Information Security Risk Analyst

Overview The purpose of this job is overall responsibility for maintaining currency of information security risk assessments and the periodic review and maintenance of the Information Security Policy and supporting Standards and Procedures.**This position may be filled as a Level I, II, or III based on additional responsibilities and qualifications required.** Responsibilities Assists ongoing Information Security risk assessments, including review, documentation, reporting, and testing of the controls.Assists with Corporate awareness efforts for review, counsel, education and communication of Information Security Policies and Standards to all associatesResponsible for assisting investigations for Insider Threat Management, Incident Response, and Data Loss PreventionResearch and track information security issues, documentation, and reportingPerform additional duties as assigned.Development and maintenance of Information Security Policy and Standards for TrustmarkResponsible for ongoing Information Security risk assessments, including review, documentation, and reporting Assists with Corporate awareness efforts for review, counsel, education and communication of Information Security Policies and Standards to all associatesResponsible for periodically requesting information and meeting with lines of business to review information security risks Responsible for assisting in the coordination and documentation of responses to both internal and external audits involving Information Security Perform Additional duties as assigned.Additional Responsibilities:Responsible overseeing Information Security Risk Assessment processes and reporting to management, including assisting the CISO with creating the required Annual Information Security Report to the designated Board CommitteeResponsible for review, reporting, awareness training, and recommendations for matters relating to compliance with internal security controls and the Interagency Guidelines for Safeguarding Customer InformationResponsible for monitoring, reporting, and awareness training for compliance with internal policy and regulatory requirements. Responsible for development and maintenance of Trustmark’s Information Security Policy and Standards Provides a forum for review, counsel, education and communication of Information Security Policies and Standards to all personnelResponsible for leading in the research and review of security incidents Qualifications Information Security Risk Analyst ITwo-years college or equivalent work experience in related Information Technology or Information Security requiredGeneral knowledge of Federal Regulations, relative to Information Security Risk Assessment Knowledge and work experience in Data ProcessingGeneral knowledge and experience developing and implementing policy and standardsGeneral knowledge of network infrastructure, client/server policies, and operating systemsOral communication skillsReport writing skills with creating/maintaining information security policy and management reportsDetail orientedAnalytical skillsOrganizational skillsIndependent judgmentPreferred:Four-year college degree preferredWork experience in related Information Technology or Information Security preferredWork experience and knowledge of End User Computing systems preferredSecurity certifications (Security+, Certified in Cybersecurity, etc) preferredWork experience in banking preferredInformation Security Risk Analyst IIFour-year college degree or equivalent work experience in related Information Technology or Information SecurityWork experience and knowledge of End User Computing systems Comprehensive knowledge of Federal Regulations, relative to Information Security Risk Assessments Knowledge and work experience in Information TechnologyBroad knowledge of network infrastructure, client/server policies, and operating systemsAdvanced knowledge of Microsoft Suite toolsGeneral understanding of Information Security tools related to Information Security Functions (DLP, PAM, IAM, Experience (or training) in Risk Assessment processPreferred:Master’s degree in relevant fieldPolicy writing / management reporting experienceSecurity certifications (CISSP, CISA, CRISC, CISM, etc.Information Security Risk Analyst IIIAt least 6 or 8 years of Information Security specific experience requiredExperience in policy creation and maintenance writingWork experience and knowledge of Network devices Knowledge and experience developing and implementing policy and standardsSpecific knowledge of various regulations governing security of customer information and in particular the Interagency Guidelines Establishing Standards for the Safeguarding Customer InformationWriting skills involved with creating/maintaining information security policy and procedureExtensive knowledge of Microsoft Office (Word, Excel, PowerPoint, Extensive knowledge or experience (or training) in Risk Assessment processesPhysical Requirements/Working Conditions: Must be able to sit for long periods of time and use computer keyboard and/or mouse, while viewing computer screens.Note: This is a brief description of this position and is not limited to those described herein. Management retains the right to add, delete or modify any of these responsibilities at any time during employment.