Description

ECI is the leading global provider of managed services, cybersecurity, and business transformation for mid-market financial services organizations across the globe.  From its unmatched range of services, ECI provides stability, security and improved business performance, freeing clients from technology concerns and enabling them to focus on running their businesses.  More than 1,000 customers worldwide with over $3 trillion of assets under management put their trust in ECI. 

At ECI, we believe success is driven by passion and purpose. Our passion for technology is only surpassed by our commitment to empowering our employees around the world. 

The Opportunity: 

As a Security Compliance Associate you will have the opportunity to work with cutting edge technology and industry leaders in the financial space. Your role will be responsible for phishing and training, conducting security audits/assessments, reviewing policies and client documentation, conducting vendor risk management, and presenting recommendations to client leadership teams, and acting as a security centric technical leader amongst your peers. You will be a part of a strong international team that supports clients across the globe. You will be familiar with the most important security frameworks and have a strong ability to tie risk to the organization based on their operations. In this role, you can’t be afraid to get your hands dirty and help the leadership team build an ever-evolving program. 

This is an Onsite role, Working days are Monday – Friday, 5pm IST to 2am IST.

What you will do:

• Assess client security infrastructures and document information security policies, processes, and technical controls.
• Manage client phishing campaigns and employee training.
• Identify information security weaknesses and gaps by conducting client security assessments, risk assessment, and vendor due diligence through interviews, questionnaires, documentation reviews, and technical assessments.
• Describe and communicate security findings, potential business risks, present remediation recommendations, and estimate costs and effort levels for remediation to the clients' leadership teams and board members.
• Update client policies based on industry standards, best practices, and regulatory requirements such as SEC, FTSE, ISO27001, NIST, GDPR etc. as necessary.
• Collect and organize evidence from all client assessments and ECI’s System Service Desk and Network Service Desk.
• Conduct simulated phishing exercises, awareness training, and incident response tabletop exercises for the client.
• Assist clients with security aspects during their internal and external audits.
• Address clients' ad hoc security-related queries and provide resolutions.

Who you are:

• Minimum of 1 year of experience in a security/IT role that is constantly evolving.
• Exceptional written and verbal communication skills, with the ability to present to client leadership teams and executives.
• Strong familiarity with IT compliance frameworks, including NIST 800-171 and ISO 27001.
• Technical background and experience/understanding with different IT systems, including but not limited to Microsoft, Defender, Sentinel One.
• Strong understanding of security best practices and controls, including but not limited to MFA, Conditional Access, Least Privilege, Defense in Depth, etc.
• Constantly aware of evolving industry threats and real-world events that impact client security.
• Strong interpersonal skills to deal with a diverse set of clients and colleagues.
• Willingness to work swing shift between India and US EST time.

Bonus points if you have: 

• Bachelor’s or Graduate degree in computer science and management
• Experience conducting security audits/assessments is an added advantage.