Information Security Analyst

• We offer competitive benefits focused on employee well-being, including paid volunteer time off!
• We have been named by Achievers on its prestigious 50 Most Engaged Companies To Work For list for the last five years.
• We have received international recognition for our high levels of employee engagement through Certification as a Great Place to Work four years in a row.
• Our culture of creativity, innovation, and leadership has garnered over a dozen International Business Awards (Stevie).

ECI delivers cloud-based business critical ERP, CRM and line of business applications to more than 20,000 customers across the globe. The Information Security Analyst works as part of ECI's Information Security team and will lead our cybersecurity assurance program. The successful candidate will understand the security industry best practices and regulations as well as how to perform regular audits of ECI's business procedures and processes to ensure security and compliance of systems we operate.

DESCRIPTION

ECI is looking for an Information Security Analyst to work with our global Information Security Team to help expand and improve our cyber risk department. At ECI, we understand that it takes an enormous effort and a lot of time to build customer trust in our products and services. We work hard to earn and maintain that trust every single day by delivering products and experiences that really make a difference to the success of our customer's business. ECI's Information Security Team, including this Security Analyst position, is critical to building and maintaining that trust.

Are you detail oriented? Do you communicate well in oral and written form? Can you collaborate with teams or individuals at all levels of a corporation? If so then this is a great job for you. This position will capitalize on your current experience and security skill set while promoting and providing opportunities to expand your knowledge in many other areas of security. You will work to help identify risk, perform assessments, achieve regulatory compliance, conduct internal audits, work with third party security providers and vendors, provide monthly reporting and more.

DUTIES AND RESPONSIBILITIES

• Perform evaluation of internal operations, controls, communications, risk assessments and maintenance of documentation as related to regulatory compliance and recommend appropriate changes.
• Support the creation of a comprehensive risk management and regulatory oversight program, including specifications for product and service design aligned with the NIST framework.
• Provide clear direction to internal ECI teams on industry regulatory specifications applicable to their products and services.
• Build security documentation for customers and internal users, build management level metrics and reporting for activities that are owned by the Risk Manager.
• Coordinate industry and regulatory certifications, including managing certification vendors (e.g., CMMC, ITAR, SOC2, ISO 27001, GDPR, etc.).
• Daily, Weekly and Monthly operations verification and reporting across scheduled security activities such as, infrastructure penetration and vulnerability scans, patch management, Anti-virus and phishing reports, user access, etc.
• Daily monitoring and follow-up of security logs & alerts as needed.
• Support the organizations InfoSec and data privacy policies.
• Work with internal groups to conduct audits, assessments, vulnerability and penetration testing, leveraging third party partners to assist with these activities as needed.
• Respond to and record Information Security inquiries and incidents. Recommend mitigation and remediation strategies.
• Participate in the evaluation and testing of new security tools and countermeasures.
• Participate in execution of vendor risk assessments.
• Championing security awareness training and social engineering campaigns
• Other related duties may be assigned.

QUALIFICATIONS

• Bachelor's degree or 5+ years of experience in Information Security, Risk Management and Data Protection.
• Work within a framework to identify security gaps and mitigation recommendations.
• Experience with penetration and vulnerability testing techniques a plus.
• Able to help strategize methods of detecting/preventing threat actor tactics and techniques.
• Good understanding of security defense measures and mechanisms.
• Familiar with Incident Response concepts a plus.
• Fundamental technical understanding of key technologies such as operating systems, networks, application development, databases, virtualization, and cloud infrastructures
• Substantial experience with policy frameworks and regulations such as CMMC, SOC2, ITAR, ISO 27001/27002, NIST, GDPR, etc.
• Experience with Risk Management in compliance and/or security context
• Strong communication and organizational skills, outstanding attention to detail, and excellent problem-solving and follow-up skills
• Must be able to participate in team meetings to support team Lead/Manager with stakeholder requirements, business needs to articulate technical processes and objectives.
• A commitment to further ECI's culture and values and to providing extraordinary service.
• Prefer candidate to hold one or more of the following certifications: CISA, CISM, CISSP, CIPP

This position will require access to information protected under U.S. export control laws and regulations, including the International Traffic in Arms Regulations (ITAR). Please note that any offer for employment will be conditioned on any required authorization to receive software or technology controlled under these U.S. export control laws and regulations necessary to perform the responsibilities of the position.

#LI-REMOTE