Chief Information Security Officer

Company: Old National Bank
Location: Evansville
Posted on: January 25, 2023

Job Description:

Overview

Old National Bank is honored to be named one of the World's Most Ethical Companies for the 11th consecutive year!

Old National Bank was established in 1834. Today, we are the largest financial services holding company with dual headquarters in Chicago and Evansville, IN. We provide an array of services to our clients which include Community Banking, Investments, and Wealth Management. At Old National, we believe that by helping our team members balance work life with home life, we create a more productive workforce and a stronger company.

We are currently seeking a Chief Information Security Officer (CISO). The CISO is the most senior level role responsible for all information and cybersecurity aspects across the Consumer, Commercial, Wealth Management divisions of the Bank, and other subsidiaries of the holding company. In this role, you will lead an enterprise team of information security specialist who develop and execute on intelligence-led security programs to protect and respond to information security threats. You will lead all aspects of setting strategies, maintaining effective risk management policies and practices, and managing internal and external (third-party) teams.

The CISO and the enterprise security team are directly responsible for all aspects of Cyber Security and Information Security including but not limited to:

DUTIES AND RESPONSIBILITIES:

* Lead the Information Security Department
* Lead programs to perform application, vendor, and cloud Security Reviews and supporting system vulnerability assessments. Performing application risk analysis and threat modeling.
* Conduct Third Party Information Security Assessment Programs
* Continue to advance the Data Loss Protection and Encryption technologies in place in our environment and System server environments, as we migrate to cloud
* Automate and advance our Identity & Access Management and Privileged User Access
* Supporting Secure Software Development Lifecycle and Change Management activities
* Defining security governance and control strategies for emerging technologies such as cloud & containerization, APIs, Chatbots, Virtual Desktops, machine learning, and robotic processing automation.
* Defining and driving the implementation of technology requirements for application development community to proactively integrate security requirements as part of common development objectives.
* Recommending security enhancements and defining mitigating controls for core systems and applications.
* Maintaining our Information Security program, governance, standards, and policies
* Implement automation, monitoring and reporting through industry-leading solutions to protect client and company data assets and physical assets.
* Collaborating with peers to establish appropriate information security standards and provide an effective governance structure to ensure compliance and accountability.
* Conducting incident risk analysis and engaging information security, information technology, business management and other stakeholders for resolution.
* Engaging line of business and risk teams in the review and re-engineering of key controls and processes to manage and reduce risk effectively and efficiently.
* Develop security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
* Effectively manage a budget by controlling expenses within plan and making efficient staffing decisions to achieve both the CISO and Old National business targets.

REQUIRED EDUCATION, EXPERIENCE AND SKILLS:

* A Degree in Information Technology, Engineering, or Business (Advanced Degree Preferred)
* 15+ years of experience in Information/Cybersecurity in a highly regulated industry such as Finance, Healthcare, and/or Government within a large multi-national organization with a global scope with high influence requirements.
* 10+ years people management experience across a national/regional organization, with hands-on experience building diverse teams while promoting an inclusive organization.
* A demonstrated knowledge of information security standards (e.g. NIST, ISO-27001), rules and regulations related to information security and data confidentiality (e.g. PCI, NIST, NSA) and other various security standards and policies.
* A strong understanding of Cloud Security Mode and key principles, such as CSPs Shared Responsibility Models, Security and Infrastructure as Code, Preventive/Reactive Guardrails, Containerization, Server-less Computing, Continuous monitoring/drift detection, and the importance of end-to-end automation.
* Understanding of global institutional financial transaction and message processing (e.g. SWIFT, CHIPS, Fed-Wire, SPEI, SPID)
* Knowledge of application data flows, and bank platforms and operations.
* Demonstrated experience complying with Data Privacy rules and regulations (e.g. GDPR, California Data Privacy, etc.).
* Ability to understand not only emerging industry trends as far as cyber security is concerned, but also the landscape of emerging threats, making appropriate adjustments within the Security Operations programs.
* Ability to effectively manage the tactical cyber security mission while continuing to drive the Old National cyber security strategy, thinking 2-3 years ahead.
* Ability to operate effectively across a matrixed business environment.
* Strong focus and record of execution
* Excellent verbal and written communication skills, preferred presentation skills to Boards and/or Executive Management Committee's
* Strong leadership, strategic thinking, and large-scale planning abilities.
* Strong interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex Information Security topics for understanding and critical decision making.
* Excellent problems solving abilities and analytical skills; proven ability to effectively drive cross-functional teams to meet challenging deadlines solving complex problems.
* Ability to apply a broad and comprehensive understanding across multiple functional areas.
* Strong work ethic, and an excellent use of discretion and judgment.
* Ability to organize, prioritize, and lead multiple deliverables simultaneously across a large corporate environment.
* Key Industry certifications in Information Security, such as CISSP, CISM and CISA

Old National is proud to be an equal opportunity employer focused on fostering an inclusive workplace and committed to hiring a workforce comprised of diverse backgrounds, cultures and thinking styles.

As such, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, status as a qualified individual with disability, sexual orientation, gender identity or any other characteristic protected by law.

We do not accept resumes from external staffing agencies or independent recruiters for any of our openings unless we have an agreement signed by the Head of Talent Acquisition, SVP, to fill a specific position

Keywords: Old National Bank, Evansville , Chief Information Security Officer, Other , Evansville, Indiana