Senior Security Architect - Infrastructure Bmo Financial Group
Chicago, IL

Job Description

Global Information & Technology Risk Management (GITRM) is a division of BMO that combines Information Security, Information Management and Technology Risk into a comprehensive department. GITRM's mandate is to provide sound governance and guidance on information and technology risk and to provide critical services central to protecting the Bank against cyber threats. The core principle of Information Security is to protect the confidentiality, integrity, and availability of information. GITRM achieves this through the development and implementation of strategies, investment plans, services and solutions that support and enable BMO lines of business to operate securely in an increasingly connected global environment.

This includes:

* Setting and driving adoption of the overall strategy for information and technology risk, including cyber security, for the Bank
* Establishing and providing governance over the policies, standards, and directives that guide the lines of business in protecting their information and technology assets within the boundaries of their risk appetite
* Delivering enterprise solutions and services that support the cyber security strategy in a timely and cost effective manner

Common Accountabilities

Success at BMO is driven by our focus on customers, effective financial management and risk & control as well as living Being BMO every day. The following statements for customer, financial, risk and change/improve apply to every job within Information Security.

Customer

* Create & operate stable, optimized, and efficient solutions in consideration of the customer experience and business strategies
* Embrace and work effectively in a strong customer-centric team-oriented environment

Financial

* Meet our financial objectives
* Run an efficient and effective Information Security function which uses common assets, reduces ongoing costs and increases service level performance

Risk

* Promote a strong risk management culture
* Establish appropriate mitigating controls and assess the effectiveness of these controls

Change/Improve

* Continuously learn and make changes that improve personal and team effectiveness
* Make recommendations to improve BMO processes and systems

Security Architecture

Creates a visionary architecture roadmap and organizational strategy to align Business and IT; leads and facilitates the design and implementation of technical solutions and processes related to technology architecture.

* Core: Defines the architecture principles, standards and guidelines regarding the proper use and deployment of business applications, data and technology within the Bank. Partners with broader stakeholders in technology and business in defining architecture possibilities and futures.
* System Engineering: Works with Business, support development teams in recommending process or system design and enhancements. Ensures that systems are functionally appropriate, technically sound and well-integrated.
* Production Support: Provides immediate response to critical production program wide problems. Presents and evaluates alternatives, coordinating and ensuring resolution.
* Education: Computer Science, Engineering, Information Systems.
* Background: Deep technical and system-level expertise in one or more technology areas.

Senior Security Architect

Key Accountabilities

* The individual be the senior infrastructure security architect defining the security patterns, roadmap to support infrastructure related initiatives.
* Create and manage the various key architecture assets for the designated portfolio and scope.
* Create and drive the security architecture roadmap and patterns for his / her domain.
* Ensures sound and robust security architecture and provide sufficient guidance for the successful implementation of solutions to mitigate any negative impact on Technology and Enterprise budget.
* Identifies risks or issues with technology solution & design which may impact realization of project benefits and provide guidance and support to stakeholders in making good decisions to pro-actively resolve or mitigate potential risks/delays to the project.
* Participates in the system specification review process to ensure system requirements can be translated into valid software architecture.
* Identifies and researches relevant technologies, performs Proof of Concepts / Prototypes, and recommends applications of such technologies to future product architectures.
* Provides input into the preparation of business case.
* Proactively identifies and implements strategies to improve reliability, leveraging automation wherever possible.
* Seeks to integrate digital methods for agile, rapid prototyping, and for customer involvement.
* Leverage metrics and analytics to gain insight for planning, design and management to facilitate the identification of improvement opportunities.
* Designs and oversees implementation of end-to-end integrated solutions.
* Develops a deep understanding of organizational complexity to build strong rapport with the appropriate matrix areas for the construction and delivery of the solution.
* Actively participates and contributes to future Infrastructure Releases and Middleware/Hub.
* Ensures that chosen technology is flexible, supportable and requires minimal maintenance.
* Ensures the tactical implementation of the computing styles and architecture.
* Approves security requirements and developing secure designs for projects inside & outside of information security
* Provides input on the strategic direction of Security Architecture team
* Assists in the development of Information Security Strategy and Roadmap for all Security Technology domains
* Reviews architectural designs and makes recommendations for approval
* Participates on the Security Architecture Committee
* Represents Information Security at the Enterprise Architecture meetings
* Leads Information Security projects throughout the entire project lifecycle
* Reviews and approves security standards and procedures
* Provides side by side coaching for less experienced Architects and Engineers
* Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
* Manages security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
* Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
* Creates and maintains current state of architecture in his/her area which includes:
* Applications
* Data
* Technologies
* Processes
* Users

Domain Security Knowledge

* Full understanding of infrastructure security architecture and experience defining controls required to protect infrastructure on premise and in cloud
* Understanding of the threat landscape and controls needed to protect infrastructure
* Full understanding infrastructure tech stack - hardware, hypervisor, containers etc.
* Practical experience of cloud architecture and methods to protect cloud infrastructure

General Security Knowledge

* Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF
* Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
* Sufficient business knowledge to assess impact of applied technology on customer's business processes.
* Working knowledge of NIST/ISO security frameworks.
* In depth knowledge of network protocols and networking infrastructure.
* In depth knowledge of Information Security risk, and industry best practices with minimum of 5 years relevant experience
* Working knowledge of the technical areas such as data warehouses, mainframes, networks, applications etc.
* In depth knowledge of Corporate Policies, Standards, and operating procedures relating to information security risk
* In depth knowledge of the technology domain the architecture is being developed for. E.g. Databases, Product, Service, etc.
* Knowledge of project management methodology and its applicability to successful delivery of technical change.
* Understands the strategic technical direction of:
* Middleware
* Continuous Integration and Continuous Deployment
* Testing
* Systems Mgmt.
* Enterprise Data & Access Layers
* Pertinent Styles of computing
* Actively participates architecture governance (may be as a non-voting member)
* Actively participates in setting technical direction of the styles of computing
* Actively participates in checkpoint and design reviews
* Possesses a deep understanding and problem solving ability of Information Technology of various scale, degree and dimension of complexity
* Proficient in the techniques that go into producing designs of complex systems, including requirements discovery and analysis, formulation of solution context, identification of solution alternatives and their assessment, technology selection, and design configuration.

Leadership

* Identifies opportunities to strengthen the capability of the technology organization at BMO, such as: sharing architectural expertise to promote technical development, mentoring employees, building communities of practice and networks across technology.
* Stays abreast of industry technical and business trends through participation in professional associations, practice communities & individual learning.
* Provides architectural expertise & domain knowledge to advise & guide senior leaders
* Serves as escalation point for Security Architects

We're here to help

At BMO Harris Bank we have a shared purpose; we put the customer at the center of everything we do - helping people is in our DNA. For 200 years we have thought about the future-the future of our customers, our communities and our people. We help our customers and our communities by working together, innovating and pushing boundaries to bring them our very best every day. Together we're changing the way people think about a bank.

As a member of the BMO Harris Bank team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one - for yourself and our customers. We'll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we'll help you gain valuable experience, and broaden your skillset.

To find out more visit us at https://bmoharriscareers.com.

BMO Harris Bank is committed to an inclusive, equitable and accessible workplace. By learning from each other's differences, we gain strength through our people and our perspectives. BMO Harris Bank N.A. is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.