• Bachelor’s degree in information security, Information Systems/Technology, Risk Management, Cybersecurity, or a similar discipline.
• 1 year of experience in IT GRC, IT audit, or a closely related compliance or risk function.
• Ability to coordinate with operational and IT/IS personnel to gather evidence, clarify processes, and support control implementation.
• Proficiency with Microsoft Office 365, including Excel and SharePoint for documentation and collaboration.
• Strong written and verbal communication skills, including drafting audit findings and control narratives.
• Familiarity with enterprise infrastructure components such as operating systems, directory services, and security technologies.
• External-facing project experience (e.g., consulting, public accounting) is a plus.
• Strong Preference for candidates located within commuting distance of Ridgeland, MS or willing to work hybrid/remote with occasional in-person sessions.

Additional qualifications required for Level II:

• 3 years of experience in IT GRC, IT audit, or a closely related compliance or risk function.
• Demonstrated ability to work independently with minimal oversight.
• Experience documenting control testing results in GRC platforms or structured formats.
• Working knowledge of GRC platforms (e.g., Archer, AuditBoard, ServiceNow).
• At least one relevant certification (e.g., CISSP, CISM, CISA, CIA, CRISC, CGRC).
• Experience translating regulatory requirements into detailed policies, standards, and control procedures, with the ability to explain technical and regulatory concepts clearly to non-GRC stakeholders.
• Understanding of cybersecurity infrastructure (e.g., firewalls, vulnerability management, IDS/IPS).
• Proactively identifies tasks and next steps rather than waiting for work to be assigned.Approaches problems from a solution oriented perspective and brings proposed options when raising issues.
• Recognizes and corrects gaps or weaknesses in own work prior to submission.
• Produces well structured, professionally formatted reports, presentations, and spreadsheets suitable for executive, audit, and regulatory audiences, with minimal need for substantive review, rework, or edits.

Additional qualifications required for Level III:

• 5 years of experience in IT GRC, IT audit, or a closely related compliance or risk function.
• Proven ability to manage cross-functional collaboration across IT, Engineering, Legal, HR, and other stakeholders.
• Advanced analytical skills with experience using tools like Alteryx, Tableau, Power BI, or Python for reporting and automation.
• Independently identifies, prioritizes, and drives work with minimal direction, proactively voicing and coordinating areas where effort is needed.
• Provides guidance, instruction, and informal training to Analyst I and Analyst II team members.
• Leads project execution by bringing structure, ideas, and recommended solutions, and translating detailed analysis into clear direction.
• Reviews the work of others constructively, identifying weaknesses and improvement opportunities.
• Produces work requiring minimal review and demonstrates sound judgment in improving overall team output beyond personal deliverables.

Physical Requirements & Working Conditions:

Must be able to sit for long periods of time and use computer keyboard and/or mouse requiring hand and wrist manipulation, while viewing computer screens.

Disclaimer:

Management retains the right to add, delete or modify the responsibilities and qualifications of the position at any time.

Trustmark Bank does not accept unsolicited resumes from agencies and/or search firms for any job postings on this site.  Resumes submitted to any Trustmark Bank employee by a third-party agency and/or search firm without a valid, written search agreement signed by Trustmark, will become the sole property of Trustmark Bank.  No fee will be paid if a candidate is hired for a position as a result of an unsolicited agency or search firm referral.