Information Security Analyst

Xpansiv®, a trailblazer in the energy and environmental commodities market, operates the integrated, open, and neutral market platform designed to accelerate the global energy transition.  Xpansiv provides thousands of market participants and intermediaries with access to the widest possible range of energy transition markets, through its suite of solutions, including the world’s largest environmental commodities trading platform, where billions of assets cross per year. Xpansiv’s end-to-end technology platform services the entire life cycle of environmental commodities, connecting diverse markets and market participants across the world and enabling stakeholders to deliver transparent and trusted environmental claims to address the growing demand for energy transition. Leveraging its extensive industry knowledge and proven technology portfolio, Xpansiv assists companies seeking to identify and mitigate risk, streamline the management of their environmental assets, and comply with regulations, caps and commitments. Position Summary: We are seeking a detail-oriented and proactive Information Security Analyst to help strengthen and mature our cybersecurity posture. The ideal candidate has a solid foundation in security operations, risk management, and threat detection, with a passion for continuous improvement and secure innovation. Experience in fintech or other regulated industries (financial services, energy, SaaS) is preferred but not required.  Key Responsibilities:

Monitor, investigate, and respond to security alerts and incidents across systems, networks, and cloud environments. 

Perform regular vulnerability assessments, patch verification, and risk remediation tracking. 

Support security awareness programs and ensure employees adhere to company security policies, procedures and standards. 

Assist in managing endpoint security tools (EDR, DLP, MDM, etc.) and identity/access management systems. 

Collaborate with IT, DevOps, and engineering teams to implement secure configurations, code reviews, and cloud security best practices. 

Conduct periodic access reviews and support audit and compliance efforts (SOC 2, ISO 27001, etc.). 

Document incident response actions and recommend process improvements. 

Contribute to risk assessments and control testing for new vendors, applications, and systems. 

Stay current on emerging threats, vulnerabilities, and regulatory requirements impacting the business. 

Demonstrate a business-first mindset. 

Required Qualifications:

3–5 years of hands-on experience in cybersecurity, information security, or IT risk. 

Strong understanding of networking fundamentals, endpoint protection, and cloud security (AWS, Azure, or GCP). 

Familiarity with SIEM platforms, SAST, DAST, vulnerability management tools, and incident response processes. 

Familiarity and experience with common EDR platforms. 

Knowledge of security frameworks such as NIST CSF, ISO 27001, or CIS Controls. 

Excellent problem-solving and communication skills. 

Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience). 

Preferred Qualifications:

Experience in fintech, financial services, or other regulated environments. 

Exposure to compliance standards such as NFA, FCA, SOC 2, or ISO27001. 

Relevant certifications (e.g., CompTIA Security+, CySA+, CEH, etc.). 

Scripting or automation experience (Python, PowerShell) a plus.