Job Description

Overview

------------

The purpose of this job is overall responsibility for maintaining currency of information security risk assessments and the periodic review and maintenance of the Information Security Policy and supporting Standards and Procedures.

Responsibilities

--------------------

Assists ongoing Information Security risk assessments, including review, documentation, reporting, and testing of the controls. Assists with Corporate awareness efforts for review, counsel, education and communication of Information Security Policies and Standards to all associates Responsible for assisting investigations for Insider Threat Management, Incident Response, and Data Loss Prevention Research and track information security issues, documentation, and reporting Perform additional duties as assigned. Development and maintenance of Information Security Policy and Standards for Trustmark Responsible for ongoing Information Security risk assessments, including review, documentation, and reporting Assists with Corporate awareness efforts for review, counsel, education and communication of Information Security Policies and Standards to all associates Responsible for periodically requesting information and meeting with lines of business to review information security risks Responsible for assisting in the coordination and documentation of responses to both internal and external audits involving Information Security Perform Additional duties as assigned.

Additional Responsibilities:

Responsible overseeing Information Security Risk Assessment processes and reporting to management, including assisting the CISO with creating the required Annual Information Security Report to the designated Board Committee Responsible for review, reporting, awareness training, and recommendations for matters relating to compliance with internal security controls and the Interagency Guidelines for Safeguarding Customer Information Responsible for monitoring, reporting, and awareness training for compliance with internal policy and regulatory requirements. Responsible for development and maintenance of Trustmark's Information Security Policy and Standards Provides a forum for review, counsel, education and communication of Information Security Policies and Standards to all personnel Responsible for leading in the research and review of security incidents

Qualifications

------------------

Information Security Risk Analyst I

Two-years college or equivalent work experience in related Information Technology or Information Security required General knowledge of Federal Regulations, relative to Information Security Risk Assessment Knowledge and work experience in Data Processing General knowledge and experience developing and implementing policy and standards General knowledge of network infrastructure, client/server policies, and operating systems Oral communication skills Report writing skills with creating/maintaining information security policy and management reports Detail oriented Analytical skills Organizational skills Independent judgment

Preferred:

Four-year college degree preferred Work experience in related Information Technology or Information Security preferred Work experience and knowledge of End User Computing systems preferred Security certifications (Security+, Certified in Cybersecurity, etc) preferred Work experience in banking preferred

Information Security Risk Analyst II

Four-year college degree or equivalent work experience in related Information Technology or Information Security Work experience and knowledge of End User Computing systems Comprehensive knowledge of Federal Regulations, relative to Information Security Risk Assessments Knowledge and work experience in Information Technology Broad knowledge of network infrastructure, client/server policies, and operating systems Advanced knowledge of Microsoft Suite tools General understanding of Information Security tools related to Information Security Functions (DLP, PAM, IAM, etc.) Experience (or training) in Risk Assessment process

Preferred:

Master's degree in relevant field Policy writing / management reporting experience Security certifications (CISSP, CISA, CRISC, CISM, etc.

Information Security Risk Analyst III

At least 6 or 8 years of Information Security specific experience required Experience in policy creation and maintenance writing Work experience and knowledge of Network devices Knowledge and experience developing and implementing policy and standards Specific knowledge of various regulations governing security of customer information and in particular the Interagency Guidelines Establishing Standards for the Safeguarding Customer Information Writing skills involved with creating/maintaining information security policy and procedure Extensive knowledge of Microsoft Office (Word, Excel, PowerPoint, etc.) Extensive knowledge or experience (or training) in Risk Assessment processes

Physical Requirements/Working Conditions:

Must be able to sit for long periods of time and use computer keyboard and/or mouse, while viewing computer screens.

Note: This is a brief description of this position and is not limited to those described herein. Management retains the right to add, delete or modify any of these responsibilities at any time during employment.