Trevor Gibson

Vendor Risk Management & Security Assessments

• Perform cybersecurity and compliance assessments for new and existing vendors, reviewing SOC 2, ISO 27001, penetration tests, privacy policies, DR/BCP plans, and internal controls.
• Conduct risk tiering to determine appropriate level of scrutiny and ensure consistent, risk-based decisions across the vendor portfolio.
• Complete due diligence reviews using tools such as UpGuard, self-assessment questionnaires, and internal vetting workflows.
• Identify gaps, document findings, and recommend mitigation plans in alignment with organizational security standards.
• Track remediation activities, and collaborate with vendors and internal teams until risk is appropriately addressed.

Cross-Functional Collaboration

• Partner with Legal, Procurement, Network Security, MIS, and business owners to ensure vendor contracts include security, privacy, and data protection requirements.
• Support internal stakeholders in evaluating third-party technical integrations, data flows, and risk implications.
• Serve as a liaison between business units and Information Security during vendor onboarding and renewal cycles.

Program Development & Governance

• Maintain a complete and accurate vendor inventory, ensuring correct tiering, documentation, and annual reviews.
• Assist in developing internal TPRM workflows, standards, checklists, and escalation procedures to mature program effectiveness.
• Contribute to organizational risk register, documenting risks and tracking mitigation status.
• Support audits and compliance efforts, including lottery requirements, state regulations, and internal governance requirements.

Physical Security & CPTED

• Conduct CPTED reviews for new and existing office sites, including public-facing lobbies, LAN rooms, warehouse areas, and secure spaces.
• Provide recommendations aligned with national standards (e.g., ISO physical security domains, Crime Prevention guidelines).
• Collaborate with security systems administrators on camera systems, access control, and environmental design improvements.

• Performs troubleshooting to isolate and diagnose common problems. Serves as tier 2 support for NCEL Security Division.
• Installs and maintains various types of security systems such as access control, alarms and video surveillance systems.
• Supported system access control reviews, user permissions audits, and least-privilege security principles.
• Maintained security documentation, internal reports, and compliance evidence for audits and reviews