Senior Security Compliance Analyst(6+ Years Minimum) Pune

About the Position

Energy Exemplar is looking for a Senior Security Compliance Analyst who will perform duties related to compliance certifications, continuous monitoring of the controls and operational security administration, analysis of security related incidents, vulnerabilities and events that may affect Energy Exemplar and its clients.

Key Responsibilities

• Provide compliance guidance to cloud security offering business units and product teams
• Support Internal / External ISO 27001 / 9001, SOC 2, SOC 1 and any new regional assessments requirements (e.G. IRAP) to support business growth.
• Work effectively as part of a geographically distributed team
• Develop and maintain security operations processes & documentation (e.G., runbooks, operating procedures, Cyber Incidence response)
• Maintain event collection environment through health monitoring and logs from Fire Walls, VPN, Email protection, Network Analytics, access control cards system and CCTV.
• Interact with various security products and platforms, including : O365, MimeCast, WorkspaceOne, Fortinet, Cloud Hosting Providers (Azure, AWS) and others.
• Provide support for implementation and maintenance of SIEM, DLP, endpoint protection, and other security tool alerts.
• Provide hands on based input of vendor proposals and emerging security technologies and systems.
• Coordinate, track and Manage CEII compliance.
• Provide technical expertise and support to IT management and staff in the implementation of security / protection technologies and network systems / applications.
• Assist with penetration testing and vulnerability management efforts.
• Participate in customer audits and respond to infosec questionnaires as part of the RFP process.
• Participate in incident management activities which include associated investigations, ticket response, communications including periodic tabletop exercises..
• Assist in Risk Management, Vendor Management, and governance of Information Security policies across the company.
• Continuously improve our security practices and processes and keep company and customer data safe across our services and infrastructure.
• Design and build metrics and dashboards to track security incidents, vulnerabilities, risks, and awareness
• Perform continuous monitoring of the controls including but not limited to :
• Track and Monitor ISO and SOC 2, SOC 1 and overall common control framework, gather and review evidences.
• Vulnerability and hardening compliance scan monitoring, reporting and reviews
• Driving vulnerability remediations within prescribed timeframes
• Inventory management and reporting
• Vulnerability deviation request processing, tracking and reviews
• Plan of Action & Milestones (POA&M) updates and submissions
• System Security Status reporting
• Monthly Continuous-Monitoring Metrics reporting
• Compliance review of Significant change requests

Candidate Requirements & Qualifications