Bank of Montreal
The Database Security architect is responsible for identifying and communicating risk related to the company's Data Assets in Cloud/Big data. The role is also responsible for recommending, implementing and validating solutions that balance the business needs with data security and reduce the risk related to the company's data assets to an acceptable level. Additionally, this role will contribute significantly to establishing database security framework and adapting it to cloud adoption strategy. This role will report to the Director - Database/Data Security within CISO organization.
Key Areas of Accountability
* Big data/Cloud Database Security Domain Leadership
* Security Strategy Formulation for Enterprise Big data/Cloud data Assets Risk Management & Control
* Relationship Management
* Program Management
Data Security Domain Leadership and Planning
* Lead the Big data/Cloud Data Security domain of Information Security; recommend database security configurations and initiatives to address the identified risk areas associated with the data assets in BMO;
* Evaluate the current state of data protection capabilities, inclusive of discovery, classification, and protection policy formulation for Big data/Cloud structured data sets in BMO;
* Evaluate the current state and the maturity of existing protection controls for the Big data/Cloud data security evaluating current state both against the bank's risk appetite and regulatory and compliance requirements related to the confidentiality and privacy of data;
* Provide effective communication at management level on the Big data/Cloud data security domain through reviews with stakeholders and management briefing and reporting;
* Provide thought leadership and facilitate education of the Big data/Cloud database security domain, inclusive of emerging threats and attack methods, emerging protection and monitoring technologies as well as emerging regulatory and compliance frameworks and requirements;
* Develop roadmaps for Big data/Cloud data security capabilities and associated controls to address identified current and emerging risks;
* Study the current database landscape, document database security framework including that required for databases supported in cloud and help establish a database security standard artifact in information security group.
Strategy Formulation for Enterprise Big data/Cloud Data Risk Management & Control
* Identify and Communicate risk related to the enterprise data assets in Big data/Cloud; educate management on the risk implications associated with the data sets produced, transformed, consumed, stored or transmitted as part of business processes and associated technology systems or components;
* Identify and Communicate risk related to the use of BMO data assets by 3rd party service providers and business partners in the context of the "extended enterprise";
* Mitigate risk by formulating strategies to address the risks associated to data assets in Big data/Cloud;
* Opportunity identification for embedding Big data/Cloud data security objectives and requirements in business strategic initiatives from the initiation, architecting and solution design phases, for an effective and un-intrusive protection of bank data;
* Liaise with the Data Governance Department, facilitate and lead the coordination of efforts for the Big data/Cloud data security among the Information Security and Data Governance functions
* Liaise with the Privacy, Compliance, Fraud and other corporate assurance functions and departments with a stakeholder position in the protection of data assets in Big data/Cloud and mitigation of the widest possible range of risks related to bank data;
* Liaise with the Line-Of-Business Data Owners to understand business strategic objectives and the role existing and future data assets will play in these initiatives
* Apply program and project management methodologies and knowledge to propose, initiate and manage Big data/Cloud data security programs and projects as approved at executive levels;
* Manage the program activities to deliver on agreed-upon objectives and desired results within agreed upon parameters such as schedules and investment/ spend envelopes;
* Monitor the effectiveness or resource utilization and properly address the program or initiative execution risk; pro-actively address program and project risks as they arise;
* University degree in Computer Science, Computer security, related field or equivalent;
* Minimum of 2 years of experience in BigData/Cloud Database Security
* Minimum of 10 years of experience in Information Security domain
* Minimum of 3-4 years of direct experience in the Data Security subdomain
* Minimum of 3 years of work experience in the Financial Industry
* Minimum of 3 years of experience managing large Programs and initiatives
* CISSP or CISM designation highly preferred
KNOWLEDGE & SKILLS
* Experience with Big data/Cloud Database Activity Monitoring and Protection platforms and solutions
* Extensive experience with Big data/Cloud best practices and standards
* Extensive experience with Big data/Cloud Hardening Standards
* Experience with incorporate Big data/Cloud Hardening Standards as part of automated deployment
* Extensive experience in engineering security throughout the life cycle of Big data/Cloud data
* Extensive experience with Big data/Cloud Vulnerability Assessment and Management for database platforms
* Extensive experience with data-at-rest and data-in-flight encryption, tokenization and masking technologies and services for data sets in Big data/Cloud
* Experience with and knowledge on data discovery and classification platforms and services
* Experience with other database platforms including Oracle, SQL Server, DB2 and associated data protection imperatives and approaches to securing those data platforms
* Experience with threat modelling techniques for attacks targeting data assets within Big data/Cloud
* Excellent knowledge of legal, compliance and regulatory acts and their stipulated requirements on data protection and privacy applicable to Banking and Financial industry
* Experience with implementation of tokenization as a solution for meeting PCI-DSS compliance standards is desirable
We're here to help
At BMO Harris Bank we have a shared purpose; we put the customer at the center of everything we do - helping people is in our DNA. For 200 years we have thought about the future-the future of our customers, our communities and our people. We help our customers and our communities by working together, innovating and pushing boundaries to bring them our very best every day. Together we're changing the way people think about a bank.
As a member of the BMO Harris Bank team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one - for yourself and our customers. We'll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we'll help you gain valuable experience, and broaden your skillset.
To find out more visit us at https://bmoharriscareers.com.
BMO Harris Bank is committed to an inclusive, equitable and accessible workplace. By learning from each other's differences, we gain strength through our people and our perspectives. BMO Harris Bank N.A. is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.
#LI - RT1
About Bank of Montreal
Bank of Montreal (BMO Financial Group, BMO) is a diversified financial services provider.