Information Security Risk Analyst

The purpose of this job is overall responsibility for maintaining currency of information security risk assessments and the periodic review and maintenance of the Information Security Policy and supporting Standards and Procedures.

**This position may be filled as a Level I, II, or III based on additional responsibilities and qualifications required.**

• Assists ongoing Information Security risk assessments, including review, documentation, reporting, and testing of the controls.
• Assists with Corporate awareness efforts for review, counsel, education and communication of Information Security Policies and Standards to all associates
• Responsible for assisting investigations for Insider Threat Management, Incident Response, and Data Loss Prevention
• Research and track information security issues, documentation, and reporting
• Development and maintenance of Information Security Policy and Standards for Trustmark
• Responsible for ongoing Information Security risk assessments, including review, documentation, and reporting
• Assists with Corporate awareness efforts for review, counsel, education and communication of Information Security Policies and Standards to all associates
• Responsible for periodically requesting information and meeting with lines of business to review information security risks
• Responsible for assisting in the coordination and documentation of responses to both internal and external audits involving Information Security
• Assist with research of information security issues, documentation, and reporting
• Perform Additional duties as assigned.

Level III Additional Responsibilities:

• Responsible overseeing Information Security Risk Assessment processes and reporting to management, including assisting the CISO with creating the required Annual Information Security Report to the designated Board Committee
• Responsible for review, reporting, awareness training, and recommendations for matters relating to compliance with internal security controls and the Interagency Guidelines for Safeguarding Customer Information
• Responsible for monitoring, reporting, and awareness training for compliance with internal policy and regulatory requirements.
• Responsible for development and maintenance of Trustmark’s Information Security Policy and Standards
• Provides a forum for review, counsel, education and communication of Information Security Policies and Standards to all personnel
• Responsible for leading in the research and review of security incidents

• Two-years college or equivalent work experience in related Information Technology or Information Security required
• General knowledge of Federal Regulations, relative to Information Security Risk Assessment
• Knowledge and work experience in Data Processing
• General knowledge and experience developing and implementing policy and standards
• General knowledge of network infrastructure, client/server policies, and operating systems
• Oral communication skills
• Report writing skills with creating/maintaining information security policy and management reports
• Detail oriented
• Analytical skills
• Organizational skills
• Independent judgment
• Four-year college degree preferred
• Work experience in related Information Technology or Information Security preferred
• Work experience and knowledge of End User Computing systems preferred
• Security certifications (Security+, Certified in Cybersecurity, etc) preferred
• Work experience in banking preferred

Level II Additional Qualifications:

• Four-year college degree or equivalent work experience in related Information Technology or Information Security
• Work experience and knowledge of End User Computing systems
• Comprehensive knowledge of Federal Regulations, relative to Information Security Risk Assessments
• Knowledge and work experience in Information Technology
• Broad knowledge of network infrastructure, client/server policies, and operating systems
• Advanced knowledge of Microsoft Suite tools
• General understanding of Information Security tools related to Information Security Functions (DLP, PAM, IAM, etc.)
• Experience (or training) in Risk Assessment process
• Master’s degree in relevant field preferred
• Policy writing / management reporting experience preferred
• Security certifications (CISSP, CISA, CRISC, CISM, etc.) preferred

Level III Additional Qualifications:

• At least 6 or 8 years of Information Security specific experience required
• Experience in policy creation and maintenance writing
• Work experience and knowledge of Network devices
• Knowledge and experience developing and implementing policy and standards
• Specific knowledge of various regulations governing security of customer information and in particular the Interagency Guidelines Establishing Standards for the Safeguarding Customer Information
• Writing skills involved with creating/maintaining information security policy and procedure
• Extensive knowledge of Microsoft Office (Word, Excel, PowerPoint, etc.)
• Extensive knowledge or experience (or training) in Risk Assessment processes

Physical Requirements/Working Conditions: Must be able to sit for long periods of time and use computer keyboard and/or mouse, while viewing computer screens.

Note: This is a brief description of this position and is not limited to those described herein. Management retains the right to add, delete or modify any of these responsibilities at any time during employment.