Energy Infrastructure Partners AG logo

Information Security Analyst

Energy Infrastructure Partners AG
Full-time
On-site
Zürich, ZH

JobsCloseBy Editorial Insights

Energy Infrastructure Partners AG seeks an Information Security Analyst in Zürich, full-time onsite, to own the ISMS, risk register and controls, lead risk assessments and reviews, coordinate security operations with an outsourced SOC/CISO, run tabletop exercises and maintain the IR plan, and bolster platform security across Microsoft 365, Entra ID, Defender, Purview and Sentinel while managing third party risk, data protection and DPA processes. You will support audits, deliver training, and produce monthly security dashboards. The ideal candidate has 5+ years in information security, ISO 27001 experience, incident response skills, MS 365/Azure expertise, GDPR familiarity, and relevant certifications; English required, German a plus, PowerShell/KQL scripting. Apply via our job platform only; no email attachments.

Your area of responsibility

Information Security
  • Maintain the ISMS, risk register, controls, and policies.
  • Lead risk assessments, control testing, corrective actions, and reviews. 
Security Operations
  • Coordinate with outsourced SOC/CISO for effective monitoring and incident response.
  • Run tabletop exercises, post‑incident reviews, and maintain the IR plan.
Platform Security (Microsoft)
  • Operate and improve security across Defender, Entra ID, Intune, Purview, Sentinel, and M365.
  • Manage conditional access, MFA, PIM, endpoint baselines, and secure configurations.
  • Run a risk‑based vulnerability and patch program and track remediation with providers. 
Third‑Party Risk & Data Protection
  • Lead vendor due diligence, DPAs, and ongoing monitoring aligned to outsourcing procedures.
  • Implement data classification, retention, and DLP; support privacy‑by‑design and coordinate with external DPO 
Audit, Compliance, Training & Reporting
  • Support audits and regulatory reviews; deliver security awareness training and simulation campaigns.
  • Maintain evidence, procedures, runbooks, and monthly security dashboards.

Your skills and experience

  • 5+ years in information security.
  • Experience running an ISMS (aligned with ISO/IEC 27001), including risk & controls management.
  • Incident response coordination and BCP/DR familiarity.
  • Exposure to regulated environments (financial services preferred) and vendor assurance.
  • Strong written/spoken English; German is a plus.
  • Hands on with Microsoft 365 (E5)/Azure security stack: Entra ID (CA, PIM), Intune, Defender, Purview, Sentinel.
  • ISO 27001 Lead Implementer/Lead Auditor, CISM, CISSP, CCSK/CCSP, Microsoft Security certs (SC‑200/300/400, AZ‑500).
  • Experience with DORA, FINMA requirements, and CSSF guidelines for AIFMs.
  • Exposure to SOC 2, NIST CSF, or CIS Controls.
  • Practical knowledge of privacy (GDPR), working with a DPO.
  • Scripting/automation (PowerShell, KQL, Graph API) for policy enforcement and evidence collection.
  • Familiarity with Snowflake and data platform controls (row-level security, key management).

What we offer

You will shape the future of our information security, work on innovative projects in a small team in a dynamic environment. We provide professional development opportunities, including training and certification of technical skills, and a hybrid work environment. 

Contact

[email protected] 

How to apply

If you are ready to make a significant impact in the energy infrastructure sector and grow your career with EIP, we encourage you to apply. Join us in shaping the future of energy investments. 
  
 Click “apply for this position” below to start the application process.    
 
 Please note that we do not accept any application documents via (e-)mail (including direct applications via LinkedIn or similar platforms) due to our data protection guidelines. Only applications submitted via our job platform will be considered.