Executive Director GRC

Trustmark's mission is to improve wellbeing – for everyone. It is a mission grounded in a belief in equality and born from our caring culture. It is a culture we can only realize by building trust. Trust established by ensuring associates feel respected, valued and heard. At Trustmark, you'll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture of diversity and inclusion where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. At Trustmark, we have a commitment to welcoming people, no matter their background, identity or experience, to a workplace where they feel safe being their whole, authentic selves. A workplace made up of diverse, empowered individuals that allows ideas to thrive and enables us to bring the best to our colleagues, clients and communities.

About the role

Responsible for the holistic GRC program which includes Information Security program management, policies, standards, associates control frameworks, security awareness and training, risk management which includes risk quantification, interfacing with internal and external audit, and regulators. Manages information security risks across the organization. Includes management of technology risk, vendor risk management, IT governance, and IT compliance. Will effectively partner with internal and external groups in reporting out risk at multiple levels including executive leadership.

Key Accountabilities

Lead team and develop talent

• Provide thought leadership within Trustmark in the areas of Information Security Governance, Risk and Compliance
• Partners with all levels of Trustmark leadership in furthering the sharing of security awareness and risk management maturity continuum in support of evolving business needs.
• Lead and build a team of security professionals, including setting direction, providing feedback, managing performance, developing employees.
• Coach and mentor to build GRC capabilities.
• Collaborates with business and IT leaders on benefit attainment from capability changes and updates.

Building out and executing a risk management program and strategy

• Building out and executing upon a risk management strategy with roadmap deliverables, maturity modeling, risk register/catalog development and security/risk metrics.
• Performing focused risks assessments and communicating them to information security "customers," or business partners.
• Identifying opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.

Building and maintaining information security policies, procedures, and processes

• Building and leading security awareness and training around InfoSec for the organization.
• Being directly involved with communicating information security awareness, updates, best practices, etc. to all employees, contractors, etc.
• Building and maintaining information security policies, procedures, and processes. Ensuring they are reviewed, current and up to date on a regular basis.
• Establishing a Create-Communicate-Execute process for all policies and working with relevant departments (e.g., Corporate Communications) to this end goal.
• Identifying and implementing appropriate controls to effectively manage information risks as needed.

Developing, building, and maintaining a common controls framework

• Developing, building, and maintaining a common controls framework to map to NIST CSF, HIPAA, Privacy regulations, local, state, and Federal regulations, etc.'
• Providing reporting and metrics toward the alignment of controls to risks and showing maturity models against it.

Relationship management across the enterprise

• Involved in customer, partner and vendor risk assessments and communicates them to information security "customers," or business partners.
• Partnering with Legal, Compliance, and the Privacy Office to identify and address cyber risks to the organization, partners, customers, etc.
• Maintaining strong working relationships with individuals and groups involved in managing information risks across the organization.

Minimum Requirements

• Bachelors' degree.
• 7+ years of information security experience.
• One or more of the following certifications is required: CISSP, CRISC, CHP, CHSE, GSEC, CISM/CISA, and/or other related Information Security certifications.
• Experience leading a Governance, Risk, and Compliance function.
• Proven history of leading and managing highly functional GRC team.
• Strong presentation, verbal, and written communication skills with the ability to articulate complex ideas in easy-to-understand business terms to all levels of management including senior leaders.
• Knowledge of and experience with privacy and security law issues, particularly HIPAA.
• Knowledge of information risk management, governance, policies, & libraries, analytics & reporting, and issue management.
• Strong collaboration skills.
• Strong business acumen.
• Understanding of respective industry best practices (e.g., NIST, HIPAA, ISO, COBIT, OWASP, ITIL, etc.).
• Excellent collaboration skills including ability to lead cross functional teams and build consensus.

The compensation range for this role is (based on the corporate location in Lake Forest, Illinois):

$131, $245,127.00 per year

The final salary offer will be determined based on factors such as location, qualifications, experience, skill set, and other relevant factors. This position may also be eligible for commission. We understand that compensation is an important factor when considering a new opportunity, and we strive to provide a competitive salary within the market.

Brand: Trustmark

Come join a team at Trustmark that will not only utilize your current skills but will enhance them as well. Trustmark benefits include health/dental/vision, life insurance, FSA and HSA, 401(k) plan, Employee Assistant Program, Back-up Care for Children, Adults and Elders and many health and wellness initiatives. We also offer a Wellness program that enables employees to participate in health initiatives to reduce their insurance premiums.

Trustmark is committed to leveraging the talent of a diverse workforce to create great opportunities for our people and our business. We are an equal opportunity employer, including disability and protected veteran status.