Chief Information Security Officer

Job title: Chief Information Security Officer

Company: First Midwest Bank

Job description: First Midwest, with assets over $20 billion, is the premier relationship-based banking franchise in the dynamic Chicagoland banking market. As one of the Chicago metropolitan area’s largest independent bank holding companies, First Midwest provides the full range of commercial, retail banking, and wealth management services through some 120+ offices located in communities in metropolitan Chicago, Northwest Indiana, Central and Western Illinois, Eastern Iowa, and Southeast Wisconsin.


First Midwest’s Information Security Team has an exciting opportunity in the Chicago, IL area for a leadership position as Chief Information Security Officer (CISO). The CISO is the most senior level role responsible for all information and cybersecurity aspects across the Consumer, Commercial, Wealth Management divisions of the Bank, and other subsidiaries of the holding company First Midwest Bancorp, Inc. In this role, you will lead an enterprise team of information security specialist who develop and execute on intelligence-led security programs to protect and respond to information security threats. You will lead all aspects of setting strategies, maintaining effective risk management policies and practices, and managing internal and external (third-party) teams.

Diversity is a key business imperative and a source of strength at First Midwest. We serve clients from every walk of life, every background, and every origin. Our goal is to have our entire workforce reflect this same diversity at all levels across the organization. We have made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop are widely available to all. This is especially true in the Information Security Organization.

The CISO and the enterprise security team are directly responsible for all aspects of Cyber Security and Information Security including but not limited to:


o A Degree in Information Technology, Engineering, or Business (Advanced Degree Preferred)
o 15+ years of experience in Information/Cybersecurity in a highly regulated industry such as Finance, Healthcare, and/or Government within a large multi-national organization with a global scope with high influence requirements.
o 10+ years people management experience across a national/regional organization, with hands-on experience building diverse teams while promoting an inclusive organization.
o A demonstrated knowledge of information security standards (e.g. NIST, ISO-27001), rules and regulations related to information security and data confidentiality (e.g. PCI, NIST, NSA) and other various security standards and policies.
o A strong understanding of Cloud Security Mode and key principles, such as CSPs Shared Responsibility Models, Security and Infrastructure as Code, Preventive/Reactive Guardrails, Containerization, Server-less Computing, Continuous monitoring/drift detection, and the importance of end-to-end automation.
o Understanding of global institutional financial transaction and message processing (e.g. SWIFT, CHIPS, Fed-Wire, SPEI, SPID)
o Knowledge of application data flows, and bank platforms and operations.
o Demonstrated experience complying with Data Privacy rules and regulations (e.g. GDPR, California Data Privacy, etc.).
o Ability to understand not only emerging industry trends as far as cyber security is concerned, but also the landscape of emerging threats, making appropriate adjustments within the Security Operations programs.
o Ability to effectively manage the tactical cyber security mission while continuing to drive the First Midwest cyber security strategy, thinking 2-3 years ahead.
o Ability to operate effectively across a matrixed business environment.
o Strong focus and record of execution
o Excellent verbal and written communication skills, preferred presentation skills to Boards and/or Executive Management Committee’s
o Strong leadership, strategic thinking, and large-scale planning abilities.
o Strong interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex Information Security topics for understanding and critical decision making.
o Excellent problems solving abilities and analytical skills; proven ability to effectively drive cross-functional teams to meet challenging deadlines solving complex problems.
o Ability to apply a broad and comprehensive understanding across multiple functional areas.
o Strong work ethic, and an excellent use of discretion and judgment.
o Ability to organize, prioritize, and lead multiple deliverables simultaneously across a large corporate environment.
o Key Industry certifications in Information Security, such as CISSP, CISM and CISA


o Lead the Information Security Department
o Lead programs to perform application, vendor, and cloud Security Reviews and supporting system vulnerability assessments. Performing application risk analysis and threat modeling.
o Conduct Third Party Information Security Assessment Programs
o Continue to advance the Data Loss Protection and Encryption technologies in place in our O365 environment and System server environments, as we migrate to cloud
o Automate and advance our Identity & Access Management and Privileged User Access through Sailpoint Identity Now
o Supporting Secure Software Development Lifecycle and Change Management activities
o Defining security governance and control strategies for emerging technologies such as cloud & containerization, APIs, Chatbots, Virtual Desktops, machine learning, and robotic processing automation.
o Defining and driving the implementation of technology requirements for application development community to proactively integrate security requirements as part of common development objectives.
o Recommending security enhancements and defining mitigating controls for core systems and applications.
o Maintaining our Information Security program, governance, standards, and policies
o Implement automation, monitoring and reporting through industry-leading solutions to protect client and company data assets and physical assets.
o Collaborating with peer members of the Financial Investigations Committee (FIC) to establish appropriate information security standards and provide an effective governance structure to ensure compliance and accountability.
o Conducting incident risk analysis and engaging information security, information technology, business management and other stakeholders for resolution.
o Engaging line of business and risk teams in the review and re-engineering of key controls and processes to manage and reduce risk effectively and efficiently.
o Develop security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization’s business objectives, and ensure senior stakeholder buy-in and mandate.
o Effectively manage budget by controlling expenses within plan and making efficient staffing decisions to achieve both CISO and First Midwest business targets.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
Please view Equal Employment Opportunity Posters provided by OFCCP and Supplement .

Expected salary:

Location: Chicago, IL

Job date: Wed, 17 Mar 2021 07:52:10 GMT

Apply for the job now!

Leave a Comment