Senior Security Compliance Expert

Job Description

We are seeking a seasoned Security Compliance Specialist to join our team. The ideal candidate will have a proven track record of ensuring the highest levels of security and compliance in cloud-based systems.

About the Position

This role is responsible for providing expert guidance on cloud security best practices, supporting internal and external audits, and collaborating closely with cross-functional teams to ensure seamless security operations.

Key Responsibilities

• ">
• Provide compliance guidance to cloud security offering business units and product teams">
• Support internal/external ISO 27001/9001, SOC 2, SOC 1 and any new regional assessments requirements (e.g. IRAP) to support business growth">
• Develop and maintain security operations processes & documentation (e.g., runbooks, operating procedures, Cyber Incidence response)">
• Maintain event collection environment through health monitoring and logs from Fire Walls, VPN, Email protection, Network Analytics, access control cards system and CCTV">
• Interact with various security products and platforms, including: O365, MimeCast, WorkspaceOne, Fortinet, Cloud Hosting Providers (Azure, AWS) and others">
• Provide support for implementation and maintenance of SIEM, DLP, endpoint protection, and other security tool alerts">
• Coordinate, track and Manage CEII compliance">
• Provide technical expertise and support to IT management and staff in the implementation of security/protection technologies and network systems/applications">
• Assist with penetration testing and vulnerability management efforts">
• Participate in customer audits and respond to infosec questionnaires as part of the RFP process">
• Participate in incident management activities which include associated investigations, ticket response, communications including periodic tabletop exercises">
• Assist in Risk Management, Vendor Management, and governance of Information Security policies across the company">
• Continuously improve our security practices and processes and keep company and customer data safe across our services and infrastructure">
• Design and build metrics and dashboards to track security incidents, vulnerabilities, risks, and awareness">
• Perform continuous monitoring of the controls including but not limited to:">
• Track and Monitor ISO and SOC 2, SOC 1 and overall common control framework, gather and review evidences">
• Vulnerability and hardening compliance scan monitoring, reporting and reviews">
• Driving vulnerability remediations within prescribed timeframes">
• Inventory management and reporting">
• Vulnerability deviation request processing, tracking and reviews">
• Plan of Action & Milestones (POA&M) updates and submissions">
• System Security Status reporting">
• Monthly Continuous-Monitoring Metrics reporting">
• Compliance review of Significant change requests">

Requirements

Must-Have Skills

• ">
• Minimum 6 years of related experience in Compliance and information security">
• Well-versed in technologies like Windows, Antivirus, Data loss prevention (DLP)">
• Must have experience in Firewalls, Cloud platforms and content filtering solutions">
• Must have experience in creating and maintaining security policy documents">
• Good-to-have skills:">
• Experience with regular vulnerability and web application scanning methodologies">
• Project Management knowledge and experience are a strong plus">

Preferred Qualifications

• ">
• Proficiency with security tools and platforms (e.g., SIEMs, vulnerability scanners, and malware analyzers)">
• Familiarity with IDS/IPS systems and endpoint Antivirus and EDR products">
• Insider Threat Hunting and Analysis">
• Knowledge of current security standards, including ISO 27001, ISO 9001, SOC2, SOC 1, FERC, CEII, GDPR">
• Ability to understand enterprise business computing operations/requirements, and cloud-based cybersecurity services">
• Working knowledge DevOps concepts (e.g., Infrastructure as Code, Deployment Pipelines)">
• General hands-on IT background with the capability and enthusiasm of delving into new technologies">
• Willingness to work in different time zones">
• Good communication, presentation, documentation skills">
• Collaborate closely with Clous Ops, IT and Other function as a first line security point of contact within the GRC team">

Benefits

We offer

A dynamic and collaborative work environment that fosters professional growth and development

A competitive salary and benefits package

The opportunity to work on challenging projects and make a meaningful impact on the organization

Others

Energy Exemplar is an equal opportunities employer and we value your unique identity and perspective

We are fully committed to providing and fostering a workplace that reflects the diversity of society

Bring your authentic self and help us build an inclusive world together

To support you in being the best version of yourself during the application and interview process, please let us know if you have any specific requirements