1

It Risk Manager Jobs in Indiana (NOW HIRING)

Enterprise Architect (IT)

Indianapolis, IN · On-site +1

$66 - $85/hr

Partner with cybersecurity, technology risk, compliance, infrastructure, application, data, and operations teams to support holistic IT risk management. * Facilitate alignment across application ...

Enterprise Architect (IT)

Indianapolis, IN · On-site +1

$102K - $208K/yr

Partner with cybersecurity, technology risk, compliance, infrastructure, application, data, and operations teams to support holistic IT risk management. * Facilitate alignment across application ...

The IT Audit Manager, Sr works closely with IT/Risk management to understand products, organizational initiatives and systems, and provide quality audit services which meet department and ...

Information Technology and/or Cybersecurity background and/or experience, including 5-8+ years of IT, cybersecurity, risk management, or third-party risk experience with network, platform, and/or ...

Risk Management: Conduct regular risk assessments to identify vulnerabilities, assess potential impacts, and implement appropriate mitigation strategies. Develop and maintain an IT security risk ...

Projects would be performed through interacting with client Information Security, Procurement ... Technology, Media and Telecommunications Basic Qualifications * Bachelor's Degree * 5-8+ years of ...

next page

Showing results 1-20

It Risk Manager information

See Indiana salary details

$49K

$106.2K

$161.8K

How much do it risk manager jobs pay per year?

As of Jul 9, 2026, the average yearly pay for it risk manager in Indiana is $106,153.00, according to ZipRecruiter salary data. Most workers in this role earn between $85,600.00 and $122,800.00 per year, depending on experience, location, and employer.

What are some common challenges faced by IT Risk Managers when implementing risk mitigation strategies across different departments?

IT Risk Managers often encounter challenges such as varying levels of risk awareness among departments, resistance to new controls or procedures, and balancing business objectives with security requirements. Successful risk mitigation requires clear communication, stakeholder buy-in, and tailored training to ensure all teams understand the importance of compliance. Building strong relationships and fostering a culture of shared responsibility are key to overcoming these hurdles and ensuring effective risk management across the organization.

What are the key skills and qualifications needed to thrive as an IT Risk Manager, and why are they important?

To thrive as an IT Risk Manager, you need a solid understanding of risk assessment, information security, and compliance frameworks, often backed by a bachelor's degree in information technology or related fields. Familiarity with tools such as risk management software, GRC platforms, and certifications like CISSP, CISM, or CRISC is typically required. Strong analytical thinking, communication skills, and the ability to influence stakeholders are crucial soft skills in this role. These skills ensure effective identification, mitigation, and communication of IT risks, supporting organizational resilience and compliance.

What is the highest salary for a risk manager?

The highest salary for an IT Risk Manager can exceed $150,000 annually, especially for those with extensive experience, advanced certifications like CRISC or CISSP, and working in large organizations or financial institutions. Senior risk managers or those in managerial or executive roles may earn even higher compensation, including bonuses and benefits.

What does an IT Risk Manager do?

An IT Risk Manager is responsible for identifying, assessing, and mitigating risks that could impact an organization's information technology systems and data. They develop and implement risk management strategies, policies, and procedures to protect against cybersecurity threats, data breaches, and compliance violations. IT Risk Managers also work closely with other departments to ensure security best practices are followed and often lead risk assessments, audits, and incident response planning.

Is risk a good career?

A career as an IT Risk Manager is considered stable and in demand, as organizations prioritize cybersecurity and risk mitigation. The role requires strong analytical skills, knowledge of security frameworks, and often certifications like CISSP or CRISC. It offers opportunities for advancement and specialization in a growing field.

What is the difference between It Risk Manager vs Cybersecurity Analyst?

AspectIt Risk ManagerCybersecurity Analyst
CertificationsCRISC, CISSP, CISMCISSP, Security+, CEH
Work EnvironmentOversees risk management strategies across IT systemsMonitors and responds to security threats and incidents
Industry UsageUsed in organizations with complex IT infrastructuresCommon in security-focused roles across industries

The It Risk Manager focuses on identifying and managing IT risks at an organizational level, ensuring compliance and risk mitigation strategies. In contrast, a Cybersecurity Analyst primarily monitors security threats and responds to incidents. While both roles require similar certifications and work within the IT security domain, the It Risk Manager has a broader scope related to risk management policies, whereas the Cybersecurity Analyst concentrates on threat detection and response.

How much does a risk manager get paid?

A risk manager's average salary varies by experience and location but typically ranges from $80,000 to $150,000 annually. Senior risk managers or those with specialized certifications like FRM or CRM can earn higher salaries, especially in large organizations or financial sectors.

What is the role of IT risk manager?

An IT risk manager is responsible for identifying, assessing, and mitigating information technology risks within an organization. They develop security policies, implement controls, and ensure compliance with industry standards to protect digital assets and infrastructure. Strong knowledge of cybersecurity, risk management frameworks, and relevant certifications like CISSP or CISM are often required.
What are popular job titles related to It Risk Manager jobs in Indiana? For It Risk Manager jobs in Indiana, the most frequently searched job titles are:
What cities in Indiana are hiring for It Risk Manager jobs? Cities in Indiana with the most It Risk Manager job openings:
Infographic showing various It Risk Manager job openings in Indiana as of July 2026, with employment types broken down into 1% As Needed, 75% Full Time, 21% Part Time, and 3% Contract. Highlights an 94% Physical, 1% Hybrid, and 5% Remote job distribution, with an average salary of $106,153 per year, or $51 per hour.
Information Security & Technology Mgr, Sr

Information Security & Technology Mgr, Sr

Old National Bank

Evansville, IN • On-site

$199K/yr

Other

Medical, Dental, Vision, Retirement

This job post has expired today. Applications are no longer accepted.


Old National Bank rating

8.0

Company rating: 8.0 out of 10

Based on 36 frontline employees who took The Breakroom Quiz

55th of 146 rated banks


Job description

Information Security & Technology Mgr, Sr
Job Locations US-IL-Chicago | US-IN-Evansville | US-MN-Lake Elmo | US-IN-Lafayette
Category/Function Risk/Security
Position Type Regular Full-Time
Requisition ID 2026-20205
Workplace Type On Site
Overview

Old National Bank has been serving clients and communities since 1834. With over $70 billion in total assets, we are a regional powerhouse deeply rooted in the communities we serve. As a trusted partner, we thrive on helping our clients achieve their goals and dreams, and we are committed to social responsibility and investing in our communities through volunteering and charitable giving.

We continually seek highly motivated and talented individuals as our people are critical to our success. In return, we offer competitive compensation with our salary and incentive program, in addition to medical, dental, and vision insurance. 401K, continuing education opportunities and an employee assistance program are also included in our benefit suite. Old National also offers a variety of Impact Network Groups led by team members who are passionate about driving engagement, creating awareness of diverse backgrounds and experiences, and building inclusion across the organization. We offer a unique opportunity to join a growing, community and client-focused company that is firmly rooted in its core values.

Responsibilities

Salary Range

The salary range for this position is $98,400/yr - $199,000/yr plus bonus. The base salary indicated for this position reflects the compensation range applicable to all levels of the role across the United States. Actual salary offers within this range may vary based on a number of factors, including the specific responsibilities of the position, the candidate's relevant skills and professional experience, educational qualifications, and geographic location.

The Information Security & Technology Risk Manager supports and executes second line of defense (2LOD) governance, oversight, and independent challenge across information security and technology risk at Old National Bancorp. Reporting to the Director of Information Security & Technology Risk, this role is responsible for establishing and maintaining the enterprise information security and technology risk framework, including policies, standards, and monitoring practices, to ensure alignment with Boardapproved risk appetite and regulatory expectations.

This role supports the execution and continuous enhancement of the Information Security and Technology Risk Management Program, helping to safeguard the confidentiality, integrity, and availability of customer, employee, and business information in accordance with ONB policies and applicable regulatory requirements. The Manager serves as a consultative partner to both the first and second lines of defense, providing risk advisory and interpretation of regulatory expectations to business units and leadership.

Additionally, this role provides independent oversight of firstline technology and information security activities, leveraging strong analytical expertise and sound risk judgment to assess, challenge, and strengthen risk management practices and control effectiveness. Key responsibilities include overseeing governance, risk, and compliance (GRC) activities, leading independent testing and validation, and managing corporate security awareness initiatives.

Key Accountabilities

The Information Security and Technology Risk Manager and the second line team are directly responsible for enterprise oversight of Information Security and Technology Risk Management including but not limited to:

Governance, Risk & Compliance (GRC) - Information Security and Technology Risk Management Framework Ownership

    Support the development, enhancement, and ongoing maintenance of the enterprise Information Security & Technology Risk Management (ISTRM) framework, including programs, policies, standards, guidelines, and procedures to ensure alignment with regulatory and industry expectations.
  • Contribute to the maintenance of technology and cyber risk taxonomy, risk appetite alignment, and key risk indicators (KRIs), supporting consistent risk measurement, monitoring, and reporting to management and Board committees.
  • Provide independent challenge and advisory support to first line risk offices and technology leadership on risk identification, control effectiveness, and remediation prioritization, while partnering with stakeholders to ensure timely issue identification and resolution.
  • Oversee adherence to information security and technology risk policies, programs, and standards, including monitoring control effectiveness and supporting continuous improvement of governance, risk analysis, and oversight practices.
  • Support the implementation of information security and technology risk governance, monitoring, and risk management activities, including security awareness initiatives, to promote a strong control environment and risk-aware culture.
  • Apply risk management practices to safeguard sensitive data and support compliance with applicable legal, regulatory, and industry requirements across information assets and technology systems.

Risk Identification, Assessment, Monitoring & Reporting (2LOD)

  • Execute and oversee second line monitoring and review activities using a risk-based approach, including validation of control design and operating effectiveness performed by first line teams.
  • Maintain and support governance of risk registers, issue inventories, and exception tracking within the enterprise GRC platform; ensure appropriate documentation, escalation, and reporting cadence.
  • Develop and deliver clear, concise risk reporting for management and risk committees, including trends, material findings, and aging issues/exceptions.

Independent Testing & Validation (Assurance within 2LOD)

  • Establish and execute an annual independent testing and validation plan across information security and technology risk domains, informed by risk assessments, regulatory expectations, and audit/exam feedback.
  • Perform independent validation of remediation for material issues and control deficiencies; confirm evidence sufficiency and recommend formal closure or escalation where gaps remain.
  • Coordinate with Internal Audit (3LOD) and external examiners to align testing scopes, reduce duplication, and ensure timely resolution of findings.

Security Training, Awareness & Culture

  • Manage and enhance enterprise security training and awareness activities, including administration of required training and tracking of completion metrics.
  • Monitor alignment of enterprise training and awareness efforts with regulatory expectations and evolving threat landscape; report on participation and identified gaps.
  • Partner with HR, Compliance, and business units to promote a consistent and risk-aware culture across the organization.

Regulatory, Audit & Committee Engagement

  • Support regulatory examinations and audits related to information security, technology risk, and resilience by providing documentation, evidence, and responses as needed.
  • Contribute to preparation of management and committee reporting materials, including risk posture updates and tracking of action items.
  • Collaborate with Technology, Information Security (1LOD), ERM, Compliance, TPRM, and Legal to support practical and effective governance and risk management practices.

Key Competencies for Position

People Leadership:

  • Coach & Empower Others: Provides timely feedback, support, and guidance to encourage and support associates to accomplish tasks, solve problems, and enhance their professional development.
  • Lead Change: Leads change efforts, engaging team members who are resistant to change to gain their support and commitment, helps associates understand why the change is occurring, continuously sharing information, and assessing the adoption of the change.

Culture Leadership:

  • Culture & Values Leadership: Demonstrates Old National's culture in daily interactions and encourages associates to live by our culture and core values.

Execution Leadership:

  • Drive and Execution: Establishes clear objectives, metrics, and governance cadence; delivers risk oversight commitments with rigor and follow-through.
  • Collaboration: Builds trusted partnerships across Risk, Technology, Security, Compliance, and the business to drive consistent risk outcomes.
  • Risk Leadership / Independent Challenge: Demonstrates credibility and judgment to challenge first line decisions, validate evidence, and escalate material risks appropriately.
  • Communication: Communicates complex risk and control topics clearly to executive management and governance committees; ensures timely escalation and stakeholder alignment.
  • Analytical Problem Solving: Synthesizes qualitative and quantitative risk data to identify themes, prioritize actions, and recommend pragmatic risk responses.

Qualifications and Education Requirements

  • Bachelor degree in Information Technology, Cybersecurity, Risk Management, Audit, or related field (advanced degree preferred).
  • 10+ years relevant experience across information security, technology risk, governance, risk, and compliance (GRC), or related disciplines in a highly regulated industry, with a minimum of 3 years managing teams.
  • 3+ years of management experience.
  • Demonstrated experience aligning security and technology risk governance to recognized frameworks (e.g., NIST, ISO 27001) and banking regulatory expectations.
  • Experience establishing risk monitoring, independent testing/validation, and issue/exception governance processes with strong evidence discipline.
  • Strong communication skills; experience presenting risk posture, trends, and recommendations to management committees.
  • Proven ability to partner effectively across all levels of the organization and develop positive working relationships.
  • Strong presence with internal partners and external constituents, as necessary
  • Thorough understanding of auditing/examination techniques. Knowledge of applicable state and federal banking laws and regulations and of bank services, policies, and procedures.
  • Demonstrates conceptual thinking and analytical skills. Advanced problem-solving skills with the ability to define problems, analyze variables and propose solutions.
  • Strong leadership skills with supervisory experience, strong interpersonal skills and knowledgeable risk management professional.

Preferred certifications:

  • CISSP, CISM, CISA, CRISC, or equivalent.

Old National is proud to be an equal opportunity employer focused on fostering an inclusive workplace and committed to hiring a workforce comprised of diverse backgrounds, cultures and thinking styles.

As such, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, status as a qualified individual with disability, sexual orientation, gender identity or any other characteristic protected by law.

We do not accept resumes from external staffing agencies or independent recruiters for any of our openings unless we have an agreement signed by the Director of Talent Acquisition, SVP, to fill a specific position.

Our culture is firmly rooted in our core values.

We are optimistic. We are collaborative. We are inclusive. We are agile. We are ethical.

We are Old National Bank. Join our team!


What Old National Bank employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom