This role is hybrid  2 days onsite and 3 days remote

SUMMARY OF OVERALL PURPOSE

In this position the Executive Director, Information Security Governance, Risk and Compliance will be responsible for the holistic GRC program which includes; Information Security program management, policies, standards, associates control frameworks, security awareness and training, risk management which includes risk quantification, interfacing with internal and external audit, and regulators. Being an enterprise position, the selected candidate will manage information security risks across the organization.  This role includes management of technology risk, vendor risk management, IT governance, and IT compliance. This role is expected to effectively partner with internal and external groups in reporting out risk at multiple levels including executive leadership.

KEY ACCOUNTABILITIES

Percentage of Time

30%

Lead team and develop talent

• Provide thought leadership within Trustmark in the areas of Information Security Governance, Risk and Compliance
• Partners with all levels of Trustmark leadership in furthering the sharing of security awareness and risk management maturity continuum in support of evolving business needs.
• Lead and build a team of security professionals, including setting direction, providing feedback, managing performance, and developing employees.
• Coach and mentor to build GRC capabilities.
• Collaborates with business and IT leaders on benefit attainment from capability changes and updates.

20%

Building out and executing a risk management program and strategy

• Building out and executing upon a risk management strategy with roadmap deliverables, maturity modeling, risk register/catalog development and security/risk metrics.
• Performing focused risks assessments and communicating them to information security “customers,” or business partners.
• Identifying opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.

20%

Building and maintaining information security policies, procedures and processes

• Building and leading security awareness and training around InfoSec for the organization.
• Being directly involved with communicating information security awareness, updates, best practices, etc. to all employees, contractors, etc.
• Building and maintaining information security policies, procedures and processes. Ensuring they are reviewed, current and up to date on a regular basis.
• Establishing a Create-Communicate-Execute process for all policies and working with relevant departments (e.g. Corporate Communications) to this end goal.
• Identifying and implementing appropriate controls to effectively manage information risks as needed.

20%

Developing, building and maintaining a common controls framework

• Developing, building and maintaining a common controls framework to map to NIST CSF, HIPAA, Privacy regulations, local, state and Federal regulations, etc.’
• Providing reporting and metrics toward the alignment of controls to risks and showing maturity models against it

10%

Relationship management across the enterprise

• Involved in customer, partner and vendor risk assessments and communicates them to information security “customers,” or business partners.
• Partnering with Legal, Compliance, and the Privacy Office to identify and address cyber risks to the organization, partners, customers, etc.
• Maintaining strong working relationships with individuals and groups involved in managing information risks across the organization.

TOTAL = 100%  

SUPERVISORY RESPONSIBILITIES

DIRECT REPORTS:

6

INDIRECT REPORTS:

EDUCATION AND EXPERIENCE

MINIMUM REQUIREMENTS

• Bachelors’ degree required.

• 7+ years of information security experience required

• One or more of the following certifications is required: CISSP, CRISC, CHP, CHSE, GSEC, CISM/CISA, ITIL and/or other related Information Security certification.

• Experience leading a Governance, Risk, and Compliance function is required

• Proven track record of leading and managing highly functional GRC team

• Strong presentation, verbal and written communication skills with the ability to articulate complex ideas in easy to understand business terms to all levels of management including senior leaders required

• Knowledge of and experience with privacy and security law issues, particularly HIPAA, required

• Knowledge of information risk management governance, policies, & libraries, analytics & reporting, and issue management required.

• Strong collaboration skills

• Strong business acumen

• Understanding of respective industry best practices (e.g., NIST, HIPAA, HITRUST, ISO, COBIT, OWASP, ITIL, etc.).

• Excellent collaboration skills including ability to lead cross functional teams and build consensus.

Required Skills Required Experience

• Bachelors Degree in finance, corporate finance, accounting, or related field.
• Graduate degree preferred.
• 3 to 5 years of professional experience in a fast-paced operational environment.
• Exceptional interpersonal and communication skills including verbal and written communication.
• Ability to produce high-quality work reflecting attention to detail and accuracy.
• Highly organized, with the demonstrated ability to manage multiple projects and priorities effectively both independently and as part of a team.
• Able to meet tight deadlines.
• Experience with data collection, reporting, management, and analysis.
• Experience with multiple database platforms is a plus.
• Proficient knowledge of Microsoft Office Suite.
• Experience with SAP preferred.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. We are a VEVRAA Federal Contractor.