Trellance is the leading provider of data analytics and business intelligence solutions, professional services and consulting for credit unions. The company’s solutions and services, together with the patented common data model, are used by credit unions to find actionable insights, improve member experience and achieve portfolio growth.
Responsible for monitoring, documenting, maintaining, and communicating the effectiveness of Information Security for the enterprise. Assist with Third-party Vendor Risk Assessments for new and existing vendors. Support day to day PCI DSS (PCI), Service Organization Controls (SOC) and ISO 27001; 2013 (ISO) compliant operations across the Trellance enterprise. This position will be responsible for periodic enterprise reviews, updates and the creation of Information Security Policies and Procedures. The Information Security Risk and Compliance Analyst is an active contributor to the team monitoring, contributing, and collecting artifacts for compliance on an ongoing from across the enterprise.
- Monitor security systems and analyze potential threats using security technologies such as SIEM, Firewalls, Vulnerability Scanners, IDS/IPS (host and network based), File Integrity Monitors (FIM) and Anti-Virus.
- Work with the Information Security Specialists and Security Engineers to perform and document daily event log analysis, incident response to critical security alarms, and network monitoring for health and availability of Trellance systems.
- Conduct and document Third-Party Vendor Risk Assessments a minimum of annually or as part of the new vendor consideration process.
- Work with Systems Administrators, Cloud Engineers, and Development teams across the enterprise to maintain PCI, SOC and ISO compliant operations.
- Work with the team to build and improve Information Security policies, practices, create and maintain compliance documentation, and document network infrastructure and compliance.
- Work with Systems Administrators, Security Engineers, and Development teams across the enterprise to ensure security best practices, vulnerability testing, penetration testing, and compliance certifications are maintained.
- Participate as a major contributor to all customer and third-party security inquiries and compliance examinations.
- Identify, document, and communicate system vulnerabilities to the appropriate teams on a regular basis to leadership.
- Participate and contribute to routine PCI, SOC, and ISO assessments.
- Participate and contribute to Enterprise Risk assessments.
- Document all processes and procedures in assigned areas of responsibility.
- Update job knowledge by studying relevant tools, techniques, and equipment; utilizing educational opportunities; reading professional publications; participating in professional organizations.
- Protect operations by keeping information confidential.
- Build trust and effective relationships with peers and provide leadership across the enterprise.
- Perform other duties as assigned.
Bachelor’s degree (BA or BS) from an accredited college or university plus a minimum of three (3) years of experience in the specific or related field. Or High School Diploma or equivalent plus a minimum of six (6) years of experience in the field. Information Security or Cloud Certifications will be considered for some of these education requirements.
Company / Industry Knowledge:
Prior experience in credit union or financial service industries is strongly preferred.
CompTIA Cybersecurity Analyst (CySA+) or equivalent highly desired. CompTIA Security+ desired, Cloud Security Alliance Cloud Security or (ISC)2 knowledge certifications such as CCSK, or CCSP a plus.
- Minimum of 3+ years of IT operations or Information Security management in a PCI DSS, Service Organization Controls (SOC), and/or ISO compliant organization. Equivalent experience in a regulated industry will be considered.
- Strong proficiency with Office 365, especially Excel and MS Word.
- Proficient with and can support Linux and Windows operating systems.
- Experience with native cloud and third-party Identity and Access Management (IAM).
- Experience with SEIM, vulnerability management, penetration testing, and participating in ongoing security hardening projects.
- Experience with PCI DSS, SOC, ISO, SOX audits and examiners.
- Experience maintaining evaluating compliance in both Azure and AWS cloud networks, firewalls, SIEMs, FIM and security best practices.
- Experience with ISO 27001, NIST 800-171 or 800-53 standards preferred.
- Experience with Jira, Zendesk, or Remedy desired or similar ticketing systems.
- Strong ability to translate product needs to technology and understand technology.
- Excellent time management and organization skills are essential in this position.