Senior Security Compliance Analyst

Energy Exemplar is looking for a Senior Security Compliance Analyst who will perform duties related to compliance certifications, continuous monitoring of the controls and operational security administration, analysis of security related incidents, vulnerabilities and events that may affect Energy Exemplar and its clients.

• Provide technical expertise and support to IT management and staff in the implementation of security/protection technologies and network systems/applications.
• Support Internal/External ISO 27001/9001, SOC 2, SOC 1 and any new regional assessments requirements (e.g. IRAP) to support business growth.
• Assist with penetration testing and vulnerability management efforts.
• Collaborate closely with Clous Ops, IT and Other function as a first line security point of contact within the GRC team.
• Develop and maintain security operations processes & documentation (e.g., runbooks, operating procedures, Cyber Incidence response)
• Assist in Risk Management, Vendor Management, and governance of Information Security policies across the company.
• Continuously improve our security practices and processes and keep company and customer data safe across our services and infrastructure.
• Provide compliance guidance to cloud security offering business units and product teams
• Design and build metrics and dashboards to track security incidents, vulnerabilities, risks, and awareness
• Driving vulnerability remediations within prescribed timeframes
• Track and Monitor ISO and SOC 2, SOC 1 and overall common control framework, gather and review evidences.
• Perform continuous monitoring of the controls including but not limited to:
• Provide support for implementation and maintenance of SIEM, DLP, endpoint protection, and other security tool alerts.
• Participate in customer audits and respond to infosec questionnaires as part of the RFP process.
• Compliance review of Significant change requests
• System Security Status reporting
• Vulnerability and hardening compliance scan monitoring, reporting and reviews
• Interact with various security products and platforms, including: O365, MimeCast, WorkspaceOne, Fortinet, Cloud Hosting Providers (Azure, AWS) and others.
• Participate in incident management activities which include associated investigations, ticket response, communications including periodic tabletop exercises..
• Monthly Continuous-Monitoring Metrics reporting
• Inventory management and reporting
• Coordinate, track and Manage CEII compliance.
• Provide hands on based input of vendor proposals and emerging security technologies and systems.
• Maintain event collection environment through health monitoring and logs from Fire Walls, VPN, Email protection, Network Analytics, access control cards system and CCTV.

• Network and cloud-based penetration testing experience required
• Working knowledge DevOps concepts (e.g., Infrastructure as Code, Deployment Pipelines)
• Project Management knowledge and experience are a strong plus.
• Must be willing to work in different time zones.
• Must have experience in Firewalls, Cloud platforms and content filtering solutions.
• Minimum 6 years of related experience in Compliance and information security.
• Knowledge of current security standards, including ISO 27001, ISO 9001, SOC2, SOC 1, FERC, CEII, GDPR
• Crisis management (Incident Management) identification and reporting.
• Good communication, presentation, documentation skills.
• 2 + years of professional experience focused on ITIL standards and practices.
• Work effectively as part of a geographically distributed team
• Must have experience in the creating and maintaining security policy documents.
• 2-4 years’ experience with Firewall, Network, Anti-Virus, DLP, Azure, AWS, and Desktop security administration
• Must have a general hands-on IT background with the capability and enthusiasm of delving into new technologies.
• Well versed in technologies like Windows, Antivirus, Data loss prevention (DLP).
• Incident response experience and prepare relevant security metrics dashboards
• Familiarity with IDS/IPS systems and endpoint Antivirus and EDR products
• Ability to understand enterprise business computing operations/requirements, and cloud-based cybersecurity services.
• Good to have experience with regular vulnerability and web application scanning methodologies.
• Proficiency with security tools and platforms (e.g., SIEMs, vulnerability scanners, and malware analyzers)

We’re a global team that values ownership, integrity, and innovation. You’ll be supported to balance work and life in a way that works for you, and empowered to take initiative, solve problems, and make an impact, regardless of your background, location, or role.