Treliant’s Cybersecurity, Privacy, & Data Ethics team of experienced, certified professionals supports organizations in their efforts to comply with data protection obligations and mitigate potential cyber risks.
We help organizations develop appropriate and sustainable cyber, information security, and privacy programs that perpetually improve and mature. We support clients’ compliance with expanding cybersecurity, privacy, and data breach notification regulations. Our goal is to assist in identifying and driving business value, by helping companies manage risks while meeting strategic objectives.
Performed the role of Chief Information Security Officer (CISO) for foreign banking organizations
Treliant managed the cyber and information security programs for several foreign banking organizations. In doing so, Treliant addressed daily Matters Requiring Attention (MRAs) related to cyber and information security, and helped satisfy the requirements established by the New York State Department of Financial Services (NYDFS) and the Federal Reserve Bank of New York. Business continuity program development also included planning, testing, reporting, training, and broad operational support of the companies’ regulatory requirements and business objectives.
Performed a California Consumer Privacy Act “CCPA” assessment for a mid-size bank
Treliant performed a gap assessment evaluating the bank’s consumer request channel, notice obligations, and information security controls, among other regulatory requirements. We also provided recommendations for process improvement and developed a roadmap for remediating the gaps we identified.
Provided privacy regulatory compliance support to a large FinTech company
Treliant has a proven track record of consulting in the following areas:
Governance and Risk Management (including CCPA, GDPR, and NYDFS compliance)
Cyber, Privacy, and IT risk assessments, including but not limited to compliance with:
European Union’s General Data Protection Regulation (GDPR)
California’s Consumer Privacy Act (CCPA)
New York State Department of Financial Services (NYDFS) Part 500
Brazil’s Lei Geral de Proteção de Dados (LGPD)
Securities and Exchange Commission (SEC) information security requirements
Gramm Leach Bliley Act (GLBA) Safeguards and Privacy Rule
Health Insurance Portability and Accountability Act (HIPAA) Safeguards and Privacy Rule
As well as leading industry frameworks from the National Institute of Standards and Technology (NIST) Cybersecurity Framework, International Standards Organization (ISO), and Information Systems Audit and Control Association (ISACA’s COBIT 5)
Policies and procedures update/development, implementation, and testing
Penetration testing and vulnerability scanning
Data Mapping and Personal Data Inventories
Data driven operational support for marketing, human resources, business operations, information security, and internal finance efforts
Vendor and Third-Party Risk Management Program Development
Privacy and cybersecurity vendor assessments
Policies and procedures
Vendor risk ratings criteria
Contract review and execution
Due diligence reviews, baselining for mergers and acquisitions
Training Program Development
End-user awareness classes, videos, and workshops
Executive leadership cyber business risk, threat, and impact awareness
Email phishing exercises and incident response testing
Policies and procedures and role-based training
Stakeholder incident response training
Cyber Insurance Data Breach Remediation Support (Incident Response and Recovery)
Attempt to identify entry-point of breach, and size and scope of data that has been compromised.
Pursue data recovery efforts to attempt to retrieve data controller’s data.
Provide incident response, business continuity, and disaster recovery preparation and support.
Provide third-party CISO support to manage the patching of remaining cyber vulnerabilities.
Provide ongoing threat intelligent support
Ensure applicable breach notification obligations are satisfied under 50 U.S. State laws, CCPA, GDPR, LGPD, NYDFS, HIPAA, COPPA, etc.
Leverage technology to identify specific individuals who must be notified of a breach.