Senior IT Governance & Risk Analyst

Old National Bank has been serving clients and communities since 1834. With over $70 billion in total assets, we are a regional powerhouse deeply rooted in the communities we serve. As a trusted partner, we thrive on helping our clients achieve their goals and dreams, and we are committed to social responsibility and investing in our communities through volunteering and charitable giving.

We continually seek highly motivated and talented individuals as our people are critical to our success. In return, we offer competitive compensation with our salary and incentive program, in addition to medical, dental, and vision insurance. 401K, continuing education opportunities and an employee assistance program are also included in our benefit suite. Old National also offers a variety of Impact Network Groups led by team members who are passionate about driving engagement, creating awareness of diverse backgrounds and experiences, and building inclusion across the organization. We offer a unique opportunity to join a growing, community and client-focused company that is firmly rooted in its core values.

The Technology Risk Specialist will play a crucial role in the first line of defense for IT Governance, Risk, and Compliance (GRC) within a large financial institution. This position is responsible for identifying, assessing, and mitigating technology risks to ensure the bank's IT operations are secure, compliant, and resilient.

This role requires collaboration with various departments, including IT, Information Security, Risk and various Lines of Business. The Technology Risk Specialist will work in IT Operations with the Risk and Compliance team to ensure the bank's IT operations are secure and compliant. The role must build successful relationships within the line of business, business risk offices, compliance, cyber security, second line risk organizations, and internal audit and influence leaders on key technology risks and actions needed.

Salary Range

The salary range for this position is $98,400 - $199,000 per year. Final compensation will be determined by location, skills, experience, qualifications and the career level at which the position is filled.

Key Accountabilities

Key Accountability 1: IT Risk Identification & Assessment

Conduct thorough risk assessments to identify potential technology risks and vulnerabilities within the bank's IT infrastructure. This includes performing Risk Control and Self Assessments (RCSAs), Process Level Assessments (PLA), and targeted risk assessments.

Key Accountability 2: IT Risk Compliance

• Ensure compliance with relevant regulations and industry standards, such as COBIT, NIST, SOC 2, and more. Collaborate with internal stakeholders to align risk management practices with regulatory requirements.
• Document and perform control testing to ensure the effectiveness of key controls. This includes monitoring risk appetite metrics and tracking issue management.

Key Accountability 3: IT Risk Mitigation and Governance

• Develop and implement risk mitigation plans to address identified risks. This includes working with business owners, functional specialists, and other key stakeholders to manage risks associated with vendor relationships and third-party services.
• Support internal risk and control governance processes by developing risk analysis, performing deep dive investigations, and driving specific risk initiatives. Conduct periodic risk reviews with executives and support reporting for technology risk metrics.

Key Competencies for Position (for this role, place in order of importance and remove if does not apply)

• Promotes Change - Seeks to understand and embrace change. Actively seeks, information to understand the rationale, implications and impact for changes. Remains agile by quickly modifying daily behavior, leveraging resources, and trying new approaches to effectively embrace change. Willing to act quickly, learn and adjust as needed. Identifies and recommends changes to leadership to improve performance.
• Strategy in Action - Build your strategic mindset capability. Breaks down larger goals into smaller achievable goals and communicates how they are contributing to the broader goal. Actively seeks to understand factors and trends that may influence role. Anticipates risk and develop contingency plans to manage risks. Identified opportunities for improvement and seeks insights from other sources to generate potential solutions. Aligns activities to meet individual, team and organizational goals.

• Compelling Communication - Openly and effectively communicates with others. Effectively and transparently shares information and ideas with others. Tailors the delivery of communication in a way that engages the audience and that is easy to understand and retain. Unites others towards common goal. Asks for others' opinions and ideas and listens actively to gain their support when clarifying expectations, agreeing on a solution and checking for satisfaction.

• Makes Decisions & Solves Problems - Seeks deeper understanding and takes action. Takes ownership of the problem while collaborating with others on a resolution with an appropriate level of urgency. Collaborates and seeks to understands the root

causes of problems. Evaluates the implications of new information or events and recommends solutions using decisions that are sound based on what is known at the time. Takes action that is consistent with available facts, constraints and probable consequences.

Qualifications and Education Requirements

• Experience: 6-8 years of experience in developing risks, associated controls, issues, and/or mitigation plans or performing controls testing over cloud-based infrastructure. Experience in banking or financial services is preferred.
• Technical Skills: Proficient in GRC tools (e.g., Archer, ServiceNow, AuditBoard) and Microsoft applications. Knowledge of information security frameworks (ISO/IEC 27001, COBIT, NIST) and computer applications/architecture (AD, AWS, RBAC, cloud computing).
• Analytical Skills: Strong analytical, organizational, planning, and strategic thinking skills. Ability to perform risk reviews and recommend risk mitigation activities.
• Communication Skills: Excellent communication skills to effectively convey complex cybersecurity concepts to both executives and non-technical staff.

• Education: Bachelor's degree in Information Technology, Cybersecurity, MIS, Risk Management, or a related field.

Old National is proud to be an equal opportunity employer focused on fostering an inclusive workplace and committed to hiring a workforce comprised of diverse backgrounds, cultures and thinking styles.

As such, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, status as a qualified individual with disability, sexual orientation, gender identity or any other characteristic protected by law.

We do not accept resumes from external staffing agencies or independent recruiters for any of our openings unless we have an agreement signed by the Director of Talent Acquisition, SVP, to fill a specific position.

Our culture is firmly rooted in our core values. We are optimistic. We are collaborative. We are inclusive. We are agile. We are ethical.

We are Old National Bank. Join our team!