GRC Analyst II

Trustmark’s mission is to improve wellbeing – for everyone. It is a mission grounded in a belief in equality and born from our caring culture. It is a culture we can only realize by building trust. Trust established by ensuring associates feel respected, valued and heard. At Trustmark, you’ll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture of diversity and inclusion where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. At Trustmark, we have a commitment to welcoming people, no matter their background, identity or experience, to a workplace where they feel safe being their whole, authentic selves. A workplace made up of diverse, empowered individuals that allows ideas to thrive and enables us to bring the best to our colleagues, clients and communities.

About the role

Responsible for the daily execution, facilitation, and coordination of activities for Trustmark’s Information Security Program. Participates in risk management by evaluating current conditions, systems and practices within IT and across the enterprise to inform the Information Security Dashboard and as appropriate, develop and maintain effective practices to identify, document, isolate, deter, defend against threats and orchestrate remediation efforts. Works with key business units to drive the design, implementation, operation, and remediation activities of industry accepted control frameworks (NIST CSF, COBIT, etc.) in support of established policies, standards, and regulatory requirements. Provides subject matter expertise, guidance, and internal consultancy to business partners, including Information Technology (IT). Works with closely with Information Security leadership to help ensure the organization is applying the appropriate security controls as determined by the information security strategy. Responsible for serving as the primary information security link between an assigned business unit(s) and enterprise Information Security Office. Responsible for supporting the business unit(s) with security related issues both from the technology as well as policy and standards implementation. Will address issues such as: system vulnerability testing results, business continuity within the system, vendor management, and responding to external third party requests.

Key Accountabilities

• Provides advanced support for IT regarding technical and compliance issues related to Information Security. 

• Initiates, facilitates and promotes cybersecurity within the organization and monitors adherence to security policies, standards and controls.

• Provides guidance and thought leadership to the Associate GRC Analyst and teams working on risk register items as needed, including escalation as needed.

• Provides guidance and thought leadership to the Associate GRC Analyst and teams working on risk audit and assessment items as needed, including escalation as needed.

• Provides thought leadership and hands-on ownership to drive development, review and annual approval/renewal of all IT policies to remain in compliance with required laws and align with Trustmark's integrated control framework.

• Coordinates/responds to information security related inquiries/requests from external stakeholders and third parties to include: request for proposals, contract reviews, audits, regulator requests, etc.

• Participates in risk management by evaluating current conditions, systems and practices within IT and across Trustmark to inform the Information Security Dashboard.  Develops and maintains effective practices to identify, document, isolate, deter, defend against threats and orchestrate remediation efforts.

• Provides consultation to IT and technology service owners with gold standard technical baselining, including but not limited to NIST CSF security framework.

• Drives the planning, preparing, and delivering the Information Security Awareness Program, which includes required virtual security training for faculty, staff, affiliates, as well as those with elevated access.

• Collaborates across IT departments to identify, administer, analyze, and solve critical security problems, as well as operationalize lessons learned into existing or new technological controls, solutions, processes, procedures, or knowledge articles.

• Drives the coordination of regulatory efforts, administers systems owned by InfoSec, serves as business analyst and provides project coordination for the Information Security Program.

Minimum Requirements

• Bachelor’s Degree and 2 – 4 years of related experience.

The compensation range for this role is (based on the corporate location in Lake Forest, Illinois):

$66,772.00 - $124,005.00 per year

The final salary offer will be determined based on factors such as location, qualifications, experience, skill set, and other relevant factors. This position may also be eligible for commission. We understand that compensation is an important factor when considering a new opportunity, and we strive to provide a competitive salary within the market.

Brand: Trustmark

Come join a team at Trustmark that will not only utilize your current skills but will enhance them as well. Trustmark benefits include health/dental/vision, life insurance, FSA and HSA, 401(k) plan, Employee Assistant Program, Back-up Care for Children, Adults and Elders and many health and wellness initiatives. We also offer a Wellness program that enables employees to participate in health initiatives to reduce their insurance premiums.

For the fifth consecutive year we were selected as a Top Workplace by the Chicago Tribune. The award is based exclusively on Trustmark associate responses to an anonymous survey. The survey measured 15 key drivers of engaged cultures that are critical to the success of an organization.

All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, sexual identity, age, veteran or disability.