Information Security Risk & Compliance Specialist
Job Type

Company Overview:

Trellance is a leading provider of business analytics and technology consulting for credit unions, helping them meet the financial needs of today’s digital consumer. With a comprehensive suite of data science solutions, professional staffing and professional services, the Trellance team ensures credit unions increase efficiency, manage risk, and improve member experience. As credit unions’ tech partner, Trellance brings them to the next frontiers of fintech, filled with powerful tools such as artificial intelligence and machine learning.

Overall Responsibility:

Responsible for monitoring, maintaining and communicating Enterprise Cybersecurity Risks to leadership using a Risk Register and similar tools, Lead Third-party Vendor Risk Assessments for new and existing vendors. Support day to day PCI DSS (PCI), Service Organization Controls (SOC) and ISO 27001;2013 (ISO) compliant operations across the Trellance enterprise. This position is responsible for leading the enterprise in the reviews, updates and creation of Information Security Policies and Procedures. The Information Security Risk and Compliance Specialist is an active contributor to the team monitoring, contributing and collecting artifacts for compliance on a daily, weekly, monthly and annua intervals from across the enterprise.


· Conduct regular enterprise Risk Assessments and actively track and report status along with identified areas for improvement.

· Monitor security systems and analyze potential threats using security technologies such as SIEM, Firewalls, Vulnerability Scanners, IDS/IPS (host and network based), File Integrity Monitors (FIM) and Anti-Virus.

· Work with the Information Security Specialists to perform and document daily event log analysis, incident response to critical security alarms, and network monitoring for health and availability of Trellance systems.

· Conduct and document Third-Party Vendor Risk Assessments a minimum of annually or as part of the new vendor consideration process.

· Work with Systems Administrators, Cloud Engineers and Development teams across the enterprise to maintain PCI, SOC and ISO compliant operations.

· Lead the team to build and improve Information Security policies, practices, create and maintain compliance documentation, and document network infrastructure and compliance.

· Work with Systems Administrators, Cloud Engineers and Development teams across the enterprise to ensure security best practices, vulnerability testing, penetration testing, and compliance certifications are maintained.

· Participate as a major contributor to all customer and third-party security inquiries and compliance examinations.

· Identify, document and communicate system vulnerabilities to the appropriate teams on a regular basis. Communicate remediations status to leaderships on a regular basis throughout to resolution.

· Document all processes and procedures in assigned areas of responsibility.

· Assist with the evaluation, research and development of cloud security risk assessments, definition and implementation of security tools, design and implement security plans, and disseminate the DevSecOps practices across relevant teams.

· Update job knowledge by studying relevant tools, techniques, and equipment; educational opportunities; reading professional publications; participating in professional organizations.

· Protect operations by keeping information confidential.

· Build trust and effective relationships with peers and provide leadership across the enterprise.

· Perform other duties as assigned.




Minimum Education/Experience:

Bachelor’s degree (BA or BS) from an accredited college or university plus a minimum of four (4) years of experience in the specific or related field. Or High School Diploma or equivalent plus a minimum of eight (8) years of experience in the field.

Company / Industry Knowledge:

Prior experience in credit union or financial service industries is strongly preferred. 


CISA, CRISC, CISSP or equivalent highly desired.  Cloud Security knowledge certification such as CCSK, or CCSP a plus.

Other Experience:

  • 2+ years of IT operations or Information Security management in a PCI DSS, Service Organization Controls (SOC), and/or ISO compliant organization.  Equivalent experience in a regulated industry will be considered.
  • Highly proficient with and can support Linux and Windows operating systems.
  • Experience with native cloud and third-party Identity and Access Management (IAM).
  • Experience with SEIM, vulnerability management, penetration testing, and participating in ongoing security hardening projects.
  • Experience with PCI DSS, SOC, ISO, SOX audits and examiners.
  • Experience maintaining evaluating compliance in both Azure and AWS cloud networks, firewalls, SIEMs, FIM and security      best practices.
  • Experience with ISO 27001, NIST 800-71, and 800-53 standards.
  • Experience with Jira, Zendesk, or Remedy desired or similar ticketing systems.
  • Strong ability to translate product needs to technology and understand technology.