Senior Security Compliance Analyst

About Energy Exemplar

In an era where the world is rapidly advancing towards a cleaner future through decarbonization, Energy Exemplar's mission lies in 'Empowering Transformative Energy Decisions'. Founded in 1999 in Adelaide, Australia, our award-winning software portfolio encompassing the modeling and simulation platform PLEXOS, Aurora, and Adapt2, is trusted by innovative organizations across the globe. Through our technology and people, we strive to enable stakeholders from across the entire energy value chain to revolutionize the energy ecosystem and to collaboratively plan and execute for a sustainable energy future with unprecedented clarity, speed, and innovation. 

Our impact is global and is being recognized across the industry. Some of our recent accolades include:

• SaaS Company of the Year – Global Business Tech Awards.
• Environmental Impact Award – E+E Leaders Awards.
• IPPAI (Independent Power Producers Association of India) Power Awards Winners
• Finalist: Platts Global Energy Awards – Grid Edge category
• Finalist: Reuters Global Energy Transition Awards – Technologies of Change
• Top 50 Marketing Team – Voted by the public at the ICON Awards.

How We Work

Energy Exemplar is growing fast around 30% year on year and, that growth is driven by how we work. We trust our team to deliver great results from wherever they work best, whether that's at home, in the office, or on the move.

We're a global team that values ownership, integrity, and innovation. You'll be supported to balance work and life in a way that works for you, and empowered to take initiative, solve problems, and make an impact, regardless of your background, location, or role.

Our four core values, Customer Success, One Global Team, Integrity & Ownership, and Innovation Excellence aren't just words. They show up in how we collaborate, how we solve, and how we grow together.

About the Position

Energy Exemplar is looking for a Senior Security Compliance Analyst who will perform duties related to compliance certifications, continuous monitoring of the controls and operational security administration, analysis of security related incidents, vulnerabilities and events that may affect Energy Exemplar and its clients.

Candidate Requirements & Qualifications

• Minimum 6 years of related experience in Compliance and information security.
• Well versed in technologies like Windows, Antivirus, Data loss prevention (DLP).
• Must have experience in Firewalls, Cloud platforms and content filtering solutions.
• Must have experience in the creating and maintaining security policy documents.
• Good to have experience with regular vulnerability and web application scanning methodologies.
• Crisis management (Incident Management) identification and reporting.
• Network and cloud-based penetration testing experience required
• Incident response experience and prepare relevant security metrics dashboards
• 2-4 years' experience with Firewall, Network, Anti-Virus, DLP, Azure, AWS, and Desktop security administration
• Proficiency with security tools and platforms (e.g., SIEMs, vulnerability scanners, and malware analyzers)
• Familiarity with IDS/IPS systems and endpoint Antivirus and EDR products
• Insider Threat Hunting and Analysis
• 2 + years of professional experience focused on ITIL standards and practices.
• Knowledge of current security standards, including ISO 27001, ISO 9001, SOC2, SOC 1, FERC, CEII, GDPR
• Ability to understand enterprise business computing operations/requirements, and cloud-based cybersecurity services.
• Working knowledge DevOps concepts (e.g., Infrastructure as Code, Deployment Pipelines)
• Must have a general hands-on IT background with the capability and enthusiasm of delving into new technologies.
• Must be willing to work in different time zones.
• Good communication, presentation, documentation skills.
• Collaborate closely with Clous Ops, IT and Other function as a first line security point of contact within the GRC team.

Key Responsibilities

• Provide compliance guidance to cloud security offering business units and product teams
• Support Internal/External ISO 27001/9001, SOC 2, SOC 1 and any new regional assessments requirements (e.g. IRAP) to support business growth.
• Work effectively as part of a geographically distributed team
• Develop and maintain security operations processes & documentation (e.g., runbooks, operating procedures, Cyber Incidence response)
• Maintain event collection environment through health monitoring and logs from Fire Walls, VPN, Email protection, Network Analytics, access control cards system and CCTV.
• Interact with various security products and platforms, including: O365, MimeCast, WorkspaceOne, Fortinet, Cloud Hosting Providers (Azure, AWS) and others.
• Provide support for implementation and maintenance of SIEM, DLP, endpoint protection, and other security tool alerts.
• Provide hands on based input of vendor proposals and emerging security technologies and systems.
• Coordinate, track and Manage CEII compliance.
• Provide technical expertise and support to IT management and staff in the implementation of security/protection technologies and network systems/applications.
• Assist with penetration testing and vulnerability management efforts.
• Participate in customer audits and respond to infosec questionnaires as part of the RFP process.
• Participate in incident management activities which include associated investigations, ticket response, communications including periodic tabletop exercises..
• Assist in Risk Management, Vendor Management, and governance of Information Security policies across the company.
• Continuously improve our security practices and processes and keep company and customer data safe across our services and infrastructure.
• Design and build metrics and dashboards to track security incidents, vulnerabilities, risks, and awareness
• Perform continuous monitoring of the controls including but not limited to:
• Track and Monitor ISO and SOC 2, SOC 1 and overall common control framework, gather and review evidences.
• Vulnerability and hardening compliance scan monitoring, reporting and reviews
• Driving vulnerability remediations within prescribed timeframes
• Inventory management and reporting
• Vulnerability deviation request processing, tracking and reviews
• Plan of Action & Milestones (POA&M) updates and submissions
• System Security Status reporting
• Monthly Continuous-Monitoring Metrics reporting
• Compliance review of Significant change requests

Desired but not required (not needed for every position)

• Good to have experience with regular vulnerability and web application scanning methodologies.
• Project Management knowledge and experience are a strong plus.

Energy Exemplar is an equal opportunities employer and we value your unique identity and perspective. We are fully committed to providing and fostering a workplace that reflects the diversity of society. Bring your authentic self and help us build an inclusive world together To support you in being the best version of yourself during the application and interview process, please let us know if you have any specific requirements.

Energy Exemplar is proud to be an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all team members. We welcome applications from people of all backgrounds, experiences, identities, and abilities. Please let us know if you require accommodations at any stage of the recruitment process—we're here to support you in showcasing your full potential.

Energy Exemplar respects your privacy and is committed to protecting the personal data you share during the recruitment process. This Candidate Privacy Notice explains how we collect, use, and protect your personal information when you apply for a role with us.