Chief Information Security Officer
Company: Old National Bank
Posted on: January 25, 2023
Old National Bank is honored to be named one of the World's Most
Ethical Companies for the 11th consecutive year!
Old National Bank was established in 1834. Today, we are the
largest financial services holding company with dual headquarters
in Chicago and Evansville, IN. We provide an array of services to
our clients which include Community Banking, Investments, and
Wealth Management. At Old National, we believe that by helping our
team members balance work life with home life, we create a more
productive workforce and a stronger company.
We are currently seeking a Chief Information Security Officer
(CISO). The CISO is the most senior level role responsible for all
information and cybersecurity aspects across the Consumer,
Commercial, Wealth Management divisions of the Bank, and other
subsidiaries of the holding company. In this role, you will lead an
enterprise team of information security specialist who develop and
execute on intelligence-led security programs to protect and
respond to information security threats. You will lead all aspects
of setting strategies, maintaining effective risk management
policies and practices, and managing internal and external
The CISO and the enterprise security team are directly responsible
for all aspects of Cyber Security and Information Security
including but not limited to:
DUTIES AND RESPONSIBILITIES:
* Lead the Information Security Department
* Lead programs to perform application, vendor, and cloud Security
Reviews and supporting system vulnerability assessments. Performing
application risk analysis and threat modeling.
* Conduct Third Party Information Security Assessment Programs
* Continue to advance the Data Loss Protection and Encryption
technologies in place in our environment and System server
environments, as we migrate to cloud
* Automate and advance our Identity & Access Management and
Privileged User Access
* Supporting Secure Software Development Lifecycle and Change
* Defining security governance and control strategies for emerging
technologies such as cloud & containerization, APIs, Chatbots,
Virtual Desktops, machine learning, and robotic processing
* Defining and driving the implementation of technology
requirements for application development community to proactively
integrate security requirements as part of common development
* Recommending security enhancements and defining mitigating
controls for core systems and applications.
* Maintaining our Information Security program, governance,
standards, and policies
* Implement automation, monitoring and reporting through
industry-leading solutions to protect client and company data
assets and physical assets.
* Collaborating with peers to establish appropriate information
security standards and provide an effective governance structure to
ensure compliance and accountability.
* Conducting incident risk analysis and engaging information
security, information technology, business management and other
stakeholders for resolution.
* Engaging line of business and risk teams in the review and
re-engineering of key controls and processes to manage and reduce
risk effectively and efficiently.
* Develop security vision and strategy that is aligned to
organizational priorities and enables and facilitates the
organization's business objectives, and ensure senior stakeholder
buy-in and mandate.
* Effectively manage a budget by controlling expenses within plan
and making efficient staffing decisions to achieve both the CISO
and Old National business targets.
REQUIRED EDUCATION, EXPERIENCE AND SKILLS:
* A Degree in Information Technology, Engineering, or Business
(Advanced Degree Preferred)
* 15+ years of experience in Information/Cybersecurity in a highly
regulated industry such as Finance, Healthcare, and/or Government
within a large multi-national organization with a global scope with
high influence requirements.
* 10+ years people management experience across a national/regional
organization, with hands-on experience building diverse teams while
promoting an inclusive organization.
* A demonstrated knowledge of information security standards (e.g.
NIST, ISO-27001), rules and regulations related to information
security and data confidentiality (e.g. PCI, NIST, NSA) and other
various security standards and policies.
* A strong understanding of Cloud Security Mode and key principles,
such as CSPs Shared Responsibility Models, Security and
Infrastructure as Code, Preventive/Reactive Guardrails,
Containerization, Server-less Computing, Continuous
monitoring/drift detection, and the importance of end-to-end
* Understanding of global institutional financial transaction and
message processing (e.g. SWIFT, CHIPS, Fed-Wire, SPEI, SPID)
* Knowledge of application data flows, and bank platforms and
* Demonstrated experience complying with Data Privacy rules and
regulations (e.g. GDPR, California Data Privacy, etc.).
* Ability to understand not only emerging industry trends as far as
cyber security is concerned, but also the landscape of emerging
threats, making appropriate adjustments within the Security
* Ability to effectively manage the tactical cyber security mission
while continuing to drive the Old National cyber security strategy,
thinking 2-3 years ahead.
* Ability to operate effectively across a matrixed business
* Strong focus and record of execution
* Excellent verbal and written communication skills, preferred
presentation skills to Boards and/or Executive Management
* Strong leadership, strategic thinking, and large-scale planning
* Strong interpersonal and communication skills with the ability to
influence at all levels of the organization, while being able to
simplify complex Information Security topics for understanding and
critical decision making.
* Excellent problems solving abilities and analytical skills;
proven ability to effectively drive cross-functional teams to meet
challenging deadlines solving complex problems.
* Ability to apply a broad and comprehensive understanding across
multiple functional areas.
* Strong work ethic, and an excellent use of discretion and
* Ability to organize, prioritize, and lead multiple deliverables
simultaneously across a large corporate environment.
* Key Industry certifications in Information Security, such as
CISSP, CISM and CISA
Old National is proud to be an equal opportunity employer focused
on fostering an inclusive workplace and committed to hiring a
workforce comprised of diverse backgrounds, cultures and thinking
As such, all qualified applicants will receive consideration for
employment without regard to race, color, religion, sex, national
origin, protected veteran status, status as a qualified individual
with disability, sexual orientation, gender identity or any other
characteristic protected by law.
We do not accept resumes from external staffing agencies or
independent recruiters for any of our openings unless we have an
agreement signed by the Head of Talent Acquisition, SVP, to fill a
Keywords: Old National Bank, Evansville , Chief Information Security Officer, Other , Evansville, Indiana
Didn't find what you're looking for? Search again!