Old National Bank

Information Security & Technology Mgr, Sr

Old National Bank$98K — $199K *
Lafayette, IN 47909In-Person
Information Technology
8 - 10 years of experience
Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Information Technology, Cybersecurity, Risk Management, Audit, or related field (advanced degree preferred).
  • 10+ years of relevant experience in information security, technology risk, governance, risk and compliance in a regulated industry, including 3+ years in management.
  • Experience with aligning security and technology risk governance to recognized frameworks (e.g., NIST, ISO 27001).
  • Demonstrated ability to establish risk monitoring and independent testing/validation processes.
  • Strong communication and presentation skills to effectively convey risk posture to management committees.
  • Proven partnership abilities across organizational levels and the capacity to build positive relationships.
  • Thorough understanding of auditing techniques and applicable banking laws and regulations.

Responsibilities

  • Develop and maintain the information security and technology risk management framework.
  • Provide independent oversight and advisory support on risk identification and control effectiveness.
  • Oversee governance, risk compliance, and ensure adherence to information security policies.
  • Execute second line monitoring and review activities and validate control effectiveness.
  • Establish and execute an annual independent testing plan across risk domains.
  • Manage enterprise security training and awareness initiatives to foster a risk-aware culture.
  • Support regulatory examinations and audits by preparing necessary documentation and responses.

Benefits

  • Opportunity to lead and shape organizational risk management practices.
  • Engagement with a variety of internal and external stakeholders, enhancing visibility and collaboration.
  • Access to a strong support system for professional development and growth.
  • Participation in initiatives to foster a risk-aware culture within the organization.
Full Job Description
Overview

The Information Security & Technology Risk Manager supports and executes second line of defense (2LOD) governance, oversight, and independent challenge across information security and technology risk at Old National Bancorp. Reporting to the Director of Information Security & Technology Risk, this role is responsible for establishing and maintaining the enterprise information security and technology risk framework, including policies, standards, and monitoring practices, to ensure alignment with Board‑approved risk appetite and regulatory expectations.

This role supports the execution and continuous enhancement of the Information Security and Technology Risk Management Program, helping to safeguard the confidentiality, integrity, and availability of customer, employee, and business information in accordance with ONB policies and applicable regulatory requirements. The Manager serves as a consultative partner to both the first and second lines of defense, providing risk advisory and interpretation of regulatory expectations to business units and leadership.

Additionally, this role provides independent oversight of first‑line technology and information security activities, leveraging strong analytical expertise and sound risk judgment to assess, challenge, and strengthen risk management practices and control effectiveness. Key responsibilities include overseeing governance, risk, and compliance (GRC) activities, leading independent testing and validation, and managing corporate security awareness initiatives.

Key Accountabilities

The Information Security and Technology Risk Manager and the second line team are directly responsible for enterprise oversight of Information Security and Technology Risk Management including but not limited to:

Governance, Risk & Compliance (GRC) – Information Security and Technology Risk Management Framework Ownership

  • Support the development, enhancement, and ongoing maintenance of the enterprise Information Security & Technology Risk Management (ISTRM) framework, including programs, policies, standards, guidelines, and procedures to ensure alignment with regulatory and industry expectations.
  • Contribute to the maintenance of technology and cyber risk taxonomy, risk appetite alignment, and key risk indicators (KRIs), supporting consistent risk measurement, monitoring, and reporting to management and Board committees.
  • Provide independent challenge and advisory support to first line risk offices and technology leadership on risk identification, control effectiveness, and remediation prioritization, while partnering with stakeholders to ensure timely issue identification and resolution.
  • Oversee adherence to information security and technology risk policies, programs, and standards, including monitoring control effectiveness and supporting continuous improvement of governance, risk analysis, and oversight practices.
  • Support the implementation of information security and technology risk governance, monitoring, and risk management activities, including security awareness initiatives, to promote a strong control environment and risk-aware culture.
  • Apply risk management practices to safeguard sensitive data and support compliance with applicable legal, regulatory, and industry requirements across information assets and technology systems.

Risk Identification, Assessment, Monitoring & Reporting (2LOD)

  • Execute and oversee second line monitoring and review activities using a risk-based approach, including validation of control design and operating effectiveness performed by first line teams.
  • Maintain and support governance of risk registers, issue inventories, and exception tracking within the enterprise GRC platform; ensure appropriate documentation, escalation, and reporting cadence.
  • Develop and deliver clear, concise risk reporting for management and risk committees, including trends, material findings, and aging issues/exceptions.

Independent Testing & Validation (Assurance within 2LOD)

  • Establish and execute an annual independent testing and validation plan across information security and technology risk domains, informed by risk assessments, regulatory expectations, and audit/exam feedback.
  • Perform independent validation of remediation for material issues and control deficiencies; confirm evidence sufficiency and recommend formal closure or escalation where gaps remain.
  • Coordinate with Internal Audit (3LOD) and external examiners to align testing scopes, reduce duplication, and ensure timely resolution of findings.

Security Training, Awareness & Culture

  • Manage and enhance enterprise security training and awareness activities, including administration of required training and tracking of completion metrics.
  • Monitor alignment of enterprise training and awareness efforts with regulatory expectations and evolving threat landscape; report on participation and identified gaps.
  • Partner with HR, Compliance, and business units to promote a consistent and risk-aware culture across the organization.

Regulatory, Audit & Committee Engagement

  • Support regulatory examinations and audits related to information security, technology risk, and resilience by providing documentation, evidence, and responses as needed.
  • Contribute to preparation of management and committee reporting materials, including risk posture updates and tracking of action items.
  • Collaborate with Technology, Information Security (1LOD), ERM, Compliance, TPRM, and Legal to support practical and effective governance and risk management practices.

Key Competencies for Position

People Leadership:

  • Coach & Empower Others: Provides timely feedback, support, and guidance to encourage and support associates to accomplish tasks, solve problems, and enhance their professional development.
  • Lead Change: Leads change efforts, engaging team members who are resistant to change to gain their support and commitment, helps associates understand why the change is occurring, continuously sharing information, and assessing the adoption of the change.

Culture Leadership:

  • Culture & Values Leadership: Demonstrates Old National's culture in daily interactions and encourages associates to live by our culture and core values.

Execution Leadership:

  • Drive and Execution: Establishes clear objectives, metrics, and governance cadence; delivers risk oversight commitments with rigor and follow-through.
  • Collaboration: Builds trusted partnerships across Risk, Technology, Security, Compliance, and the business to drive consistent risk outcomes.
  • Risk Leadership / Independent Challenge: Demonstrates credibility and judgment to challenge first line decisions, validate evidence, and escalate material risks appropriately.
  • Communication: Communicates complex risk and control topics clearly to executive management and governance committees; ensures timely escalation and stakeholder alignment.
  • Analytical Problem Solving: Synthesizes qualitative and quantitative risk data to identify themes, prioritize actions, and recommend pragmatic risk responses.

Qualifications and Education Requirements

  • Bachelor degree in Information Technology, Cybersecurity, Risk Management, Audit, or related field (advanced degree preferred).
  • 10+ years relevant experience across information security, technology risk, governance, risk, and compliance (GRC), or related disciplines in a highly regulated industry, with a minimum of 3 years managing teams.
  • 3+ years of management experience.
  • Demonstrated experience aligning security and technology risk governance to recognized frameworks (e.g., NIST, ISO 27001) and banking regulatory expectations.
  • Experience establishing risk monitoring, independent testing/validation, and issue/exception governance processes with strong evidence discipline.
  • Strong communication skills; experience presenting risk posture, trends, and recommendations to management committees.
  • Proven ability to partner effectively across all levels of the organization and develop positive working relationships.
  • Strong presence with internal partners and external constituents, as necessary
  • Thorough understanding of auditing/examination techniques. Knowledge of applicable state and federal banking laws and regulations and of bank services, policies, and procedures.
  • Demonstrates conceptual thinking and analytical skills. Advanced problem-solving skills with the ability to define problems, analyze variables and propose solutions.
  • Strong leadership skills with supervisory experience, strong interpersonal skills and knowledgeable risk management professional.

Preferred certifications:

  • CISSP, CISM, CISA, CRISC, or equivalent.

About Old National Bank

Old National Bank is a regional bank with its headquarters in Evansville, Indiana. It is the largest financial services holding company headquartered in Indiana and operates in Indiana, Kentucky, Michigan, Wisconsin, and Minnesota. The bank offers a range of financial services, including personal and business banking, wealth management, and insurance. Old National Bank has a strong commitment to community involvement and has been recognized for its philanthropic efforts. The bank has received numerous awards for its workplace culture and has been named one of the Best Banks to Work For by American Banker.
Learn more about Old National Bank
Size
4,333 employees
Market Cap
$5.1 billion
Industry
Finance & Insurance
Net Income
$226.4 million
Founded
1834
5 Year Trend
+7.4%
NASDAQ
ONB
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at Old National Bank

More Information Technology Jobs

Find similar Information Security & Technology Mgr, Sr jobs:

NationwideLafayette, IN