Senior Information Security Analyst

At TreviPay, we believe loyalty begins at the payment. Thousands of sellers use our global B2B payments and invoicing network to provide choice and convenience to buyers, open new markets and automate accounts receivables. With integrations to top eCommerce and ERP solutions and flexible trade credit options, TreviPay brings 40 years of experience serving leaders in manufacturing, retail and transportation.     Every day, TreviPay employees are challenged and empowered in a supportive, collaborative, entrepreneurial environment. We are seeking a Senior Information Security Analyst with deep experience in both security operations and audit/compliance execution. This role blends hands-on detection and incident response with ownership of audit readiness and evidence management for frameworks including PCI DSS and ISO/IEC 27001. The ideal candidate is comfortable working across technical and business teams, can translate security requirements into actionable controls, and can drive improvements to reduce risk and improve security posture. Key Responsibilities Security Operations •  Monitor and triage security alerts from SIEM, EDR, IDS/IPS, CSPM, and other telemetry sources; validate true positives and reduce false positives. •  Conduct incident investigations and document findings, scope, root cause, and remediation actions. •  Lead or support incident response activities including containment, eradication, and recovery. •   Develop, maintain, and tune detection logic, alerting, and response playbooks and runbooks. •   Maintain, administer, and optimize security tools and platforms (e.g., SIEM, EDR, vulnerability scanners, email security, DLP), including upgrades, configuration changes, health monitoring, and integrations. •  Partner with IT and Engineering teams to remediate vulnerabilities, harden configurations, and improve overall security controls. Audit, Risk, and Compliance •  Support and lead audit readiness for PCI DSS and ISO/IEC 27001. •  Coordinate evidence collection and manage auditor interactions. •   Perform gap assessments and track remediation efforts. •   Maintain ISMS documentation, policies, and procedures. •   Assist with risk assessments and continuous compliance activities. Required Qualifications •   7+ years of information security experience. •   Bachelor’s Degree in Information Security, Computer Science, MIS/CIS, or equivalent experience. •   Hands-on SOC responsibilities. •    Experience supporting PCI DSS and/or ISO 27001 audits. •    Strong understanding of incident response, SIEM, EDR, IAM, and vulnerability management. •    Ability to produce clear documentation and communicate with technical and non-technical stakeholders. Preferred Qualifications & Certifications •   Experience with cloud security platforms and automation. •   Experience with programming and scripting automation. •   Familiarity with NIST CSF, SOC 2, or CIS Controls. •   Certifications such as CISSP, CISA, CySA+, GCIH, PCI ISA, or ISO 27001 training.