IT Audit Director

Old National Bank•St Louis Park, MN

About The Position

Old National Bank has been serving clients and communities since 1834. With over $70 billion in total assets, we are a regional powerhouse deeply rooted in the communities we serve. As a trusted partner, we thrive on helping our clients achieve their goals and dreams, and we are committed to social responsibility and investing in our communities through volunteering and charitable giving. We continually seek highly motivated and talented individuals as our people are critical to our success. In return, we offer competitive compensation with our salary and incentive program, in addition to medical, dental, and vision insurance. 401K, continuing education opportunities and an employee assistance program are also included in our benefit suite. Old National also offers a variety of Impact Network Groups led by team members who are passionate about driving engagement, creating awareness of diverse backgrounds and experiences, and building inclusion across the organization. We offer a unique opportunity to join a growing, community and client-focused company that is firmly rooted in its core values. The Audit Director will lead Old National’s IT audit program, responsible for the execution of all IT-related audits for the company, coaching and developing assigned team members, and developing and maintaining constructive relationships with IT officers, senior leaders, and other key stakeholders. Technology audits cover processes such as cybersecurity, disaster recovery, data privacy and management, and keeping current on business/industry changes and their effect on the business, audit plan/approach and risk assessments is imperative. The salary range for this position is $127,900 - $258,600 per year plus bonus. The base salary indicated for this position reflects the compensation range applicable to all levels of the role across the United States. Actual salary offers within this range may vary based on a number of factors, including the specific responsibilities of the position, the candidate’s relevant skills and professional experience, educational qualifications, and geographic location.

Requirements

Bachelor’s degree in MIS, Accounting, Computer Science or other IT-related field.
Professional certification (CISA, CISSP, CISM, etc.) required.
Minimum of 10 years of progressive management experience in an internal or external IT audit function, preferably within the banking industry.
Demonstrated experience in leading and executing all aspects of the audit lifecycle, including planning, risk assessment, scoping, detailed testing and reporting.
Expert understanding of IT security, governance, network, and infrastructure processes and procedures.
Advanced understanding of concepts related to information technology risk and control at all layers of the technology stack, including logical and physical security, change management, IT operations, business continuity management and network technologies.
Strong knowledge of relevant industry frameworks and related regulatory guidance (e.g. COBIT, ITIL, NIST, FFIEC, ISO 27002, GLBA etc.) and experience applying these frameworks to both control design and testing.
Proficient in Microsoft Office products (Excel, Access, PowerPoint, Word, and Visio).
Outstanding communication skills, both oral and written.
Demonstrated ability to grasp, communicate and teach others how to identify underlying concepts in complex information.
Strong project management and time management skills, ability to effectively balance competing priorities, and demonstrated success in delivering work on-time and within budget.
Ability to partner effectively with multiple business/functional groups/leaders.
Knowledge of SOX 302/404, SSAE 18/SOC1/2/3.

Responsibilities

Oversight and Execution of multiple, concurrent, moderate to highly complex internal audits for assigned business segments.
Maintains a thorough understanding of financial services (including utilization of technology, products, organizational activities, and delivery of systems) and applies this knowledge to strategize, plan and implement audit activities for assigned business areas.
Draws upon industry knowledge and expertise to foster effective relationships with business unit management and develop the audit team.
Provides strategic leadership to team through application of advanced competencies in technical skills, logical reasoning and overall audit proficiency.
Guides audit team through engagement and ensures timely, high quality audit reports and findings, and facilitates issue resolution.
Effectively summarizes and communicates audit progress and findings to various levels of management, both live and in written materials.
Supervises and coaches audit staff as part of the internal audit review including the oversight of field work, reviewing and challenging the testing and work papers prepared by audit staff, and review of post-audit follow-up to appraise adequacy of corrective action taken to address audit recommendations.
Continuously assesses and manages significant/pervasive risks to the successful completion of audit projects and/or departmental objectives.
Anticipates challenges which may impact Internal Audit’s and the Company’s success, understands the critical risks and issues, including root causes, and creatively provides input to mitigate these risks/issues.
Manages SOX ITGCs for 302/404 assessments. Includes partnership with SOX/ICFR owners and External Audit to align on ITGC scope, testing approach, evidence standards, and reliance strategy
Effectively manages scope, resources, and dependencies to meet firm deadlines without compromising quality. Balances practicality with control effectiveness and SOX expectations; recommends right-sized solutions that measurably reduce risk
Leads, coaches, and develops an assigned Internal Audit team. Shares business expertise with audit team to ensure that decisions pertaining to the nature, timing and extent of audit work are appropriate and that the skill sets of the team are continually enhanced.
Improves and reinforces the performance of others by providing timely, candid, and constructive performance feedback; facilitates skill development through coaching.
Communicates clear expectations, monitors and measures progress and results, rewards and recognizes success, deals with problem performance; promotes a culture of mentoring and knowledge transference to enhance the performance of the entire team.
Drives a rewarding associate experience and facilitates the learning, growth and performance of each team member through effective on-going development discussions, support of individual development planning, and career exploration.
Serve as a key resource in the execution of audit work for business segment leaders, Chief Audit Executive and Ethics Officer, and Risk Management
Conducts a comprehensive organizational review at the strategic level to identify business risks, internal control issues and efficiency recommendations.
Assists the Chief Audit Executive with the organizational risk assessment and development of annual audit plan.
Leads development of strategy for ensuring assigned business areas receive high quality, timely, risk focused effective audit services.
Applies an in-depth understanding of the inter-relationships of business and support units throughout the company and how they impact the overall control environment and the audit approach.
Translates complex technology and SOX IT issues into clear business impact, risk articulation, and actionable remediation expectations for leaders.
Identifies opportunities to integrate data analytics, automation, and continuous auditing techniques into IT audit and SOX execution to increase coverage, efficiency, and insight.
May participate in major business initiatives and pro-actively advises and assists the business on change initiatives. Proposes creative and pragmatic solutions for risk and control problems.
Monitors and evaluates emerging technology risks (e.g., AI governance, cloud concentration risk, data privacy, and third-party resilience) and partners with business unit management to address.