Information Security Compliance Analyst

About Sungrow:

Sungrow Power Supply Co., Ltd. (“Sungrow”) is a global leading PV inverter and ESS provider with 515 GW of power electronic converters installed worldwide as of December 2023. Founded in 1997 by University Professor Cao Renxian, Sungrow leaders in the research and development of solar inverters with the largest dedicated R&D team in the industry and a broad product portfolio offering PV inverter solutions and ESS for utility-scale, commercial & industrial, and residential applications, as well as internationally recognized floating PV plant solutions, NEV driving solutions, EV charging solutions, and renewable hydrogen production systems. With a strong 27-year track record in the PV space, Sungrow products power in 170 countries and regions worldwide. For more information about Sungrow, visit: www.sungrowpower.com.

The Position:

We are seeking a proactive Information Security Compliance Analyst to join our dynamic security team. This role focuses on operationalizing security measures, supporting compliance initiatives, and managing third-party vendor security. The ideal candidate will have a strong foundation in cybersecurity, familiarity with compliance frameworks, and the ability to work across teams to implement and maintain security controls

Essential Duties and Responsibilities:

1. Security Operations and Incident Response:

· Respond to and investigate basic security incidents, escalating complex issues as needed.

· Implement and manage security tools, controls, and processes to strengthen the company’s security posture.

· Collaborate with internal IT and security teams to address and remediate vulnerabilities.

2. Compliance and Frameworks:

· Support compliance implementation by developing controls, documenting processes, and ensuring compliance across teams.

· Monitor adherence to cybersecurity frameworks, including NIST, ISO 27001, and SOC 2.

· Assist with audit preparation and compliance assessments, ensuring regulatory requirements are met.

3. Vendor Security and Third-Party Risk:

· Conduct vendor risk assessments and security evaluations for third-party services and tools.

· Complete vendor security questionnaires and coordinate with teams to evaluate vendor technologies.

· Support the development and enforcement of procurement processes to ensure vendors meet Sungrow’s security standards.

4. Control Implementation and Maintenance:

· Implement and maintain security controls to mitigate risks across IT and operational environments.

· Manage and optimize user access, privileges, and permissions as part of an effective security operations strategy.

· Develop monitoring and reporting mechanisms to track the effectiveness of implemented controls.

5. Geopolitical Awareness and Critical Infrastructure:

· Stay informed about geopolitical developments affecting critical infrastructure and integrate this knowledge into security strategies.

· Ensure that Sungrow’s cybersecurity measures align with regulations impacting the energy sector and critical infrastructure.

6. Cross-Team Collaboration and Training:

· Work closely with IT, legal, and business units to align security operations with business objectives.

· Support training and awareness initiatives to educate employees on cybersecurity best practices.

· Assist in researching and evaluating new security technologies to support Sungrow’s security and compliance goals.

7. Metrics and Reporting:

· Develop compliance metrics and dashboards to provide leadership with measurable insights into the program's effectiveness.

Minimum Requirements:

· 2–4 years of professional experience in cybersecurity with exposure to compliance.

· Hands-on experience with security tools (e.g., SIEM, vulnerability management, IAM) and frameworks (ISO 27001, NIST).

· Familiarity with vendor risk management and third-party security evaluations.

· Basic knowledge of geopolitical issues and their impact on cybersecurity, especially in the critical infrastructure sector.

· Strong problem-solving skills and the ability to work collaboratively across teams.

Education or Desired License and Certificates:

· Bachelor’s degree in Cybersecurity, Information Security, or a related field preferred.

· CRISC certification preffered; additional certifications (e.g., Security+, CySA+, ISO 27001 Lead Implementer) are a plus

Competencies

· Ability to thrive in a dynamic and fast-paced environment, balancing multiple responsibilities.

· Strong technical skills combined with excellent communication and collaboration abilities.

· Proactive problem-solving mindset, with attention to detail and a focus on delivering results.

· Commitment to continuous learning and development.

· Proactive and resourceful, with a focus on continuous improvement.

Travel

Up to 25%

Work Location and Status:

· Full-time position, remote or on-site as needed.

· Based in Dallas, Texas

· No visa sponsorship

Compensation:

· Comprehensive benefits package and growth opportunities.

· Opportunity for growth and potential transition to a full-time role.

Sungrow is an equal opportunity employer. Due to strong interests in this position, Sungrow will only reach out to those candidates who best meet the requirements. Thank you for your interest in Sungrow.