Information Security Risk & Compliance

Position Description:

Trinus Corporation is seeking a skilled Information Security Risk & Compliance professional for a 12-month contract with strong potential for extension after the initial period. This position is ONSITE in Alhambra, CA 91803. Candidates must be authorized to work in the U.S. on a W2 basis.

Skills:

• Demonstrated expertise in governance, risk management, and cybersecurity compliance, including the development and implementation of policies, standards, and control frameworks.
• Strong working knowledge of information security regulations and industry frameworks such as NIST (800-53, CSF), ISO/IEC 27001, and PCI DSS, with the ability to map controls and assess compliance.
• Experience conducting risk assessments, control evaluations, and compliance audits to support enterprise-wide GRC initiatives.
• Familiarity with vulnerability management, threat intelligence analysis, and security architecture design in support of risk and compliance objectives.
• Understanding of encryption technologies and data protection principles as they relate to governance and regulatory obligations.
• Foundational knowledge of technical environments including IT security, networking, and systems administration, with awareness of tools such as SIEM (e.g., Microsoft Sentinel), firewalls, and other endpoint/network security platforms.

Experience Required:

• 5 years of experience applying security policies, standards, testing, modification and implementation. At least 3 years of that experience must be in information security analysis.

3+ years of experience within each of the following:

• Applying risk management principles, including conducting audits, security assessments, and interpreting industry-standard security frameworks (e.g., NIST, ISO 27001, CIS).
• Conducting and supporting security operations, control assessments, audit remediation, and enterprise risk governance initiatives.
• Performing information security risk assessments, evaluating control effectiveness, and analyzing risk impact for technology initiatives and third-party integrations.
• Participating in incident response processes, including detection, containment, and post-incident analysis.
• Managing the security of complex, multi-platform IT environments, including various operating systems, software suites, and network protocols, within a large organization.

Education Required:

• This classification requires possession of a bachelor’s degree in an IT-related or Engineering field. Additional qualifying experience may be substituted for the required education on a year-for-year basis.

Certification (must have 1 of the following listed):

• CISSP - Certified Information Systems Security Professional.
• CRISC – Certified in Risk and Information Systems Control.
• CISA – Certified Information Systems Auditor.
• CISM - Certified Information Security Manager.

Interview Process:

• Interviews will be conducted in person in Alhambra, CA 91803.

Work Schedule:

• Work schedule is Mon - Thu 7:15 am – 6:00 pm (10 hours/day).