, product, and operations teams, aligning systems with U.S. market requirements, and tracking compliance tasks, findings, and remediation actions. Success metrics include ISO & AI Governance compliance, NIST alignment, risk reduction, and ownership of assigned security tasks.
Required skills
Key responsibilities
- Support daily security, privacy, and compliance activities across KSA, MEA, international regions, and U.S.
- Assist with implementation and ongoing maintenance of ISO/IEC 27001, ISO/IEC 42001, and SOC 2 controls
- Align systems and processes with U.S. market requirements, including SOC 2 evidence and NIST-aligned controls
- Review security controls for cloud infrastructure, SaaS environments, APIs, and integrations
- Support penetration testing, vulnerability management, and remediation tracking
- Maintain policies, procedures, and control documentation, ensuring accuracy and version control
- Collect, organize, and validate audit evidence for internal reviews, customer assessments, and external audits
- Track compliance tasks, findings, and remediation actions in coordination with GRC and Security Engineering teams
- Collaborate with engineering, product, and operations teams to address security and compliance requirements in workflows
- Support incident response documentation, risk assessments, and compliance reporting as needed
Experience & skills
- 2–4 years of experience in a Security Analyst or GRC role
- Experience working with US-based SaaS companies
- Strong understanding of AI and US compliance frameworks (ISO/IEC 42001, ISO/IEC 27001, NIST, US data privacy regulations)
- Experience in B2B SaaS environments
- ISO/IEC 27001 Lead Implementer certification (mandatory)
- CISM certification (mandatory)
- ISO/IEC 24001 Lead Implementer certification (preferred)
- Knowledge of SOC 2 (NCE), GDPR, penetration testing, and vulnerability assessments
- Technical skills in API security, scripting (Python, Bash), code review support, CI/CD security, and Ruby on Rails code review
- Excellent professional documentation skills
- Strong organizational and follow-up abilities
- Experience with document control and audit evidence management
- Ability to work effectively across distributed, cross-functional teams
- Nice-to-have: prior remote work with US-based teams, experience supporting global compliance programs, hands-on involvement in multiple certification cycles