at Old National Bank in ChicagoChicago, Illinois, United States
Job Description
Sr. Information Security & Technology Risk Analyst
Job Locations
US-IN-Evansville | US-IL-Chicago
Category/Function
Risk/Security
Position Type
Regular Full-Time
Requisition ID
2024-14679
Overview
Old National Bank has been serving clients and communities since 1834. With $48 billion in total assets, we are a regional powerhouse deeply rooted in the communities we serve. As a trusted partner, we thrive on helping our clients achieve their goals and dreams, and we are committed to social responsibility and investing in our communities through volunteering and charitable giving.
Our team members are our greatest asset, and we continually invest in their growth and development. We offer a variety of Impact Network Groups led by team members who are passionate about driving engagement, creating awareness of diverse backgrounds and experiences, and building inclusion across the organization.
We are currently seeking a Senior Information Security Analyst role that will be responsible for driving, maintaining, and validating organizational and third-party compliance with the Information Security policy, program, and standards which address minimum requirements in line with security laws, regulations, and contractual obligations affecting Old National. The role will perform risk and threat assessments as well as control testing to identify issues and work with team members to mitigate risk and resolve control gaps. The role will supports assurance activities related to availability, integrity, and confidentiality of customer, business partner, associate, and business information as requested. This role will influence behaviors to reduce risk and foster a strong technology risk management culture throughout the enterprise.
Key Accountabilities
Perform risk assessments to support issue identification, escalation, and risk mitigation
Facilitate risk assessments and risk management review processes which analyze organizational security control effectiveness and assist team members in the identification and correction of control gaps.
Offer guidance on Old National's information security program when examining impacts of new infrastructure, technologies, processes, or partnerships. Determine which laws and regulations apply and ensure adherence to the required standards for business applications, infrastructure, processes, etc.
Escalate issues and recommendations to management, using a risk-based approach, for immediate attention as needed.
Influence behaviors to reduce risk and foster a strong technology risk management culture throughout the enterprise.
Maintain information security documentation and ensure security awareness
Lead the upkeep, ongoing support, and continuous improvement of ONB's Information Security policies, program, procedures, standards, security documentation, regulatory documentation, etc.
Provide leadership and effort in the buildout, maintenance, and detailed mapping of global regulatory and industry frameworks to organizational control standards.
Work closely with IT and other business units to ensure ONB's Information Security Program is incorporated into their program initiatives and business requirements.
Act as an information security advocate to management, team members, and business/process owners.
Develop, publicize, and support education and training initiatives for all team members to raise awareness of information security and risk management issues.
Organize and prepare committee and council decks, ensure smooth execution of meetings, present information as requested, and communicate and track outcomes of meetings.
Participate in departmental activities including meetings, updates, planning, reporting, and other responsibilities as needed.
Collaborate with internal and external stakeholders:
Create, manage and maintain an effective IT Risk Management Program
Partner with IT on risk control assessments and provide guidance on development and enhancement of key controls and risk management.
Support Technology risk management through coordination with control officers and owners to identify, assess, and manage enterprise risks and the internal control environment. This involves data analysis, risk mitigation, and regular control validation.
Work directly with all business units and team members to ensure completion of information security due diligence documentation and testing is performed on a timely basis and develop plans for further improving controls.
Assess and respond to information security events and incidents. Assist in the coordination with internal and external parties and assist in evaluation, communication and documentation of issues and incidents
Support and coordinate internal audits, collaborating with auditors to ensure adherence to standards
Key Competencies for Position
Planning, Organization, and Execution: Self-starter, motivated,... For full info follow application link.
EOE/Minorities/Females/Vet/Disability
