What are the responsibilities and job description for the Information Security Risk Analyst Associate/I/II position at Trustmark Bank?
Overview
The purpose of this job is overall responsibility for maintaining currency of information security risk assessments and the periodic review and maintenance of the Information Security Policy and supporting Standards and Procedures.
This Information Security Risk Analyst position may be filled as an Associate Level, Level I, or Level II. Additional responsibilities and qualifications apply.
Responsibilities
- Assists ongoing Information Security risk assessments, including review, documentation, reporting, and testing of the controls.
- Assists with Corporate awareness efforts for review, counsel, education and communication of Information Security Policies and Standards to all associates
- Responsible for assisting investigations for Insider Threat Management, Incident Response, and Data Loss Prevention
- Research and track information security issues, documentation, and reporting
Additional Responsibilities for Level I/II:
- Development and maintenance of Information Security Policy and Standards for Trustmark
- Responsible for ongoing Information Security risk assessments, including review, documentation, and reporting
- Assists with Corporate awareness efforts for review, counsel, education and communication of Information Security Policies and Standards to all associates
- Responsible for periodically requesting information and meeting with lines of business to review information security risks
- Responsible for assisting in the coordination and documentation of responses to both internal and external audits involving Information Security
- Assist with research of information security issues, documentation, and reporting
- Perform Additional duties as assigned.
Qualifications
- Two-years college or equivalent work experience in related Information Technology or Information Security required
- General knowledge of Information Security Risk Assessment methods and testing
- General knowledge and work experience in Information Security or Information Technology
- General knowledge and experience designing and implementing policy and standards
- Detail oriented
- Analytical skills
- Organizational skills
Additional Qualifications for Level I:
- General knowledge of Federal Regulations, relative to Information Security Risk Assessment
- Knowledge and work experience in Data Processing
- General knowledge and experience developing and implementing policy and standards
- General knowledge of network infrastructure, client/server policies, and operating systems
- Oral communication skills
- Report writing skills with creating/maintaining information security policy and management reports
- Independent judgment
- Four-year college degree preferred
- Work experience in related Information Technology or Information Security preferred
- Work experience and knowledge of End User Computing systems preferred
- Security certifications (Security , Certified in Cybersecurity, etc) preferred
- Work experience in banking preferred
Additional Qualifications for Level II:
- Four-year college degree or equivalent work experience in related Information Technology or Information Security
- Work experience and knowledge of End User Computing systems
- Comprehensive knowledge of Federal Regulations, relative to Information Security Risk Assessments
- Knowledge and work experience in Information Technology
- Broad knowledge of network infrastructure, client/server policies, and operating systems
- Advanced knowledge of Microsoft Suite tools
- General understanding of Information Security tools related to Information Security Functions (DLP, PAM, IAM, etc.)
- Experience (or training) in Risk Assessment process
- Master’s degree in relevant field preferred
- Policy writing / management reporting experience preferred
- Security certifications (CISSP, CISA, CRISC, CISM, etc.) preferred
Physical Requirements/Working Conditions: Must be able to sit for long periods of time and use computer keyboard and/or mouse, while viewing computer screens.
Note: This is a brief description of this position and is not limited to those described herein. Management retains the right to add, delete or modify any of these responsibilities at any time during employment.
