Trustmark’s mission is to improve wellbeing – for everyone. It is a mission grounded in a belief in equality and born from our caring culture. It is a culture we can only realize by building trust. Trust established by ensuring associates feel respected, valued and heard. At Trustmark, you’ll work collaboratively to transform lives and help people, communities and businesses thrive. Flourish in a culture of diversity and inclusion where appreciation, mutual respect and trust are constants, not just for our customers but for ourselves. At Trustmark, we have a commitment to welcoming people, no matter their background, identity or experience, to a workplace where they feel safe being their whole, authentic selves. A workplace made up of diverse, empowered individuals that allows ideas to thrive and enables us to bring the best to our colleagues, clients and communities.
About the role
Responsible for the holistic GRC program which includes Information Security program management, policies, standards, associates control frameworks, security awareness and training, risk management which includes risk quantification, interfacing with internal and external audit, and regulators. Manages information security risks across the organization. Includes management of technology risk, vendor risk management, IT governance, and IT compliance. Will effectively partner with internal and external groups in reporting out risk at multiple levels including executive leadership.Key Accountabilities
Lead team and develop talent
Provide thought leadership within Trustmark in the areas of Information Security Governance, Risk and Compliance
Partners with all levels of Trustmark leadership in furthering the sharing of security awareness and risk management maturity continuum in support of evolving business needs.
Lead and build a team of security professionals, including setting direction, providing feedback, managing performance, developing employees.
Coach and mentor to build GRC capabilities.
Collaborates with business and IT leaders on benefit attainment from capability changes and updates.
Building out and executing a risk management program and strategy
Building out and executing upon a risk management strategy with roadmap deliverables, maturity modeling, risk register/catalog development and security/risk metrics.
Performing focused risks assessments and communicating them to information security “customers,” or business partners.
Identifying opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
Building and maintaining information security policies, procedures, and processes
Building and leading security awareness and training around InfoSec for the organization.
Being directly involved with communicating information security awareness, updates, best practices, etc. to all employees, contractors, etc.
Building and maintaining information security policies, procedures, and processes. Ensuring they are reviewed, current and up to date on a regular basis.
Establishing a Create-Communicate-Execute process for all policies and working with relevant departments (e.g., Corporate Communications) to this end goal.
Identifying and implementing appropriate controls to effectively manage information risks as needed.
Developing, building, and maintaining a common controls framework
Developing, building, and maintaining a common controls framework to map to NIST CSF, HIPAA, Privacy regulations, local, state, and Federal regulations, etc.’
Providing reporting and metrics toward the alignment of controls to risks and showing maturity models against it.
Relationship management across the enterprise
Involved in customer, partner and vendor risk assessments and communicates them to information security “customers,” or business partners.
Partnering with Legal, Compliance, and the Privacy Office to identify and address cyber risks to the organization, partners, customers, etc.
Maintaining strong working relationships with individuals and groups involved in managing information risks across the organization.
Minimum Requirements
Bachelors’ degree.
7+ years of information security experience.
One or more of the following certifications is required: CISSP, CRISC, CHP, CHSE, GSEC, CISM/CISA, and/or other related Information Security certifications.
Experience leading a Governance, Risk, and Compliance function.
Proven history of leading and managing highly functional GRC team.
Strong presentation, verbal, and written communication skills with the ability to articulate complex ideas in easy-to-understand business terms to all levels of management including senior leaders.
Knowledge of and experience with privacy and security law issues, particularly HIPAA.
Knowledge of information risk management, governance, policies, & libraries, analytics & reporting, and issue management.
Strong collaboration skills.
Strong business acumen.
Understanding of respective industry best practices (e.g., NIST, HIPAA, ISO, COBIT, OWASP, ITIL, etc.).
Excellent collaboration skills including ability to lead cross functional teams and build consensus.
The compensation range for this role is (based on the corporate location in Lake Forest, Illinois):
$131,991.00 - $245,127.00 per yearThe final salary offer will be determined based on factors such as location, qualifications, experience, skill set, and other relevant factors. This position may also be eligible for commission. We understand that compensation is an important factor when considering a new opportunity, and we strive to provide a competitive salary within the market.
Brand: Trustmark
Come join a team at Trustmark that will not only utilize your current skills but will enhance them as well. Trustmark benefits include health/dental/vision, life insurance, FSA and HSA, 401(k) plan, Employee Assistant Program, Back-up Care for Children, Adults and Elders and many health and wellness initiatives. We also offer a Wellness program that enables employees to participate in health initiatives to reduce their insurance premiums.
Trustmark is committed to leveraging the talent of a diverse workforce to create great opportunities for our people and our business. We are an equal opportunity employer, including disability and protected veteran status.
Top Skills
What We Do
Trustmark is a national employee benefits company offering specialized expertise in voluntary benefits, self-funded health benefit plan design and administration, and employee health and fitness programs that drive results through human and virtual connection. Trustmark offers employers access to benefit options usually reserved for large companies, combined with the personal service you’d expect from a small company. Trustmark’s commitment to building long-term, trusted relationships helps people and businesses thrive.
• Trustmark Voluntary Benefits provides valuable life, hospital, accident, disability and critical illness insurance designed to fit changing needs based on life stage or financial priorities. Trustmark helps educate employees and provides resources to help communicate the value of benefits and other important company initiatives. To learn more, visit TrustmarkVB.com.
• Trustmark Health Benefits is a total benefits solution for mid-sized and large self-funded employers. As one of the nation’s largest independent benefits administrators, we help our clients manage costs without compromising care by offering innovative solutions, flexibility, and complete data transparency for our clients. To learn more, visit TrustmarkHB.com.
• Trustmark Small Business Benefits® level-funded solutions allow small to mid-size employers to provide affordable health benefits to employees. Available to groups with five or more employees along with simplified underwriting for 51 or more enrolled employees, our comprehensive self-funded plan designs and services help empower clients to be smarter healthcare consumers. To learn more, visit TrustmarkSB.com.
• HealthFitness is a comprehensive wellbeing provider that delivers wellness, fitness and injury prevention programs. To learn more, visit Healthfitness.com.
