The purpose of this job is to assist the Information Security Risk Manager with the day-to-day management of Trustmark’s Vendor Risk Management program. Direct responsibilities include assurance of compliance with internal policy and external regulatory compliance related to Vendor Due Diligence, Vendor Risk Management, and ongoing Vendor Oversight.

This job would be the primary interface in matters related to vendor risk management and responsible for daily tasks of tracking the status of vendor due diligence in process as well as assigning priorities and resources to meet expected timelines.

Ongoing vendor risk management processes include the implementation and maintenance of policies, controls, practices, management reporting, and coordinating vendor site visits. Additional tasks performed by this position include tracking and escalation, if needed, of vendor risk issues, awareness training via electronic and face-to-face forums.

• Cross-train, lead and develop team of associates to promote maximum productivity, engagement, succession planning and overall contribution to the strategic organizational goals
• Directly responsibility for oversight of compliance with Trustmark’s vendor risk management program related to technology service providers (TSPs), software and hardware vendors, consultants, and other entities with access to customer nonpublic information
• Directly responsible for coordinating timelines, meetings, and resources with the line of business to ensure an effective vendor risk management process
• Assist Management with providing a forum for review, counsel, education, and communication of Service Provider Oversight Program
• Directly responsible for providing Management with required reporting matrices related to vendor risk for annual reporting regarding the Information Security Program to the Audit/Finance Committee of the Board
• Responsibility for coordinating information security site visits to ascertain the level of vendor compliance with information security controls
• Perform additional duties as assigned.

• Four-year college education or equivalent work experience
• Four or more years of work experience related to contractual review and vendor negotiations
• Project Management and Supervisory experience required
• Broad knowledge of Federal Regulations, relative to Information Security and Risk Assessment
• General knowledge of development and implementation of written policy and standards
• Advanced knowledge of Contractual language requirements and review and negotiations
• In depth knowledge of Federal compliance guidelines pertaining to the protection of sensitive customer information (NPI)
• Basic knowledge related to Information Security in a regulated environment (OCC, FDIC, Fed Reserve, CFPB, FFIEC)
• Oral communication skills
• Inter-personal skills
• Knowledge and advanced skills of Microsoft Office products
• Writing skills involved with creating/maintaining information security policy and procedure
• Writing skills related to Management reporting
• Detail oriented
• Analytical skills
• Organizational skills
• Independent judgment
• Ability to negotiate contractual elements
• Work experience in an environment regulated by GLBA and/or HiPAA preferred
• Related certifications (CPM) preferred