Sr. Information Security & Technology Risk Analyst

Overview

Old National Bank has been serving clients and communities since 1834. With $48 billion in total assets, we are a regional powerhouse deeply rooted in the communities we serve.

As a trusted partner, we thrive on helping our clients achieve their goals and dreams, and we are committed to social responsibility and investing in our communities through volunteering and charitable giving.

Our team members are our greatest asset, and we continually invest in their growth and development. We offer a variety of led by team members who are passionate about driving engagement, creating awareness of diverse backgrounds and experiences, and building inclusion across the organization.

We are currently seeking a Senior Information Security Analyst role that will be responsible for driving, maintaining, and validating organizational and third-party compliance with the Information Security policy, program, and standards which address minimum requirements in line with security laws, regulations, and contractual obligations affecting Old National.

The role will perform risk and threat assessments as well as control testing to identify issues and work with team members to mitigate risk and resolve control gaps.

The role will supports assurance activities related to availability, integrity, and confidentiality of customer, business partner, associate, and business information as requested.

This role will influence behaviors to reduce risk and foster a strong technology risk management culture throughout the enterprise.

Key Accountabilities

Perform risk assessments to support issue identification, escalation, and risk mitigation

• Facilitate risk assessments and risk management review processes which analyze organizational security control effectiveness and assist team members in the identification and correction of control gaps.
• Offer guidance on Old National’s information security program when examining impacts of new infrastructure, technologies, processes, or partnerships.

Determine which laws and regulations apply and ensure adherence to the required standards for business applications, infrastructure, processes, etc.

• Escalate issues and recommendations to management, using a risk-based approach, for immediate attention as needed.
• Influence behaviors to reduce risk and foster a strong technology risk management culture throughout the enterprise.

Maintain information security documentation and ensure security awareness

• Lead the upkeep, ongoing support, and continuous improvement of ONB’s Information Security policies, program, procedures, standards, security documentation, regulatory documentation, etc.
• Provide leadership and effort in the buildout, maintenance, and detailed mapping of global regulatory and industry frameworks to organizational control standards.
• Work closely with IT and other business units to ensure ONB’s Information Security Program is incorporated into their program initiatives and business requirements.
• Act as an information security advocate to management, team members, and business / process owners.
• Develop, publicize, and support education and training initiatives for all team members to raise awareness of information security and risk management issues.
• Organize and prepare committee and council decks, ensure smooth execution of meetings, present information as requested, and communicate and track outcomes of meetings.
• Participate in departmental activities including meetings, updates, planning, reporting, and other responsibilities as needed.

Collaborate with internal and external stakeholders :

• Create, manage and maintain an effective IT Risk Management Program
• Partner with IT on risk control assessments and provide guidance on development and enhancement of key controls and risk management.
• Support Technology risk management through coordination with control officers and owners to identify, assess, and manage enterprise risks and the internal control environment.

This involves data analysis, risk mitigation, and regular control validation.

• Work directly with all business units and team members to ensure completion of information security due diligence documentation and testing is performed on a timely basis and develop plans for further improving controls.
• Assess and respond to information security events and incidents. Assist in the coordination with internal and external parties and assist in evaluation, communication and documentation of issues and incidents
• Support and coordinate internal audits, collaborating with auditors to ensure adherence to standards

Key Competencies for Position

Planning, Organization, and Execution : Self-starter, motivated, able to drive efforts and propose paths forward independently.

Ability to effectively prioritize, track, and execute tasks in a consistent and timely manner while simultaneously managing multiple assignments.

Thorough in accomplishing a task through concern for all the areas involved, no matter how small. Monitors and checks work on information and plans while organizing time and resources efficiently.

Adapts well to changes in assignments and priorities; yet,can maintain focus and stay current with day-to-day responsibilities.

Committed to achieving established goals and overcoming obstacles. Ability to effectively prioritize, track, and execute tasks in a consistent and timely manner

Problem Solving / Decision Making - Ability to define problems, collect data, establish facts, and draw valid conclusions.

Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

Able to identify issues and potential risks; incorporates input from multiple sources (., lines of business, subject matter experts, industry leaders, data, policies, procedures, to ensure complete views determining an effective course of action and to promote shared ownership;

decisions are sound based on what was known at the time and are based on a blend of analysis, wisdom, experience, and judgement.

Communication : Ability to present ideas, decisions, and recommendations effectively to all levels of management in a clear and professional manner, including excellent written, oral communication, and interpersonal skills.

Ability to confidently educate and advise senior leaders.

Technical Knowledge : Possesses the required technical knowledge to perform the role effectively; ability to comprehend new information rapidly in the everchanging technical landscape;

desire for continuous learning to adapt to emerging risks and threats.

Qualifications and Education Requirements

• Bachelor’s degree in Computer Science, Technology, related field, or equivalent work experience required
• 5+ years experience in information security or related field.
• Minimum of 3+ years of experience in IT Risk Management, with a proven track record of successfully running or leading an IT Risk Management program.

Head of Technology Risk preferred.

• Detailed understanding of information security frameworks such as ISO27XXX, NIST, and industry best practices.
• Involvement in adhering to security laws and regulations affecting financial institutions including, but not limited to, GLBA, SOX, HIPAA, FFIEC, etc.
• Extensive knowledge of and experience with technology and security risk management, control development, and control validation.
• Experience in policy, standards, and procedure creation based on selected framework and implementation issues related to regulatory and other requirements.
• Thorough understanding of how to analyze business applications and recommends appropriate security controls.
• Knowledge and experience with an enterprise GRC and IT Service Management system.
• Knowledge of OCC Heightened Standards for risk assessment, incident response, and third-party risk management.
• Achieved or in pursuit of a globally recognized information security certification such as CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or equivalent preferred.

Old National is proud to be an equal opportunity employer focused on fostering an inclusive workplace and committed to hiring a workforce comprised of diverse backgrounds, cultures and thinking styles.

As such, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, status as a qualified individual with disability, sexual orientation, gender identity or any other characteristic protected by law.

We do not accept resumes from external staffing agencies or independent recruiters for any of our openings unless we have an agreement signed by the Director of Talent Acquisition, to fill a specific position

Our culture is firmly rooted in our core values.

We are optimistic. We are collaborative. We are inclusive. We are agile. We are ethical.

We are Old National Bank. Join our team!

Need help finding the right job?