Information Security Analyst

ECI Software Solutions


Date: 2 weeks ago
City: Des Moines, IA
Contract type: Full time
Remote
For more than 30 years, ECI Software Solutions has been providing industry-specific, cloud-based business management software and services to small and medium-sized businesses. With divisions focused on manufacturing, wholesale/retail distribution, building and construction, and field service, ECI's solutions integrate into every aspect of a customers' business to help them level the playing field, run day-to-day operations more efficiently, and free them up to focus on what matters most. It’s how business gets done.

Who is ECI?

At ECI, our mission is to enable the entrepreneurial spirit of small and medium-sized business owners. But ECI doesn’t simply deliver amazing software solutions; we also have an award-winning company culture.

  • We offer competitive benefits focused on employee well-being, including paid volunteer time off!
  • We have been named by Achievers on its prestigious 50 Most Engaged Companies To Work For list for the last five years.
  • We have received international recognition for our high levels of employee engagement through Certification as a Great Place to Work six years in a row.
  • Our culture of creativity, innovation, and leadership has garnered over a dozen International Business Awards (Stevie).

Come join a worldwide team with a strong culture of inclusion, professional development, and collaboration.

To apply for this position, please attach a detailed resume that demonstrates your qualifications and skill set pertaining to this position. Applications without a resume will not be considered.

ECI delivers cloud-based business critical ERP, CRM and line of business applications to more than 20,000 customers across the globe. The Information Security Analyst works as part of ECI’s Information Security team and will lead our cybersecurity assurance program. The successful candidate will understand the security industry best practices and regulations as well as how to perform regular audits of ECI’s business procedures and processes to ensure security and compliance of systems we operate.

Job Description

ECI is looking for an Information Security Analyst to work with our global Information Security Team to help expand and improve our cyber risk department. At ECI, we understand that it takes an enormous effort and a lot of time to build customer trust in our products and services. We work hard to earn and maintain that trust every single day by delivering products and experiences that really make a difference to the success of our customer’s business. ECI’s Information Security Team, including this Security Analyst position, is critical to building and maintaining that trust.

Are you detail oriented? Do you communicate well in oral and written form? Can you collaborate with teams or individuals at all levels of a corporation? If so then this is a great job for you. This position will capitalize on your current experience and security skill set while promoting and providing opportunities to expand your knowledge in many other areas of security. You will work to help identify risk, perform assessments, achieve regulatory compliance, conduct internal audits, work with third party security providers and vendors, provide monthly reporting and more.

Duties And Responsibilities

  • Perform evaluation of internal operations, controls, communications, risk assessments and maintenance of documentation as related to regulatory compliance and recommend appropriate changes.
  • Support the creation of a comprehensive risk management and regulatory oversight program, including specifications for product and service design aligned with the NIST framework.
  • Provide clear direction to internal ECI teams on industry regulatory specifications applicable to their products and services.
  • Build security documentation for customers and internal users, build management level metrics and reporting for activities that are owned by the Risk Manager.
  • Coordinate industry and regulatory certifications, including managing certification vendors (e.g., CMMC, ITAR, SOC2, ISO 27001, GDPR, etc.).
  • Daily, Weekly and Monthly operations verification and reporting across scheduled security activities such as, infrastructure penetration and vulnerability scans, patch management, Anti-virus and phishing reports, user access, etc.
  • Daily monitoring and follow-up of security logs & alerts as needed.
  • Support the organizations InfoSec and data privacy policies.
  • Work with internal groups to conduct audits, assessments, vulnerability and penetration testing, leveraging third party partners to assist with these activities as needed.
  • Respond to and record information security inquiries and incidents. Recommend mitigation and remediation strategies.
  • Participate in the evaluation and testing of new security tools and countermeasures.
  • Participate in execution of vendor risk assessments.
  • Championing security awareness training and social engineering campaigns
  • Other related duties may be assigned.

Qualifications

  • Bachelor’s degree or 5+ years of experience in Information Security, Risk Management and Data Protection.
  • Work within a framework to identify security gaps and mitigation recommendations.
  • Experience with penetration and vulnerability testing techniques a plus.
  • Able to help strategize methods of detecting/preventing threat actor tactics and techniques.
  • Good understanding of security defense measures and mechanisms.
  • Familiar with Incident Response concepts a plus.
  • Fundamental technical understanding of key technologies such as operating systems, networks, application development, databases, virtualization, and cloud infrastructures
  • Substantial experience with policy frameworks and regulations such as CMMC, SOC2, ITAR, ISO 27001/27002, NIST, GDPR, etc.
  • Experience with Risk Management in compliance and/or security context
  • Strong communication and organizational skills, outstanding attention to detail, and excellent problem-solving and follow-up skills
  • Must be able to participate in team meetings to support team Lead/Manager with stakeholder requirements, business needs to articulate technical processes and objectives.
  • A commitment to further ECI’s culture and values and to providing extraordinary service.
  • Prefer candidate to hold one or more of the following certifications: CISA, CISM, CISSP, CIPP

In addition to our competitive salary and award winning culture, we offer an excellent benefit package. We even offer our employees a day off to serve their community! Our company core values are our “CODE”: Crave Greatness, Own the Outcome, Deliver Awesome and Embrace Community.

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

Social Media & Communications Internship

Des Moines Menace, Des Moines, IA
1 week ago
The Menace is looking for a highly motivated individual interested in being a part of the United Soccer League team in Des Moines. The ideal candidate will demonstrate initiative, the ability to multitask, a willingness to learn, and a positive attitude. In this role, you will work in a creative space for a popular sports organization that operates in an...

Remote WFH Full Time Administrative Assistant - Typing - Part Time Entry Level

Commonwealth Recruitment Services, Des Moines, IA
2 weeks ago
Apply here Directly: https://bit.ly/3vbQR00Candidates applying on the above link will be considered. Click on the link and apply .This is your opportunity to start a lifelong career with unlimited opportunity. Discover the flexibility youve been searching for by taking a minute to finish our online application.Apply here Directly https://bit.ly/3vbQR00QualificationsNo experience, Willing to trainAbility to work within recognized turnaround timesMust have...

Public Safety Telecommunications Supervisor

City of Des Moines, Des Moines, IA
3 weeks ago
Distinguishing Features of the ClassDirects, plans, and coordinates the daily operations of the 911 Emergency Communications Center; frequent performance of key telecommunicator duties during major incidents, events, and operations; and oversees, trains and assists telecommunicators to fulfill their duties.BenefitsCome work with us! The City of Des Moines promotes a healthy work life balance and offers a comprehensive benefits package including:Residency...