Bank of Montreal
YSC – 2 Sheppard Avenue East
Job Family Group:
Technology Information Security Officer (Application Security) – Grade 8
At our company, we have been helping our customers and communities for over 190 years. Working with us means being part of a team of talented, passionate individuals with a shared focus on working together to deliver great customer experiences. We stand behind your success with the support you need to turn your potential into performance.
BMO Financial Group is committed to an inclusive, equitable and accessible workplace. By embracing diversity, we gain strength through our people and our perspectives.
This position is for the role of Technology Information Security Officer (TISO) at BMO for providing services to technology development group. The TISO is accountable to ensure that information security risks within the assigned projects are identified, assessed and reported, appropriate controls are in place, and procedures and activities comply with BMO Information Security policies, standards and operating procedures, industry best practices and regulatory requirements. In addition, the TISO is the center of competence for Information Security, providing advisory services, and is aligned to the line of business.
1. Consulting and Advisory
2. Governance and Control
4. Training and Awareness
1. Consulting and Advisory:
– Work closely with project personnel, stakeholders, and senior management to identify Information Security related risks and controls
– Understand business, local and Information Security strategies as they relate to the project.
– Provide Information security requirements, advice and counsel to project personnel ensuring alignment to IS processes and solutions
– Contribute to Application Security Risk Assessment (ASRA) work on identified applications
– Manage/facilitate security due diligence activities throughout the Application Software Development Life Cycle (SDLC) to ensure that security risks are identified and controls are implemented to mitigate risk
– Evaluate and assess emerging security threats and vulnerabilities in project and work with Security Architecture team to identify appropriate controls.
– Be an advocate for Information Security solutions and standards
– Work as Information Security subject matter expert and provide expertise
– Be a subject matter expert on security controls applicable to rapid software development methodologies and DevOps automation
2. Governance and Control:
– Direct and monitor due diligence of information security risk processes and results on projects
– Identifies, evaluates the magnitude and documents information security risks in the project and ensures necessary approvals are obtained
– Oversees and manages information security issues in Issue Management System that are assigned to ensure these are current, accurate and are supported by sound resolution plans or formal risk acceptance by business executive
– Process security vulnerability exceptions that are assigned to ensure rationale, plan and timeline are reasonable
– Review and provide recommendations to IS policies, standards, guidelines/ processes when required by management
– Escalate potential or unresolved security issues to management for resolution as appropriate
3. Communication and Reporting: Consolidate, interpret and report key information security risk for the project and understand effectiveness of controls in managing the key risks. This includes contribution to centralized reporting efforts, and initiation of ad hoc analyses and reporting for a variety of stakeholders to ensure that appropriate parties are aware of security issues.
4. Training and Awareness:
– Participate, facilitate and deliver training and awareness to promote Information Security within development teams
– Promoting centralized training and awareness opportunities to ensure participation from development teams
– Spreading awareness and knowledge of good Information Security practices in development teams
This role requires the incumbent to interact with the following processes and/or groups in BMO FG:
– Chief Information Officer (CIO), Lead Technology Officer (LTO), Senior Technology Officer (STO), development staff and SDLC process of supported portfolio
– Chief Information Security Officer (CISO)
– Other Information Security teams
– Other TISOs and BISOs
– Supplier Relationship Owners/Procedures,
– Corporate Risk Areas
– Corporate Audit
KNOWLEDGE AND SKILLS:
– In depth knowledge of Application Security, Information Security risk and industry best practices
– Knowledge based on hands on experience in implementing security in rapid software development methodologies (like, Agile) and DevOps automation
– Working knowledge of the technical areas supported e.g. data warehouses, mainframes, networks, etc.
– Working knowledge of BMO Operating Group businesses, or equivalent knowledge from other financial institutions
– Working knowledge of policies, standards and operating procedures in large organizations relating to information security risk
– Information Security certification e.g. CISSP, CISSLP, GIAC etc.
– Advanced analytic skills
– Highly developed communication skills, both verbal and written
– Strong relationship management skills
– Problem solving
Specialization in any of the following areas is highly desirable:
– Experience in working in a large application software development organization as software developer
– Application Security (e.g. defensive programming, source code analysis, application penetration testing, threat modelling)
BMO Financial Group thanks all applicants. We advise only those who qualify for an interview will be contacted
We’re here to help
At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.
As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.
To find out more visit us at https://bmocareers.com.
BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.