Old National Bank SENIOR INFORMATION SECURITY ANALYST in Evansville, Indiana
Old National Bank was established in 1834. Today, we are the largest financial services holding company headquartered in Indiana. We provide an array of services to our clients which include Community Banking, Investments, and Wealth Management. At Old National, we believe that by helping our associates balance work life with home life, we create a more productive workforce and a stronger company.
In 2020, Ethisphere Institute announced Old National Bank as one of the World’s Most Ethical Companies for the ninth consecutive year.
Old National is seeking a Senior Information Security Analyst that will be responsible for working with business units and third-parties to ensure compliance with security laws and regulations affecting Old National (including GLBA, SOX, HIPAA, FFIEC, etc). The Information Security Analyst, Senior will perform risk assessments, control testing to identify issues, and work with team members to mitigate risk and resolve control gaps. The analyst will also maintain policies, standards, and procedures and supports assurance activities related to availability, integrity, and confidentiality of customer, business partner, associate, and business information as requested.
Perform risk assessments to support issue identification, escalation, and risk mitigation
Facilitate risk assessments and risk management review processes which analyze organizational security control effectiveness and assist team members in the identification and correction of control gaps.
Offer guidance on Old National’s information security program when examining impacts of new infrastructure, technologies, processes, or partnerships. Determine which laws and regulations apply and ensure adherence to the required standards for business applications, infrastructure, processes, etc.
Escalate issues and recommendations to management, using a risk-based approach, for immediate attention as needed
Maintain information security documentation and ensure security awareness
Maintain ONB’s Information Security Policies, Standards, Procedures, security documentation, regulatory documentation, etc.
Work closely with IT and other business units to ensure ONB’s Information Security Program is incorporated into their program initiatives and business requirements.
Act as an information security advocate to management, team members, and business/process owners.
Develop, publicize, and support education and training initiatives for all team members to raise awareness of information security and risk management issues
Participate in departmental activities including meetings, updates, planning, and other responsibilities as needed.
Collaborate with internal and external stakeholders:
Work directly with business units and team members to ensure completion of information security due diligence documentation and testing is performed on a timely basis and develop plans for further improving key controls.
Assess and respond to information security events and incidents. Assist in the coordination with internal and external parties and assist in evaluation, communication and documentation of issues and incidents
Assist in the preparation of reporting for presentation to various teams, committees, and organizations.
Key Competencies for Position
Planning, Organization, and Execution: Ability to effectively prioritize, track, and execute tasks in a consistent and timely manner while simultaneously managing multiple assignments. Thorough in accomplishing a task through concern for all the areas involved, no matter how small. Monitors and checks work on information and plans while organizing time and resources efficiently. Adapts well to changes in assignments and priorities; yet,can maintain focus and stay current with day-to-day responsibilities. Committed to achieving established goals and overcoming obstacles. Ability to effectively prioritize, track, and execute tasks in a consistent and timely manner
Problem Solving/Decision Making - Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables. Able to identify issues and potential risks; incorporates input from multiple sources (e.g., lines of business, subject matter experts, industry leaders, data, policies, procedures, etc.) to ensure complete views determining an effective course of action and to promote shared ownership; decisions are sound based on what was known at the time and are based on a blend of analysis, wisdom, experience, and judgement.
Communication: Ability to present ideas, decisions, and recommendations effectively to all levels of management in a clear and professional manner, including excellent written, oral communication, and interpersonal skills.
Technical Knowledge: Possesses the required technical knowledge to perform the role effectively; ability to comprehend new information rapidly in the everchanging technical landscape; desire for continuous learning to adapt to emerging risks and threats.
Qualifications and Education Requirements
Bachelor’s degree in Computer Science, Technology, related field, or equivalent work experience required
5+ years experience in information security or related field.
Detailed understanding of information security frameworks such as ISO27001 or NIST and industry best practices.
Involvement in adhering to security laws and regulations affecting financial institutions including, but not limited to, GLBA, SOX, HIPAA, FFIEC, etc.
Experience in policy, standards, and procedure creation based on selected framework and implementation issues related to regulatory and other requirements.
Thorough understanding of how to analyze business applications and recommends appropriate security controls.
Achieved or in pursuit of a globally recognized information security certification such as CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or equivalent preferred.
Key Measures of Success/Key Deliverables:
Ensure existing and new technologies, partners, and processes meet the security standards of Old National and successful delivery per internal and external SLA agreements.
Development of strong relationships and technical work throughout the organization and with key vendors, to ensure the bank is benefiting from a procedural, security, compliance, and efficiency perspective
Continual development of knowledge base and applied learning to benefit the company
Old National is proud to be an equal opportunity employer focused on fostering an inclusive workplace and committed to hiring a workforce comprised of diverse backgrounds, cultures and thinking styles.
As such, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, status as a qualified individual with disability, sexual orientation, gender identity or any other characteristic protected by law.
We do not accept resumes from external staffing agencies or independent recruiters for any of our openings unless we have an agreement signed by the Talent Acquisition Director, VP, to fill a specific position.
External Job Title: SENIOR INFORMATION SECURITY ANALYST
Requisition ID: 2020-5980
Street: 101 N.W. 4th St.