Security Compliance Associate

**ECI** is the leading global provider of managed services, cybersecurity, and business transformation for mid-market financial services organizations across the globe. From its unmatched range of services, ECI provides stability, security and improved business performance, freeing clients from technology concerns and enabling them to focus on running their businesses. More than 1,000 customers worldwide with over $3 trillion of assets under management put their trust in ECI.

At ECI, we believe success is driven by passion and purpose. Our passion for technology is only surpassed by **our commitment to empowering our employees around the world.**

**The Opportunity**:
As a Security Compliance Associate you will have the opportunity to work with cutting edge technology and industry leaders in the financial space. Your role will be responsible for conducting security audits/assessments, presenting to client leadership teams, and acting as a security centric technical leader amongst your peers. You will be a part of a strong international team that supports clients across the globe. You will be familiar with the most important security frameworks and have a strong ability to tie risk to the organization based on their operations. In this role, you can’t be afraid to get your hands dirty and help the leadership team build an ever-evolving program.

This is a hybrid role.

**What you will do**:

- Evaluate client’s security infrastructures and document information security policies, processes, and technical controls.
- Modify and amend existing client documentation based on industry standards, best practices, and compliance to regulatory requirements such as NYS-DFS, PCI, etc. as necessary.
- Conduct client security assessments and vendor due diligence, to Identify information security weaknesses and gaps through interviews, questionnaires, documentation reviews, and technical assessments.
- Collect and organize necessary evidence from all client assessments and ECI’s System Service Desk and Network Service Desk.
- Communicate security findings and recommendations to our clients.
- Participate and assist clients for security aspects, during their internal and external audits.
- Perform security risk assessments of information systems and infrastructure.
- Create detailed risk assessment reports which explain identified security weaknesses, describe potential business risks, present recommendations for remediation, and estimate costs and effort levels for remediation.
- Present findings to client leadership teams and board members.

**Who you are**:

- Minimum 5 years of experience working in an evolving security/IT centric role.
- College degree is preferred but not required.
- Consulting experience is preferred.
- Experience conducting security audits/assessments.
- Exceptional communication skills both written and verbal and the ability to present to client leadership teams and executives.
- Strong familiarity with IT compliance frameworks including NIST 800-171 and ISO 27001.
- Technical background and experience with different IT systems including but not limited to Microsoft, AWS, Citrix, etc.
- Strong understanding of security best practices and controls including but not limited to MFA, Conditional Access, Least Privilege, Defense in Depth, etc.
- Constantly vigilant to evolving industry threats and real-world events that influence client security.
- Strong interpersonal skills dealing with a diverse set of clients and colleagues.

**ECI’s culture is all about connection**:

- connection with our clients, our technology and most importantly with each other. In addition to working with an amazing team around the world, ECI offers a competitive compensation package and so much more If you believe you’d be a great fit and are ready for your best job ever, **we’d like to hear from you**

**Love Your Job, Share Your Technology Passion, Create Your Future Here**

LI-Hybrid