Business Information Security Officer
The Business Information Security Advisor/Officer (BISO) is a front line role within Global Information & Technology Risk Management (GI&TRM) to provide consultation, advice and support to BMO Line of Business in implementation of secure business solution. BISO is the center of competence for Information Security and plays an active role to support business executive team on cyber security awareness, align business strategy with information security strategy and act as an enabler for the business. BISO has the accountability to ensure that Information Security Risks within their assigned portfolios are identified, assessed & reported; appropriate controls are in place (or put in place); and local procedures & activities comply with BMO Information Security (IS) policies, standards operating procedures, industry best practices and regulatory requirements. In order to be successful in the position the successfully candidate should ideally have:
- Business and Information Security background
- Risk Management skills
- Strong verbal and written communication skills
- Banking Industry experience
Qualifications Job Qualifications
- Consulting, Advisory and Control
- Communication & Reporting
- Liaison between Business Team, GI&TRM and CIO/Technology organization
- Training and Awareness
- Consulting, Advisory & Control
- Work closely with business executive team, portfolio personnel, stakeholders, and senior management to identify Information Security risks and controls.
- Understand Business and Information Security strategies as they relate to the portfolio
- Work as an Information Security subject matter expert and provide expertise in regards to their support area or portfolio
- Provide Information security requirements, advice and counsel to portfolio personnel, project teams, and the Business ensuring alignment to IS processes and solutions
- Evaluate and assess emerging security threats and vulnerabilities in portfolio and work with portfolio personnel to identify appropriate controls.
- Provide portfolio personnel guidance in understanding and responding to security incidents with appropriate stakeholders.
- Be an advocate for IS solutions and standards.
- Implement information security risk governance and control framework for the local organization that incorporates a consistent, sustainable methodology for identifying, assessing, and documenting information security risk that provides early warning of potential failure to meet information security requirements.
- Directs and monitors due diligence of information security risk processes and results on an ongoing basis
- Identifies, evaluates the magnitude and documents information security risks in the portfolio and ensures necessary approvals are obtained.
- Oversees and manages portfolio of Information Risk Issues to ensure these are current, accurate and are supported by sound resolution plans or formal risk acceptance by business executive.
- Complete portfolio level risk assessments
- Interprets and acts on IS reports.
- Ensure compliance to standards specific to the local organization, consistent with IS policies and guidelines.
- Review and provide recommendations to IS policies, standards, guidelines/ processes.
- Escalate potential or unresolved security issues to management for resolution as appropriate.
- Communication And Reporting
- Establish communication with Business Executive and CIO organization to communicate security posture, opportunities and drive action
- Consolidate, interpret and report key information security risk, trends for the portfolio and understand effectiveness of controls in managing the key risks.
- Contribute to centralized reporting efforts, and initiation of ad hoc analyses and reporting for a variety of stakeholders within the portfolio to ensure that appropriate parties are aware of security issues.
Liaison between Business Team, GI&TRM and CIO/Technology organization
- Meet regularly with Business and Technology executives to ensure consistent communication
- Build relationship with functional and technology teams
- I integrate Information Security controls into Business practices
- Training And Awareness
- Participate, facilitate and deliver training and awareness to promote Information Security within the assigned portfolio.
- Promoting centralized training and awareness opportunities to ensure participation from assigned group.
- Spreading awareness and knowledge of good Information Security practices in the general and specific local populations.
- Assist local organizations in developing and implementing their own unit or role specific Information Security training and awareness programs as appropriate.
- Knowledge and experience in the field of Information Security
- Strong understanding of cyber security trends and events
- Working knowledge of BMO Operating Group businesses, or equivalent knowledge from other financial institutions
- Working knowledge of policies, standards and operating procedures in large organizations relating to information security risk
- Information Security certification e.g. CISSP, CISSLP, GIAC etc. is desired
We're here to help
- Advanced analytic skills
- Highly developed communication skills, both verbal and written
- Strong relationship management skills
- Problem solving
- Project management (optional)
At BMO we have a shared purpose; we put the customer at the centre of everything we do - helping people is in our DNA. For 200 years we have thought about the future-the future of our customers, our communities and our people. We help our customers and our communities by working together, innovating and pushing boundaries to bring them our very best every day. Together we're changing the way people think about a bank.
As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one - for yourself and our customers. We'll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we'll help you gain valuable experience, and broaden your skillset.
To find out more visit us at https://bmocareers.com .
BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other's differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.