Senior Cybersecurity Risk & Control Analyst

The Senior Cybersecurity Risk & Control Analyst reports continuously on the state of information security and cyber risk, providing visibility and helping technology leaders and risk managers understand where information security and cyber risk reside and where improvements must be made to protect the business. The Senior Cybersecurity Risk & Control Analyst focuses on information and cyber risks within information security, technology and business processes, as well as third party service provider security.

RENASANT BANK IS AN EQUAL OPPORTUNITY EMPLOYER

Oversee all information/cyber security assessments (new/annual vendor, application, penetration testing, annual cyber maturity) including execution and reporting
• Ensure improvements and efficiencies of the information security program including policy, procedure, technical documentation, reporting and metrics (KPI/KRI)
• Provide Information Security assessment findings to team members and coordinate appropriate response and mitigation
• Create and maintain processes for new and ongoing security assessments of 3rd party service providers, complete reviews as required and provide reporting to Risk Management groups
• Responsible for all information security/cyber risk project initiatives and reporting through operational metrics, project status updates, open audit/examination issues, self-reported issues and enterprise risk reporting
• Develop and maintain KRI and KPI metrics and reporting
• Monitor and maintain reporting of information security/cybersecurity controls to ensure compliance with applicable regulatory requirements. Ensure appropriate controls documentation/narratives, risk/control matrix and any testing artifacts are maintained and provided to enterprise risk management, auditors and/or examiners as appropriate
• Ensure appropriate security controls are documented, tested and reportable for structured and unstructured data stored throughout the enterprise. This includes policy, procedures, and reporting of controls
• Identify and recommend information security risk reduction steps to be implemented and maintained through policies, procedures, frameworks and technical controls
• Assist the Incident Response Team in documenting incidents, preparing reports and responding to inquiries
• Collaborate with information technology, audit, compliance and legal as needed
• Perform other related duties as assigned

• Bachelor's degree required; Information Assurance, Computer Science, Engineering or related degree preferred
• Minimum of 5 years of experience in technology and security administration, and/or security risk management
• Minimum of 3 years of information security risk experience
• ISO 17799, ITIL and NIST experience preferred
• Ability to identify and assess the severity and potential impact of information security and cybersecurity risks. Communicate assessment findings to risk owners outside the cybersecurity program in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance
• Strong knowledge of one or more regulatory requirements and laws such as, but not limited to, PCI, FFIEC, Sarbanes-Oxley Act (SOX), HIPAA, GDPR, and GLBA
• Strong written and oral communication skills across varying levels of the organization
• Organized, with the ability to prioritize and complete tasks within defined SLAs

Physical Demands

The physical demands described are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is frequently required to stand or sit; kneel, stoop, or squat; use hands or fingers to handle or feel objects, tools or controls; reach with hands and arms, and talk or hear. The employee is occasionally required to walk. The employee must occasionally lift and /or move up to 25 pounds. Specific vision abilities required by this job include close vision, peripheral vision, depth perception and the ability to focus.

Work Environment

The Bank's professional working environment requires employees to communicate effectively, both verbally and in writing. Employees must demonstrate strong interpersonal skills when working closely with internal business partners and external clients. Employees may be exposed to confidential and propriety information within the working environment, therefore, must uphold confidentiality at all times. Due to the possibility of being exposed to high risk situations (i.e. robbery), detailed instructions and procedures are required to be followed at all times to safeguard the Bank's employees, customers, and assets.

The above is intended to describe the general content of and requirements for the performance of this job. It is not to be construed as an exhaustive statement of duties, responsibilities, or requirements. The principal duties and responsibilities enumerated are all essential job functions except for those that begin with the word "May".

This job description is intended to describe the normal level of work required by the person performing the work. The principle duties outlined are the essential responsibilities and duties. Other duties may be assigned as needs arise. Job requirements and/or processes may be modified to reasonably accommodate persons with a disability as required by law.

This description is not intended as a contract and is subject to change. Any written contractual agreements supersede this job description.