IT Risk Program Officer

Old National Bank has been serving clients and communities since 1834. With over $70 billion in total assets, we are a regional powerhouse deeply rooted in the communities we serve. As a trusted partner, we thrive on helping our clients achieve their goals and dreams, and we are committed to social responsibility and investing in our communities through volunteering and charitable giving.

We continually seek highly motivated and talented individuals as our people are critical to our success. In return, we offer competitive compensation with our salary and incentive program, in addition to medical, dental, and vision insurance. 401K, continuing education opportunities and an employee assistance program are also included in our benefit suite. Old National also offers a variety of Impact Network Groups led by team members who are passionate about driving engagement, creating awareness of diverse backgrounds and experiences, and building inclusion across the organization. We offer a unique opportunity to join a growing, community and client-focused company that is firmly rooted in its core values.

Position Summary

The IT Risk Program Analyst will serve as a key member of the IT First Line Risk team, reporting to the IT Risk Program Lead. In this position, you will support three key business technology segments - Commercial, Community & Wealth, and Corporate Solutions - working closely with each segment's Chief Information Officer (CIO) to ensure that IT operations are secure, compliant, and resilient. You will advise on the design and management of technical controls, support leaders in planning risk mitigation and remediation activities, and act as a liaison among IT teams, internal audit, risk management, and regulators.

The IT Risk Program Analyst will work in a highly collaborative, fast-paced environment that spans multiple business units. This role requires leadership through influence - you must be comfortable taking initiative, coordinating efforts across different teams, and guiding stakeholders at all levels toward effective risk management outcomes. Expect a mix of independent analysis/documentation work and group meetings or workshops (for example, facilitating RCSA sessions or discussing remediation plans with project teams). The ability to juggle multiple priorities and communicate proactively will be key to succeeding in this role.

Overall, this position offers the opportunity to have a significant strategic impact on the organization's risk posture. You will help shape how the bank manages technology risk across several major lines of business, working alongside senior leaders to ensure that risk is well-understood and properly controlled in support of the bank's objectives. Your contributions will directly support a culture of strong risk governance and continuous improvement in our IT practices.

Salary Range

The salary range for this position is $77,900 - $153,000 per year. Final compensation will be determined by location, skills, experience, qualifications and the career level at which the position is filled.

Key Accountabilities

Risk Identification & Assessment: Lead thorough risk assessments for the Commercial, Community & Wealth, and Corporate Solutions IT groups. This includes conducting and facilitating Risk and Control Self-Assessments (RCSAs) and other targeted risk reviews to identify potential technology risks and control gaps in each line of business.
• Technical Controls & Remediation: Provide guidance on the design and implementation of technical controls to meet enterprise security standards. Work with IT teams to advise on security controls and best practices and assist in developing remediation plans for any identified control weaknesses or audit findings. Ensure that risk mitigation strategies are effectively executed and tracked through completion.
• Audit & Regulatory Liaison: Serve as the primary liaison for these lines of business during audits and regulatory examinations. Support the CIO in engagements with risk management, internal audit, and regulators to guide the team and reduce disruptions to business operations. Assist in translating findings into actionable IT controls and monitor their implementation.
• Risk Governance & Reporting: Drive risk governance processes and reporting for the supported segments. This includes preparing and presenting regular IT risk reports, metrics, and dashboards to business leaders and risk committees, highlighting the current risk posture and the status of risk mitigation efforts. Lead periodic risk review meetings with executives to discuss significant risks, control effectiveness, and required actions.
• Compliance & Framework Alignment: Ensure that each line of business's IT activities adhere to relevant industry frameworks and standards. Maintain up-to-date knowledge of and alignment with NIST, COBIT, CIS Critical Security Controls, and other industry frameworks, as well as regulatory guidance like OCC Heightened Standards and FFIEC IT examination handbooks. Recommend and implement necessary policy or process changes to meet these standards and compliance requirements.
• Cross-Functional Collaboration: Build and maintain strong relationships with stakeholders across the organization. Collaborate daily with IT infrastructure and application teams, Information Security, Business Risk Offices, and other departments to support achievement of the bank's strategic objectives while promoting a proactive risk management culture. Influence and educate business and technology leaders (including the divisional CIOs and their leadership teams) on key technology risks, controls, and required remediation actions.

Qualifications and Education Requirements

• Experience: Experience in IT and risk management domains, ideally within financial services. Proven track record developing risk assessments, defining controls, and leading remediation efforts for identified risks.
• Frameworks & Regulations: Solid understanding of NIST, COBIT, and CIS Critical Security Controls. Familiarity with banking regulatory requirements (e.g., OCC Heightened Standards, FFIEC guidelines) and ensuring IT controls align with these standards.
• Technical Proficiency: Skilled with GRC tools (such as Archer, ServiceNow) and IT environments. Exposure to cloud platforms (AWS, Azure), IT infrastructure, application development, and third-party/vendor risk management is beneficial.
• Analytical & Problem-Solving: Excellent analytical skills and attention to detail. Capable of assessing complex IT systems, identifying root causes, and prioritizing remediation based on business impact.
• Communication & Influence: Strong written and verbal communication. Able to explain technical risk issues in business terms and influence cross-functional teams to drive change.
• Education: Bachelor's degree required; advanced degree or relevant certifications (e.g., CISA, CRISC, CISSP) are a plus.

Old National is proud to be an equal opportunity employer focused on fostering an inclusive workplace and committed to hiring a workforce comprised of diverse backgrounds, cultures and thinking styles.

As such, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, status as a qualified individual with disability, sexual orientation, gender identity or any other characteristic protected by law.

We do not accept resumes from external staffing agencies or independent recruiters for any of our openings unless we have an agreement signed by the Director of Talent Acquisition, SVP, to fill a specific position.

Our culture is firmly rooted in our core values.

We are optimistic. We are collaborative. We are inclusive. We are agile. We are ethical.

We are Old National Bank. Join our team!