An Information Security Risk Officer is responsible for applying Information Security Risk knowledge and expertise to assist with Second Line of Defense activities to help strengthen the enterprise information security posture and ensure regulatory compliance
* Ensure an independent view of information security capabilities, effectiveness and maturity, and create a real-time reporting mechanism with real-time data to support the view while keeping key stakeholders informed * Jointly accountable with 1st Line Information Security leaders to ensure that IS capabilities are effective, current, industry leading and conform to our standards * Provide effective challenge of strategy, day-to-day operations and gap remediation with the goal to ensure adequate protection of digital assets at the bank * Ensure that all controls are defined to ensure all regulatory requirements are met, designed effectively with clear documentation and implemented with clear visibility into the evidence that control is working effectively. * Ensure that all gaps in controls are proactively identified and action plans for risk treatment are in place and tracked with accountability established. * Ensure that each competency in the information security domain has a defined strategy. * Establish capability to review data on a real time basis to ensure risks are identified and treated in a timely manner. * Establish a quantifiable mechanism to report risks leveraging the FAIR methodology.
Accountable for the identification and support of information security risk needs for EI&TRM.
Scope and Impact
This job contributes to EI&TRM by providing second line management of BMO's efforts to reduce and manage risk.
Knowledge and Skills
* Bachelor's degree in Information Technology, Computer Science, Business Administration, or relevant educational and professional experience * Advanced knowledge and experience on information security across all platforms and across all business units to include networking, applications, identity and access management, operating systems, cloud services, email gateway, privileged access management, vulnerability management, database security and endpoint security CISSP (Certified Information Systems Security Professional) certification or candidate for certification highly preferred * CISA (Certified Information Security Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control) or CIPP (Certified Information Privacy Professional) certifications helpful, but not required Experience working with ISO 27001 (or similar) security framework, PCI DSS and CSA CCM standards in operational IT environment required * Experience applying other security frameworks (e.g., CSF, COBIT), laws and standards (e.g. Sarbanes-Oxley, GDPR, HIPAA) helpful, but not required * Working experience with IT Security risk frameworks such as ISO 27005, OCTAVE, FAIR, NIST RMF very helpful * Operational experience in applying risk frameworks to technologies (including cloud, containers) and continuous processes (including DevOps and Agile software deployment) very helpful * Working knowledge of compliance tools such as the Unified Compliance Framework (UCF) Common Controls Hub (CCH) helpful, but not required * Must be able to work in a collaborative team environment with individuals at appropriate levels of the Company * Effective negotiation skills * Good verbal and written communication, facilitation, and interpersonal skills
Analyze Issues and Solve Problems, Understand Strategies, Identify Improvements, Seek Customer Satisfaction, Establish Plans, Execute Efficiently, Show Initiative, Solicit Support, Encourage Commitment, Select and Develop, Communicate Effectively, Relate Well to Others, Demonstrate Credibility, Readily Adapt
We're here to help
At BMO Harris Bank we have a shared purpose; we put the customer at the center of everything we do - helping people is in our DNA. For 200 years we have thought about the future-the future of our customers, our communities and our people. We help our customers and our communities by working together, innovating and pushing boundaries to bring them our very best every day. Together we're changing the way people think about a bank.
As a member of the BMO Harris Bank team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one - for yourself and our customers. We'll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we'll help you gain valuable experience, and broaden your skillset.
To find out more visit us at https://bmoharriscareers.com.
BMO Harris Bank is committed to an inclusive, equitable and accessible workplace. By learning from each other's differences, we gain strength through our people and our perspectives. BMO Harris Bank is an Equal Opportunity Employer for all, inclusive of Minorities, Women, Veterans, and Persons with Disabilities.
About Bmo Financial Group
Bank of Montreal (BMO Financial Group, BMO) is a diversified financial services provider.