Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

IT Governance Risk & Compliance (GRC) Analyst

Trustmark

IT Governance Risk & Compliance (GRC) Analyst Location: US-MS-Ridgeland, within Trustmark's Geographic Footprint Overview The IT GRC Analyst operates within the enterprise Cybersecurity Operations function and supports the Information Technology, Information Systems, and other technology teams aligned under the Chief Information Officer. This role executes governance, risk, and compliance activities aligned with regulatory frameworks and internal policies. Core responsibilities include ensuring operational alignment with frameworks such as GLBA, FFIEC, SOX, NIST CSF, and the Computer Risk Institute (CRI) Profile; conducting IT assessments and Risk Control Self Assessments (RCSAs); maintaining control libraries; and supporting recurring testing, reporting, and metrics analysis and response. The analyst contributes to recurring reporting cycles, supports departmental risk remediation and response efforts associated with findings and risks, and helps drive continuous improvement of governance practices through collaboration, documentation, and control maturity efforts. The analyst collaborates with Enterprise Risk, Audit (internal and external), Compliance, and Policy Management teams to execute these activities effectively. Day-to-day responsibilities include control documentation, testing coordination, assistance with reviewing and updating policies, standards, and control libraries, and policy lifecycle support. Familiarity with GRC platforms (e.g., AuditBoard), ITSM tools (e.g., ServiceNow), and regulatory compliance in financial services is strongly preferred. The analyst also contributes to the development and maintenance of IT policies and procedures and supports the definition and tracking of key performance indicators (KPIs) and key risk indicators (KRIs). Success in this role requires strong technical writing skills, cross-functional engagement, and a focus on building and maintaining automation to streamline control testing and reporting processes. The role demands a self-driven desire to continuously learn and improve along with a collaborative mindset and a willingness to meet teammates and coworkers where they are in their processes. The analyst must be committed to helping develop, strengthen, and sustain a resilient and effective IT GRC program across the organization. This position may be filled as a Level I, II or III. Additional responsibilities and qualifications apply. Responsibilities Serve as liaison between internal IT/IS/Cyber teams and Enterprise Risk and Audit to facilitate compliance efforts and assessments (GLBA, FFIEC, SOX, CRI/NIST CSF). Coordinate the collection of sufficient, appropriate evidence for assessments, including facilitating questionnaires and direct engagement with engineers and operational personnel. Execute and document testing procedures in spreadsheets and GRC platforms; draft reports based on results and environmental context. Utilize GRC tools to manage questionnaires, evidence collection, assessment documentation, and asset definitions. Track, document, and support remediation of findings, risk exceptions, and issues identified through audits, assessments, or operational testing, escalating unresolved items as appropriate. Collaborate with internal IT/IS teams to maintain and review policy/standards documentation. Research, implement, and monitor compliance initiatives to protect organizational assets. Assess systems for compliance gaps and oversee sustainable remediation efforts. Manage new and recurring compliance initiatives by conducting control assessments and recommending remediation or compensating controls. Collaborate with peers and leadership to review and refine assessment work. Stay current on regulatory changes and industry best practices to maintain alignment with standards. Facilitate cross-functional collaboration (IT, Engineering, Legal, HR) to address security risks. Advise IT and IS leadership on risk impacts and governance priorities. Assist with the design and monitoring of KPIs and KRIs aligned to operational objectives. Support timely execution of user access reviews and associated remediation efforts. Perform other duties commensurate with responsibilities of an IT GRC department. Associates are expected to perform all additional duties as assigned. Qualifications Bachelor’s degree in information security, Information Systems/Technology, Risk Management, Cybersecurity, or a similar discipline. 1 year of experience in IT GRC, IT audit, or a closely related compliance or risk function. Ability to coordinate with operational and IT/IS personnel to gather evidence, clarify processes, and support control implementation. Proficiency with Microsoft Office 365, including Excel and SharePoint for documentation and collaboration. Strong written and verbal communication skills, including drafting audit findings and control narratives. Familiarity with enterprise infrastructure components such as operating systems, directory services, and security technologies. External-facing project experience (e.g., consulting, public accounting) is a plus. Strong Preference for candidates located within commuting distance of Ridgeland, MS or willing to work hybrid/remote with occasional in-person sessions. Additional qualifications required for Level II: 3 years of experience in IT GRC, IT audit, or a closely related compliance or risk function. Demonstrated ability to work independently with minimal oversight. Experience documenting control testing results in GRC platforms or structured formats. Working knowledge of GRC platforms (e.g., Archer, AuditBoard, ServiceNow). At least one relevant certification (e.g., CISSP, CISM, CISA, CIA, CRISC, CGRC). Experience translating regulatory requirements into detailed policies, standards, and control procedures, with the ability to explain technical and regulatory concepts clearly to non-GRC stakeholders. Understanding of cybersecurity infrastructure (e.g., firewalls, vulnerability management, IDS/IPS). Proactively identifies tasks and next steps rather than waiting for work to be assigned. Approaches problems from a solution oriented perspective and brings proposed options when raising issues. Recognizes and corrects gaps or weaknesses in own work prior to submission. Produces well structured, professionally formatted reports, presentations, and spreadsheets suitable for executive, audit, and regulatory audiences, with minimal need for substantive review, rework, or edits. Additional qualifications required for Level III: 5 years of experience in IT GRC, IT audit, or a closely related compliance or risk function. Proven ability to manage cross-functional collaboration across IT, Engineering, Legal, HR, and other stakeholders. Advanced analytical skills with experience using tools like Alteryx, Tableau, Power BI, or Python for reporting and automation. Independently identifies, prioritizes, and drives work with minimal direction, proactively voicing and coordinating areas where effort is needed. Provides guidance, instruction, and informal training to Analyst I and Analyst II team members. Leads project execution by bringing structure, ideas, and recommended solutions, and translating detailed analysis into clear direction. Reviews the work of others constructively, identifying weaknesses and improvement opportunities. Produces work requiring minimal review and demonstrates sound judgment in improving overall team output beyond personal deliverables. Physical Requirements & Working Conditions Must be able to sit for long periods of time and use computer keyboard and/or mouse requiring hand and wrist manipulation, while viewing computer screens. #J-18808-Ljbffr

Vacancy posted 5 days ago
Similar jobs that could be interesting for youBased on the IT Governance Risk & Compliance (GRC) Analyst in Ridgeland, MS vacancy
  •  ...Trustmark in Ridgeland, MS is seeking an IT GRC Analyst to oversee governance, risk, and compliance activities. The role includes coordinating compliance efforts, executing IT assessments, and developing policies. The ideal candidate will hold a Bachelor's in information... 
    Suggested
    Remote work

    Trustmark

    Ridgeland, MS
    1 day ago
  • Chief Actuary page is loaded## Chief Actuarylocations: Flowood, MStime type: Full timeposted on: Posted 30+ Days Agojob requisition id: JR100268# Healthy Careers Start HereAt Blue Cross & Blue Shield of Mississippi, we encourage professional growth in a challenging and...
    Suggested
    Work at office

    Bcbsms

    Flowood, MS
    4 days ago
  •  ...position is responsible for supporting the Manager, Corporate Compliance; Director, Legal Operations; and the General Counsel in managing...  ...to ensure compliance with local, state and federal laws which govern the business activities of Blue Cross & Blue Shield of Mississippi... 
    Suggested
    Work experience placement
    Work at office
    Local area

    Blue Cross

    Flowood, MS
    1 day ago
  • $70k - $125k

     ...Life Cycle Management (LCM) Analyst I in Tidewater, VA and San Diego...  ...corporate clients, and local governments. Saalex offers competitive...  ...tracking, and sustainment of IT, network, and system assets throughout...  ...ensure system readiness and compliance across global Live Virtual... 
    Suggested
    Contract work
    Temporary work
    Local area
    Flexible hours

    Saalex

    Madison, MS
    4 days ago
  • MDB Health Services Overview MDB Health Services provides medical and psychiatric services to residents in long-term care facilities across Mississippi, Louisiana, Arkansas, Tennessee, Kentucky, and Texas. As the region's largest LTC healthcare provider, we are proud...
    Suggested
    Full time
    Contract work

    MDB Health Services

    Flowood, MS
    2 days ago
  •  ...Overview The Quality Control Analyst is responsible for performing quality assurance and quality control activities across assigned...  ...and testing of HVAC, plumbing, and mechanical systems to ensure compliance with design and specification requirements. Prepare and... 
    Full time
    For subcontractor
    Work at office

    Rogers Mechanical Contractors

    Madison, MS
    5 days ago
  •  ...Job Opportunity As a Business Analyst at GovEase, you will serve as a liaison between business stakeholders and technical teams...  ...multiple priorities and deliver results on schedule. Knowledge of government procurement processes is a plus. Benefits Competitive... 

    GovEase

    Madison, MS
    4 days ago
  •  ...OutSystems, including new development, enhancements, and integrations with other systems. Collaborate with business stakeholders and IT teams to define requirements, translate them into technical specifications, and deliver solutions that meet business objectives.... 
    Hourly pay
    Remote work

    United Rentals

    Flowood, MS
    11 days ago
  • Job Title Code 200 Department Security Coordinator Job Description Duties You will serve as the Code 200 Department Security Coordinator, overseeing and managing personnel, physical, and information security aspects and programs. You will oversee the ...
    Interim role
    Work at office
    Local area
    Immediate start
    Remote work

    Navstar

    Pearl, MS
    2 days ago
  •  ...and Enablon/Sphera platforms. Drive product stewardship initiatives, including SVT (Substance Volume Tracking) and regulatory compliance. Gather and document business and technical requirements for EH&S system implementations. Develop and maintain clear, comprehensive... 
    Long term contract
    Contract work
    Local area

    My3Tech Inc

    Flowood, MS
    1 day ago
  •  ...) for a large Program; coordinates with government Program staff, USAF, and other government...  ...&A staff to assist them in making cyber risk decisions and to mitigate threats....  ...system and integrity scans to determine compliance. Provides guidance and work leadership... 
    Work at office

    General Dynamics Information Technology

    Pearl, MS
    a month ago
  •  ...Summary You will serve as a FINANCIAL MANAGEMENT ANALYST in the Director, Financial Management and Fleet Comptroller division of COMMANDER...  ...financial reviews of ACSA transactions to ensure regulatory compliance, proper classification, and accurate accounting data. You will... 
    Work at office
    Local area
    Immediate start
    Relocation
    Night shift

    U.S. Pacific Fleet, Commander in Chief

    Pearl, MS
    3 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to IT Governance Risk & Compliance (GRC) Analyst. Be the first to apply!