Bank of Montreal
777 Bay Street, Suite 2200
Job Family Group:
The Financial Crimes Unit (FCU) brings together our Cybersecurity, Fraud, Physical Security and Resilience Planning capabilities to address the ever-growing and increasingly complex global security environment. It is a highly collaborative effort that greatly enhances BMO’s ability to rapidly prevent, detect, respond to, and recover from all security & crisis threats. This position offers a unique experience to learn from experienced leaders in the industry, join a team building the 21st century model for security and helping grow the good by protecting our customers and communities.
Take your career to the next level by gaining a deeper understanding and experience on cutting-edge Information Security related technologies and controls. You will also have the opportunity to interact and learn from both BMO’s senior management and top talent related to the Information Security profession.
You will drive the Testing & Evaluation of Information Security (IS) Controls in the Process, Risk & Controls (PRC) framework. PRC is a set of key processes, risks and controls associated with the use and support of technology in the delivery of business objectives. You will be responsible to play a leadership role in the management of PRC framework, Testing of Design and Operating Effectiveness of IS controls. The role requires working closely with the CTU Stakeholder community and IS 1A functions that are responsible for Design and / or Operations of IS controls.
- Supports the business/group leader in the effective implementation, maintenance and administration of first line of defense (1st LOD) programs (e.g., operational risk, AML, compliance, regulatory, etc.), including overseeing business operations within the jurisdiction to ensure adherence and efficiency. Contributes to a strong risk management culture through collaboration with other first line employees, and second & third line functions to ensure Compliance, AML or operational risks are identified, mitigated, monitored and reported on an ongoing basis.
- Supports multiple, varied business units with corresponding number of regulators.
- Monitors and advises on management of risk requirements within the defined risk appetite.
- Manages/supports large/complex risk programs/frameworks /projects/initiatives to ensure risks are appropriately mitigated and regulations adhered to.
- Monitors industry and legislative developments and continuously updates programs to ensure they are competitive and effective
- Supports the position on regulatory compliance Issues by interpreting requirements (existing, new and emerging) and identifying, analysing and addressing resultant gaps and issues, including those raised through the review of change initiatives. Understands the identified risk exposures and supports the development of action plans required to mitigate identified risks.
- Acts as a subject matter expert in the evaluation, development and implementation of an internal control system.
- Supports the execution of strategic initiatives in collaboration with internal and external stakeholders.
- Builds effective relationships with internal/external stakeholders.
- Breaks down strategic problems, and analyses data and information to provide insights and recommendations.
- Builds change management plans of varying scope and type; leads or participates in a variety of change management activities including readiness assessments, planning, stakeholder management, execution, evaluation and sustainment of initiatives.
- Monitoring to ensure that 1st line jobs are following defined processes and procedures.
- Develops, documents and maintains business/group procedures updating and obtaining approvals as regulations or the operating environment changes and communicates changes to the business/group & relevant stakeholder groups.
- Designs measurable sustainment strategies including assessing and recommending mitigations for industry/ segment-specific risks and prioritizing opportunities presented by internal and external stakeholders.
- Tracks exception/exemption requests and corresponding approvals.
- Facilitates training to ensure business unit employees fully understand requirements.
- Provides quality control for investigations, self-reports, examinations and independent reviews conducted by internal and external stakeholders, including regulators, providing verbal and written responses to requests for positions, action plans, information and/or documentation
- May act as the designated Primary Business Unit Compliance Officer (BUCO) and/or Anti-Money Laundering Reporting Officer for the operating group and is accountable to meet all program requirements (e.g., Operating Group Compliance Program, AML Program Framework).
- Builds awareness, knowledge, and skills and, as necessary, provides communication, practical tools and ongoing support including making presentations, to promote a culture of risk identification and management.
- Supports the management of 1st LOD program for the business/group in compliance with appropriate principles, standards & direction from the second line of defense groups. Includes developing and promoting program and ensuring the execution of all program components.
- Works with assigned business/group leaders to implement 1st LOD programs and frameworks, developing and maintaining an in-depth understanding of the applicable regulatory and internal risk management requirements. Interprets and provides advice on the application of the requirements for the business/group.
- Develops and maintains an understanding of the business/group strategies and objectives, products and services, internal and external stakeholders and business processes as well as the underlying infrastructure to identify and manage implications and risk exposures for the business/group.
- Identifies, investigates, analyzes, documents & mitigates program risks, taking into account jurisdictional issues, and raises any issues or concerns to senior leaders and other stakeholders.
- Analyzes the impact and effectiveness of the program through periodic reviews.
- Recommends adjustments to the overall program, policy or processes within the business/group in accordance with the Risk Appetite Statement, Governance and Corporate Policy.
- Supports the business/group through internal/external audits or regulatory examinations and assists in development of action plans to resolve any identified issues.
- Provides support to the development and delivery of training and awareness programs within the business/group to increase awareness of and compliance to risk management requirements.
- Focus is primarily on business/group within BMO; may have broader, enterprise-wide focus.
- Provides specialized consulting, analytical and technical support.
- Exercises judgment to identify, diagnose, and solve problems within given rules.
- Works independently and regularly handles non-routine situations.
- Broader work or accountabilities may be assigned as needed
- University degree/college diploma or equivalent work experience
- At least one professional Information Security Certifications (i.e. CISSP / CISM / CISA)
- At least 6 to 8 years experience in Information Security management processes and methodology
- Minimum of 6-8 years experience with Control Testing or IT Audit OR Information Security Audits
- Strong expertise with MS Excel and complex analytics/formulas, MS Power Point and all the MS Office Suite of products
- Experience with providing subject matter expertise in the interpretation and deployment of key Industry standards and regulatory requirements
- Experience with playing a lead role in the review, ongoing assessment and testing of IS controls . This includes test preparation, test execution, providing recommendations and reporting on the status of the identified gaps / issues.
- Experience with playing a key role in developing capability to provide inputs that are required for regulatory reporting and audit queries
- Experience in leading in the collection/consolidation data to be utilized for management and executive communications, including presentations, organizational program support, and communications between teams
- Experience with communicating, making recommendations or escalations to management or making updates as per established management reporting guidelines
- Experience with effectively and proactively contribute on the coordination, consolidation, analysis, recommendations, and reporting
- Experience with ensuring testing lifecycle is implemented in a timely & consistent manner
- Experience with providing leadership and direction by setting context, defining accountabilities, tasks and assignments
- Exposure to coaching, motivating, developing and evaluating the performance of subordinates and provide guidance and mentoring in the resolution of complex issues
- Good understanding of Information Security standards and frameworks is preferred, such as ISO 27001, ISO 27002 (2013), NIST CSF, NIST 800-53, COBIT 5, ITIL, BITS SIG Lite, FFIEC, GLBA, PCI DSS, and others
- Strong foundation in Information Security processes, procedures, controls, reporting, risk and regulatory requirements
- Strong technical knowledge of data processing and IT security arrangements
- Ability to work independently and multi-task in a fast-paced environment
- Ability to communicate and present effectively through a range of mediums, to various audiences, in a way that demonstrates subject-matter knowledge, facilitates comprehension, and inspires appropriate action
- Exceptional and proven leadership capabilities – communication, conflict resolution, people management, relationship management (internally/externally), and multitasking
- Advanced level of conceptual and strategic thinking with strong problem management skills
- Ability to act with the highest integrity in ambiguous situations and conflicts
- Experience in managing projects and using project management skills is desired
- Possesses expert communication skills, both written and verbal
- Strong collaboration skills
- Demonstrates expert leadership skills and capabilities
- Displays high ethics and trust values
- Ability to operate effectively in a matrix environment
We’re here to help
At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.
As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.
To find out more visit us at www.jobs.bmo.ca/ca/en.
BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.