GRC and Security Analyst
Aktuelle Original-Stellenanzeige
Quelle: StudySmarter Stellenbestand · Status: aktiv · Bewerbung über das zentrale StudySmarter-Formular.
Die ganze Ausschreibung von Jobtailor
Automatisch strukturiert · Originaltext unformatiert geliefert
Das ist der Job
Day‑to‑Day Responsibilities Support daily security, privacy, and compliance activities across KSA, MEA and the U.S.
Darum lohnt es sich
About the Role As Lucidya grows internationally, maintaining strong security controls and achieving global compliance certifications is mission‑critical.
You’ll work at the intersection of GRC and Security Engineering, supporting compliance initiatives, strengthening internal controls, and enabling secure product development across cross‑functional teams.
What You’ll Be Doing Work closely with GRC and Security Engineering teams to support security, privacy, and compliance initiatives across Saudi Arabia, Qatar, international regions, and the U.S. market.
Contribute to regional data protection compliance activities, including KSA PDPL, Qatar PDPL, and U.S. states privacy laws, under guidance from senior team members. Work cross‑functionally with engineering, product, and operations teams.
Track compliance tasks, findings, and remediation actions in coordination with GRC and Security Engineering teams. Collaborate with engineering, product, and operations teams to address security and compliance requirements in day‑to‑day workflows. Ability to work effectively across distributed, cross‑functional teams.
Nice‑to‑Have Experience Prior remote work with U.S.-based teams. This role will directly contribute to implementing and achieving security compliance frameworks, ensuring Lucidya meets the highest standards of data protection and information security.
Assist in the implementation and ongoing maintenance of ISO/IEC 27001, ISO/IEC 42001 (AI Management Systems), NCA and SOC 2 controls. Support U.S. market migration efforts by helping align security and compliance practices with SOC 2, NIST frameworks, and U.S. data privacy requirements.
Participate in the creation, update, and maintenance of security, privacy, and AI governance policies, procedures, and control documentation. Help with document control, evidence collection, and audit readiness for internal reviews, customer assessments, and external audits.
Assist with maintaining and updating controls for ISO/IEC 27001, ISO/IEC 42001, NCA, DCC, NIST. Help align systems and processes with U.S & Saudi market requirements, including SOC 2 evidence, NIST‑aligned controls, and U.S & Saudi data privacy obligations.
Review security controls for cloud infrastructure, SaaS environments, APIs, and integrations. Maintain policies, procedures, and control documentation, ensuring accuracy and version control. Collect, organize, and validate audit evidence for internal reviews, customer questionnaires, and external audits.
Support incident response documentation, risk assessments, and compliance reporting as needed. Success Metrics ISO & AI Governance Compliance: ISO/IEC 27001 and ISO/IEC 42001 controls remain implemented and evidenced, with zero high‑risk audit findings related to security or AI governance.
NIST Alignment & Risk Reduction: Systems and processes mapped to NIST frameworks (e.g., NIST CSF / NIST AI RMF) show measurable risk reduction, with identified gaps documented and remediated within agreed timelines. Achieve ISO27001 or ISO 42001 lead implementor status. Independent progression and ownership of assigned tasks.
First 90 Days Develop a comprehensive understanding of Lucidya’s security tools, processes, and system architecture. Actively contribute to the implementation of the ISO/IEC 42001 framework. Support ongoing compliance initiatives and audit activities.
Requirements What We’re Looking For: Experience & Background 2 - 4 years of experience in a similar Security Analyst / GRC role. Experience working with U.S.-based SaaS companies. Strong understanding of AI and U.S. compliance frameworks: ISO/IEC 42001, NIST, U.S. data privacy regulations. Experience in B2B SaaS environments.
Compliance & Security Knowledge ISO/IEC 27001, ISO/IEC 42001 implementation knowledge (implementer certification preferred). SOC 2 understanding. NCA understanding and practical experience. GDPR knowledge is a plus. Penetration testing & vulnerability assessment knowledge. Technical Skills API security & integrations.
Basic scripting (Python, Bash). Code review support for deployments (automated tools). Security reviews of CI/CD pipelines. Ruby / Rails code review experience is highly advantageous. Certifications CISM (preferred). ISO/IEC 24001 Lead Implementer (mandatory). ISO/IEC 27001 Lead Implementer (mandatory).
Soft Skills Excellent professional documentation skills. Strong organizational and follow‑up abilities. Experience with document control and audit evidence. Experience supporting global compliance programs. Hands‑on involvement in multiple certification cycles. #J-18808-Ljbffr
Bereit?
Bewerbung wird direkt an Jobtailor uebergeben - kein Konto noetig.