Security Analyst

Overview

About the role

What You ll Be Doing

• Work closely with GRC and Security Engineering teams to support security, privacy, and compliance initiatives across Saudi Arabia, Qatar, international regions, and the U.S. market
• Assist in the implementation and ongoing maintenance of ISO/IEC 27001, ISO/IEC 42001 (AI Management Systems), and SOC 2 controls
• Support U.S. market migration efforts by helping align security and compliance practices with SOC 2, NIST frameworks, and U.S. data privacy requirements
• Contribute to regional data protection compliance activities, including KSA PDPL, Qatar PDPL, and U.S. state privacy laws, under guidance from senior team members
• Participate in the creation, update, and maintenance of security, privacy, and AI governance policies, procedures, and control documentation
• Support penetration testing, vulnerability management, and security assessments, and help track remediation actions
• Help with document control, evidence collection, and audit readiness for internal reviews, customer assessments, and external audits
• Work cross-functionally with engineering, product, and operations teams

Day-to-Day Responsibilities

• Support daily security, privacy, and compliance activities across KSA, Qatar, international regions, and the U.S.
• Assist with maintaining and updating controls for ISO/IEC 27001, ISO/IEC 42001, and SOC 2
• Help align systems and processes with U.S. market requirements, including SOC 2 evidence, NIST-aligned controls, and U.S. data privacy obligations
• Review security controls for cloud infrastructure, SaaS environments, APIs, and integrations
• Support vulnerability management, penetration testing coordination, and remediation tracking
• Maintain policies, procedures, and control documentation, ensuring accuracy and version control
• Collect, organize, and validate audit evidence for internal reviews, customer questionnaires, and external audits
• Track compliance tasks, findings, and remediation actions in coordination with GRC and Security Engineering teams
• Collaborate with engineering, product, and operations teams to address security and compliance requirements in day-to-day workflows
• Support incident response documentation, risk assessments, and compliance reporting as needed

• ISO & AI Governance Compliance

• ISO/IEC 27001 and ISO/IEC 42001 (AI Management System) controls assigned to the role remain implemented and evidenced, with zero high-risk audit findings related to security or AI governance.

• NIST Alignment & Risk Reduction

• Systems and processes mapped to NIST frameworks (e.g., NIST CSF / NIST AI RMF) show measurable risk reduction, with identified gaps documented and remediated within agreed timelines.
• Achieve ISO27001 lead implementor
• Independent progression and ownership of assigned tasks

First 90 Days

• Gain a strong understanding of Lucidya s security tools, processes, and architecture
• Actively contribute to ISO 27001 policy and procedure creation
• Support ongoing compliance initiatives and audits