Join a passionate and purpose-driven team of colleagues who contribute to Trustmark’s mission of helping people increase wellbeing through better health and greater financial security. At Trustmark, you’ll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. 

POSITION OVERVIEW:  Our IT team is growing and currently looking for a SR GOVERNANCE, RISK & COMPLIANCE ANALYST.  In this role, you’ll be responsible for the daily execution, facilitation, and coordination of activities for Trustmark’s Information Security Program.  You’ll conduct vendor risk assessments, contract reviews and support client security information requests.  This position will also support management of IT General Controls across all of Trustmark’s IT department.  The right candidate will be influential in all areas of GRC team responsibility, and have the opportunity to risk management, policy and standard development, risk management, audit response and InfoSec Program development in addition to the responsibilities in Control Management and Third-Party Risk.

RESPONSIBILITIES:

• Co-leads Trustmark’s Third-Party Risk Management, including IT Security evaluations of perspective vendors, contract reviews and responding to customer and potential customer security questionnaires
• Ensures that all vendors maintain and document appropriate security and privacy controls to protect Trustmark’s data
• Supports development and implementation of IT General Controls and rollout of the control management process
• Provides support for Trustmark's Information Technology Risk Management Program and processes and ensuring that a Risk-focused mindset is adopted across Trustmark IT.
• Expertly reviews, analyzes, and makes recommendations for information security risk; driving improvements to business and IT systems and operational processes.
• Conducts ongoing research into current information security vendor risk management best practices and works with Trustmark leadership in InfoSec, Privacy and Compliance to implement learnings to continually improve the Vendor Risk Management program
• Ensures all risks identified from vendor assessments are tracked and managed via the IT Risk Register to ensure a complete understanding of our IT Risk landscape as well as to ensure remediation of identified risks
• Provides thought leadership on topics and key issues for information security awareness.
• Collaborates across IT departments to identify, administer, analyze, and solve critical security problems, as well as operationalize lessons learned into existing or new technological controls, solutions, processes, procedures, knowledge articles.
• Participates in and collaborates with all other InfoSec GRC team activities and provides thought leadership to continually improve the GRC and InfoSec programs.
• Applies knowledge and skills in their own discipline to complete a wide range of tasks. Identifies key issues from conflicting or partial information.
• Serves as point of contact to solve complex problems by means of systematic and disciplined troubleshooting.

QUALIFICATIONS: 

• Strong intellectual curiosity
• Bachelor’s Degree and 6+ years of related experience OR High School Diploma/GED with 8+ years of related experience.
• Knowledge of IT Risk Management and ability to communicate the benefits of a risk-based approach to IT and business partners.
• Basic knowledge of HIPAA Security Rule, NYDFS, and other federal and state security laws.
• Knowledge of NIST CSF and other security related frameworks
• Preferred Certifications such as CRISC, CISSP, CISA, CTPRP/CTPRA, etc.
• Strong, effective communication skills, both verbal and written
• Ability to interact with and present to senior leaders both in IT and across the organization
• Prior experience with some or all of the following: program/project planning, IT Operations, systems development, and management methodologies

Required Skills Required Experience