Global Information & Technology Risk Management (GITRM) Mandate
Global Information & Technology Risk Management (GITRM) is a division of BMO that combines Information Security, Information Management and Technology Risk into a comprehensive department. GITRM’s mandate is to provide sound governance and guidance on information and technology risk and to provide critical services central to protecting the Bank against cyber threats. The core principle of Information Security is to protect the confidentiality, integrity, and availability of information. GITRM achieves this through the development and implementation of strategies, investment plans, services and solutions that support and enable BMO lines of business to operate securely in an increasingly connected global environment.
Setting and driving adoption of the overall strategy for information and technology risk, including cyber security, for the Bank
Establishing and providing governance over the policies, standards, and directives that guide the lines of business in protecting their information and technology assets within the boundaries of their risk appetite
Delivering enterprise solutions and services that support the cyber security strategy in a timely and cost effective manner
Success at BMO is driven by our focus on customers, effective financial management and risk & control as well as living Being BMO every day. The following statements for customer, financial, risk and change/improve apply to every job within Information Security.
Create & operate stable, optimized, and efficient solutions in consideration of the customer experience and business strategies
Embrace and work effectively in a strong customer-centric team-oriented environment
Meet our financial objectives
Run an efficient and effective Information Security function which uses common assets, reduces ongoing costs and increases service level performance
Promote a strong risk management culture
Establish appropriate mitigating controls and assess the effectiveness of these controls
Continuously learn and make changes that improve personal and team effectiveness
Make recommendations to improve BMO processes and systems
Security Architecture Job Family Mandate
Creates a visionary architecture roadmap and organizational strategy to align Business and IT; leads and facilitates the design and implementation of technical solutions and processes related to technology architecture.
Core: Defines the architecture principles, standards and guidelines regarding the proper use and deployment of business applications, data and technology within the Bank. Partners with broader stakeholders in technology and business in defining architecture possibilities and futures.
System Engineering: Works with Business, support development teams in recommending process or system design and enhancements. Ensures that systems are functionally appropriate, technically sound and well-integrated.
Production Support: Provides immediate response to critical production program wide problems. Presents and evaluates alternatives, coordinating and ensuring resolution.
Education: Computer Science, Engineering, Information Systems.
Background: Deep technical and system-level expertise in one or more technology areas.
Senior Security Architect
The individual be the senior cryptography architect supporting strategic crypto initiatives, and creating crypto recommendations.
Create and manage the various key architecture assets for the designated portfolio and scope.
Create and drive the security architecture roadmap and patterns for his / her domain.
Ensures sound and robust security architecture and provide sufficient guidance for the successful implementation of solutions to mitigate any negative impact on Technology and Enterprise budget.
Identifies risks or issues with technology solution & design which may impact realization of project benefits and provide guidance and support to stakeholders in making good decisions to pro-actively resolve or mitigate potential risks/delays to the project.
Participates in the system specification review process to ensure system requirements can be translated into valid software architecture.
Identifies and researches relevant technologies, performs Proof of Concepts / Prototypes, and recommends applications of such technologies to future product architectures.
Provides input into the preparation of business case.
Proactively identifies and implements strategies to improve reliability, leveraging automation wherever possible.
Seeks to integrate digital methods for agile, rapid prototyping, and for customer involvement.
Leverage metrics and analytics to gain insight for planning, design and management to facilitate the identification of improvement opportunities.
Designs and oversees implementation of end-to-end integrated solutions.
Develops a deep understanding of organizational complexity to build strong rapport with the appropriate matrix areas for the construction and delivery of the solution.
Actively participates and contributes to future Infrastructure Releases and Middleware/Hub.
Ensures that chosen technology is flexible, supportable and requires minimal maintenance.
Ensures the tactical implementation of the computing styles and architecture.
Approves security requirements and developing secure designs for projects inside & outside of information security
Provides input on the strategic direction of Security Architecture team
Assists in the development of Information Security Strategy and Roadmap for all Security
Reviews architectural designs and makes recommendations for approval
Participates on the Security Architecture Committee
Represents Information Security at the Enterprise Architecture meetings
Leads Information Security projects throughout the entire project lifecycle
Reviews and approves security standards and procedures
Provides side by side coaching for less experienced Architects and Engineers
Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
Manages security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
Creates and maintains current state of architecture in his/her area which includes:
Domain Security Knowledge
Full understanding of cryptography domain.
Deep knowledge of various encryption standards, protocols, their usage, and ways to implement them
Working knowledge of HSM operations, full grasp on key management.
Well versed on concepts such as Block chain, Quantum Computing etc.
Ability to dimension the pros and cons of crypto protocols and methods.
General Security Knowledge
Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF
Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
Sufficient business knowledge to assess impact of applied technology on customer’s business processes.
Working knowledge of NIST/ISO security frameworks.
In depth knowledge of network protocols and networking infrastructure.
In depth knowledge of Information Security risk, and industry best practices with minimum of 5 years relevant experience
Working knowledge of the technical areas such as data warehouses, mainframes, networks, applications etc.
In depth knowledge of Corporate Policies, Standards, and operating procedures relating to information security risk
In depth knowledge of the technology domain the architecture is being developed for. E.g. Databases, Product, Service, etc.
Knowledge of project management methodology and its applicability to successful delivery of technical change.
Understands the strategic technical direction of:
Continuous Integration and Continuous Deployment
Enterprise Data & Access Layers
Pertinent Styles of computing
Actively participates architecture governance (may be as a non-voting member)
Actively participates in setting technical direction of the styles of computing
Actively participates in checkpoint and design reviews
Possesses a deep understanding and problem solving ability of Information Technology of various scale, degree and dimension of complexity
Proficient in the techniques that go into producing designs of complex systems, including requirements discovery and analysis, formulation of solution context, identification of solution alternatives and their assessment, technology selection, and design configuration.
Identifies opportunities to strengthen the capability of the technology organization at BMO, such as: sharing architectural expertise to promote technical development, mentoring employees, building communities of practice and networks across technology.
Stays abreast of industry technical and business trends through participation in professional associations, practice communities & individual learning.
Provides architectural expertise & domain knowledge to advise & guide senior leaders
Serves as escalation point for Security Architects
10 - 15 years of work experience in related fields
Work with executives from various groups to provide architectural recommendations & guidance as well as executive-level presentations at the enterprise level
Responsible for participating in 3 Year Engineering/Technical Roadmaps for one or more layers of the architecture.
Participates in Architecture Review Meetings/Boards to ensure that the organization and architecture align with the business model of the enterprise.
Provides architectural direction and communicates architectural decisions, plans, goals and strategies.
Assists in projects on an as-needed basis, particularly in the design process.
Ensures that chosen technology is updated or replaced as needed; understands and balances the complete lifecycle of technical choices.
Delivers architectural initiatives that drive revenue and improve efficiency to align with business strategy.
Maintains in-depth knowledge of the organization's technologies and architectures.
Develops and maintains current and planned state architectural blueprints.
Defines project objectives for systems and technical infrastructure implementation consistent with strategic direction.
Identifies and develops operational plans across technologies and/or across systems.
Ensures that the right people from across the enterprise participate in technical design and vendor selection for projects.
Participate in solving complex system issues / failures and help determine root causes as well as designing resolutions.
Analyzes problems from multiple angles to test your own rationale. Understands the broader implications of situations; identifies potential problem areas and executes solutions before they become problems.
Information Security certification is preferred e.g. CISSP, CISSLP, GIAC etc.,
Leadership and Interpersonal Skills :
Provides guidance for technology/project development review. Coach less senior Architects and is widely recognized and sought out as a mentor from a technology perspective.
Holds organizational power in terms of influence and negotiation. Leads, supports, and influences the achievement of the mission, goals, and objectives of the department and the Bank.
Helps create a sense of “architecture community” by promoting positive development of technical job families.
Provides leadership at an enterprise level in the analysis, planning, and design of computer/network systems.
We’re here to help
At BMO Harris Bank we have a shared purpose; we put the customer at the center of everything we do – helping people is in our DNA. For 200 years we have thought about the future—the future of our customers, our communities and our people. We help our customers and our communities by working together, innovating and pushing boundaries to bring them our very best every day. Together we’re changing the way people think about a bank.
As a member of the BMO Harris Bank team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.
To find out more visit us at https://bmoharriscareers.com .
BMO Harris Bank is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. BMO Harris Bank is an Equal Opportunity Employer for all, inclusive of Minorities, Women, Veterans, and Persons with Disabilities.
Financial Crimes Unit-X012269