Choosing a career with ECMC Group means joining a nonprofit corporation with a mission to help students succeed. With a vibrant mission and values, great benefits, and strong community involvement, ECMC Group companies are an ideal team to join.

Job Summary

Responsible for planning, performing, monitoring, and reporting on components of varying complexity regarding IT compliance as well as other assigned projects within information system areas of the Company. Performs assigned portions of IT compliance programs, determining compliance with policies and procedures, monitoring, recommending corrective action, preparing findings, and assisting with remediation plans. Reviews and services should be performed in accordance with professional and department standards.

Essential Duties and Responsibilities

• Leads and performs multiple compliance tasks, which may include planning, risk analysis, customer interaction, testing, and reporting procedures in accordance with appropriate professional and department standards
• Leads vendor security risk assessments and security contract review process
• Works independently to lead discussions with management regarding processes and noted control weaknesses
• Obtains buy-in and ownership from management for observations and remediation plans, while informing management of the status of the remediation plans
• Prepares documentation and draft reports to management to communicate final results, including recommendations for improving information system practices and controls
• Assists with ongoing risk assessments, IT internal and external audits
• Plans and executes compliance reviews
• Completes department administrative reporting as assigned
• Provides guidance to staff on assignments of low to medium complexity as assigned
• Anticipates and manages customer expectations and consistent delivery of services
• Effectively conveys information to various audiences, including peers and leaders

Required Qualifications

• Bachelor's degree in computer information systems, information technology, legal studies, or related field or an additional 2 years of experience in lieu of degree
• 3 years' experience in IT risk and compliance, IT governance, IT auditing or an IT related field
• Experience assessing vendor risk, performing security assessments, and reviewing contracts
• Experience working with procurement and legal teams
• Experience assessing security controls for AWS or cloud environments
• Experience developing and maintaining policies and/or information management frameworks
• Experience creating and assembling evidence for internal or external auditors
• Advanced knowledge of Microsoft Office suite, including experience analyzing data using Excel and designing or managing SharePoint sites
• General knowledge of security control concepts, principles, risk analysis, FISMA, PCI Compliance, HIPAA, Privacy, process improvement and techniques, including frameworks such as NIST, ISO2700, COSO and COBIT

Preferred Qualifications

• Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) certifications preferred

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

ECMC Group is committed to ensuring our diverse, inclusive and equitable culture is built on a strong sense of belonging, where everyone feels seen, heard and encouraged to show up as their authentic self.