The responsibility of this job is to serve as the IT Governance, Risk, and Compliance (GRC) Manager in the enterprise Cybersecurity Operations team within the Information Technology (IT) Department. This position supports the Senior Manager Cyber Security and Governance and IT Senior Management team to include the Director of Infrastructure, Director Business Software Applications, Director of Transformational Services in the daily operation of the governance, risk and compliance programs within the IT Department to meet the regulatory policies and guidelines required.
The IT Governance, Risk and Compliance (GRC) Manager will work with the team outlined above and Third-Party vendor augmentation services to work with other functional areas to include the Chief Information Security Officer, Audit Department, Enterprise Risk Management Department in the management and reporting of the IT Governance, Risk, and Compliance posture of the IT Department based on the appropriate policies and frameworks as identified by the regulations and senior management of the organization. This position will assist the Senior Manager of Cybersecurity and Governance with the day-to-day management of GRC activities including the quarterly reporting process, gathering, and analysis of risk metrics, performing the 1st Line of Defense Risk Control Self Assessments, and maintenance of the Computer Risk Institute Profile within the appropriate regulations control library and system to ensure the appropriate policies and procedures are documented and assessed by the IT Department. The IT Governance, Risk, and Compliance (GRC) Manager will also work with the IT organization to assist the Sarbanes-Oxley Compliance Manager in support of the Sarbanes-Oxley compliance efforts, including performing and reviewing 1st Line of Defense internal controls documentation and testing activities.
Responsibilities Conducting and facilitating IT Risk Assessments and Risk Control Self Assessments Conducting IT Risk Appetite Statement, including metrics Coordinating IT GRC materials with Enterprise Risk, Compliance, and Audit as required Implementing and Maintaining the Computer Risk Institute (CRI) Control library in the appropriate GRC platform. Working with the IT Teams and Leadership to develop and maintain IT Policies and Procedures in alignment with the Computer Risk Institute (CRI) Profile and NIST CSF Working with the IT Teams and Leadership to develop and maintain the appropriate KPIs, KRIs, and Reporting to support the needs of the department to meet regulatory requirements. Conducting the 1st Line of Defense Risk Assessment Coordinating with members of management for Change Management reporting Coordinating with Policy Management to ensure policies are reported to the appropriate committee for approval Managing the Third-Party IT GRC relationships and partners in support of the GRC program to include development, implementation, and control testing of the appropriate controls aligned with the CRI Profile and NIST CSF Framework Management of Third-Party or IT Department Control Testing and Testors and the automation of control testing using the appropriate GRC system. Perform additional duties as assigned. Qualifications Knowledge in the daily implementation, support and auditing of networks, operating systems, and applications based on best practices and remediation techniques to address the identified issues.Experience using project management methodologiesAdministrative and security expertise in the implementation and support of network infrastructure to include routers, switches, load balancers, web application security, etc.Knowledge and Experience with IT Processes, procedures, quality assurance testing, and control testingKnowledge and Experience with implementing a GRC framework in an IT organizationLeadership and Management skills to manage third-party vendors and employees.Team building, leadership and interaction skills to work well with other IT Teams and departments in the implementation and maintenance of the IT GRC ProgramB.S Degree in Information Technology, Information Security, Audit, etc. Preferred or 3-5 years of experience in IT Governance, Risk, and Compliance preferredKnowledge of Financial Sector security requirements and ability to interpret federal laws and regulations that govern IT Security in financial organizations (SOX, GLBA, FFEIC, NIST CSF, and Computer Risk Institute (CRI) is preferred.Knowledge of Financial Sector security requirements and ability to interpret federal laws and regulations that govern IT Security in financial organizations (SOX, GLBA, HIPPA, FFEIC, and NIST) is preferred. Experience with ITSM – ServiceNow ITSM preferredExperience with Project Management – ServiceNow Project Management preferredExperience with GRC platforms- AuditBoard, ServiceNow GRC preferredOne or more industry certifications (CISA, CISM, CRISC, CGEIT) preferred
Physical Requirements/Working Conditions: Must be able to sit for long periods of time and use computer keyboard and/or mouse, while viewing computer screens.
Note: This is a brief description of this position and is not limited to those described herein. Management retains the right to add, delete or modify any of these responsibilities at any time during employment.
Options Apply for this job onlineApplyShareRefer this job to a friendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Trustmark is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, marital status, genetic information, pregnancy, national origin, protected veteran or disability status, and any other status protected by law. Upon request, reasonable accommodations will be made for all qualified individuals with disabilities. If you need accommodation for any part of the application process because of a medical condition or disability please send an email to careers@trustmark.com or call 866-213-1418 to let us know the nature of your request.Equal Opportunity Employer/Females/Minorities/Individuals with Disabilities/Protected Veterans Application FAQs
Software Powered by iCIMS
www.icims.com