BMO Financial Group Director, Network Security in Toronto, Ontario
4100 Gordon Baker Road
Job Family Group:
You will have the unique responsibility to define the network security architecture principles, standards and guidelines regarding the proper use and deployment of business applications, data and technology within the Bank. By partnering with broader stakeholders in both technology and the business, you will be accountable with overseeing the entire Network Security function at BMO and you will also gain strong exposure in the Cloud
You will create a visionary architecture roadmap and organizational strategy to align Business and IT and lead/ facilitate the design and implementation of repeatable technical solutions and processes related to technology architecture. You will also define and document efficient and transparent architecture principles, standards and guidelines regarding the proper use and deployment of business applications, data and technology within the Bank. Also, you will partner with broader stakeholders in technology and business in defining architecture possibilities and futures and work with business and development teams in recommending process or system design and enhancements. In addition, you will ensure that systems are functionally appropriate, technically sound and well-integrated. Also, you will provide immediate response to critical production program-wide problems to evaluate solutions, coordinate recovery and ensure resolution.
Manages people and leads a team capable of delivering the desired business results.
Provides leadership at an enterprise level in the analysis, planning, and design of computer/network systems.
Work with executives from various groups to provide architectural recommendations & guidance as well as executive-level presentations at the enterprise level.
Acts as a trusted advisor to senior leaders for making business decisions and implementing strategic initiatives.
Reviews architectural designs and makes recommendations for approval.
Develops an expert understanding of business/group challenges.
Networks with industry contacts to gather competitive insights and best practices.
Recommends measures to improve organizational effectiveness.
Provides input into the preparation of business cases.
Participates in architecture governance (may be as a non-voting member).
Participates in setting technical direction of the styles of computing.
Acts as a subject matter expert on relevant regulations and policies.
May consult to or serve on various committees and task forces.
Participates in 3 Year Engineering/Technical Roadmaps for one or more layers of the architecture.
Assists in the development of Information Security Strategy and Roadmap for all Security Technology domains.
Provides input on the strategic direction of Security Architecture team.
Participates in Architecture Review Meetings/Boards to ensure that the organization and architecture align with the business model of the enterprise; providing architectural direction and communicating architectural decisions, plans, goals and strategies.
Delivers architectural initiatives that drive revenue and improve efficiency to align with business strategy.
Acts as the prime contact for internal/external stakeholder relationships, which may include regulators.
Acts as the prime subject matter expert for internal/external stakeholders.
Develops a deep understanding of organizational complexity to build strong rapport with the appropriate matrix areas for the construction and delivery of the solution.
Leverages metrics and analytics to gain insight for planning, design and management to facilitate the identification of improvement opportunities.
Prepares system security reports by collecting, analyzing, and summarizing data and trends.
Breaks down strategic problems, and analyses data and information to provide insights and recommendations.
Defines project objectives for systems and technical infrastructure implementation consistent with strategic direction.
Leads Information Security projects throughout the entire project lifecycle
Solves complex system issues/failures and helps to determine root causes as well as designing resolutions.
Approves security requirements and develops secure designs for projects inside & outside of information security.
Reviews and approves security standards and procedures.
Monitors security environment; identifies security gaps; evaluates and implements enhancements to improve/upgrade security systems.
Identifies opportunities to strengthen the capability of the technology organization at BMO, such as: sharing architectural expertise to promote technical development, mentoring employees, building communities of practice and networks across technology.
Stays abreast of industry technical and business trends through participation in professional associations, practice communities & individual learning.
Creates and manages the various architecture assets for the designated portfolio and scope. Includes Applications, Data, Technologies, Processes, and Users.
Analyzes and designs viable solutions to high complexity business problems according to user specifications and oversees implementation of end-to-end integrated solutions.
Ensures sound and robust architecture and provides sufficient guidance for the successful implementation of solutions to mitigate any negative impact on Technology and Enterprise budget.
Identifies risks or issues with technology solution & design which may impact realization of project benefits and provides guidance and support to stakeholders in making good decisions to proactively resolve or mitigate potential risks/delays to the project.
Participates in the system specification review process to ensure system requirements can be translated into valid software architecture.
Identifies and researches relevant technologies, performs Proof of Concepts / Prototypes, and recommends applications of such technologies to future product architectures.
Proactively identifies and implements strategies to improve reliability, leveraging automation wherever possible.
Seeks to integrate digital methods for agile, rapid prototyping, and for customer involvement.
Plans, researches, and designs robust security architectures, standards, systems and authentication protocols for any IT project.
Participates and contributes to future Infrastructure Releases and Middleware/Hub.
Ensures that chosen technology is flexible, supportable and requires minimal maintenance.
Ensures the tactical implementation of the computing styles and architecture.
Provides security review and guidance for projects driven by groups outside of Information security, specifically developing security requirements and developing secure designs.
Reviews architectural designs and makes recommendations for improvements.
Participates in checkpoint and design reviews.
Participates in Information security projects throughout the entire project lifecycle.
Authors security standards and procedures.
Develops a complete understanding of a company’s technology and information systems.
Performs vulnerability testing, risk analyses and security assessments.
Analyzes trends to proactively prevent problems. Effectively resolves and follows-up on problems as they occur.
Develops and recommends productivity aids in all aspects of assignments to accelerate delivery.
Operates at a group/enterprise-wide level and serves as a senior specialist resource across BMO.
Influences how teams/groups work together.
Applies expertise and thinks creatively to address unique or ambiguous situations and to find solutions to multiple, interdependent, complex problems.
Communicates abstract concepts in simple terms.
Fosters strong internal and external networks and works with and across multiple teams to achieve business objectives.
Anticipates trends and responds by implementing appropriate changes.
Broader work or accountabilities may be assigned as needed.
Qualifications and experience:
Typically 9+ years of relevant experience in Information Security with 10 + years specifically in Network Security
Post-secondary degree in Information Security, Computer Science, Engineering, and/or Information Systems or a related field of study or an equivalent combination of education and experience.
Information Security certification is preferred e.g. CISSP, CISSLP, GIAC etc.
Strong experience in defining the network security patterns, network security roadmap to support network related initiatives, and defining network security solutions to govern their health and security posture.
Understands the strategic technical direction of: Middleware, Continuous Integration and Continuous Deployment Testing, Systems Management, Enterprise Data & Access Layers, Pertinent Styles of Computing - Expert.
Solid partnership expertise with enterprise architecture and engineering to identity and roll out new security solutions.
Deep experience with understanding organizational complexity to build strong rapport with the appropriate matrix areas for the construction and delivery of the solution.
Experience with participating on the Security Architecture Committee, and representing Information Security at the Enterprise Architecture meetings
Proven expertise with determining security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
Strong experience with monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
Expertise with upgrades on security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
Strong Network Security Domain experience:
Full understanding of network security architecture, engineering and experience defining controls required to protect the BMO network
Working knowledge of network protocols and security controls (Firewalls, IDS /IPS etc.)
Knowledge of network threat landscape and controls to address them.
Experience with network segmentation, SDN, lateral movements, zero trust network.
In depth experience with network security concepts and architecture.
Working knowledge of integrating network security tools in a complex environment.
General Security experience:
Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF
Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
Sufficient business knowledge to assess impact of applied technology on customer’s business processes.
Working knowledge of NIST/ISO security frameworks.
In depth knowledge of network protocols and networking infrastructure.
In depth knowledge of Information Security risk, and industry best practices with minimum of 5 years relevant experience
Working knowledge of the technical areas such as data warehouses, mainframes, networks, applications etc.
In depth knowledge of Corporate Policies, Standards, and operating procedures relating to information security risk
In depth knowledge of the technology domain the architecture is being developed for. E.g. Databases, Product, Service, etc.
Knowledge of project management methodology and its applicability to successful delivery of technical change.
Possesses a deep understanding and problem-solving ability of Information Technology of various scale, degree and dimension of complexity
Proficient in the techniques that go into producing designs of complex systems, including requirements discovery and analysis, formulation of solution context, identification of solution alternatives and their assessment, technology selection, and design configuration.
Strong experience with strengthening the capability of an organization, such as: sharing architectural expertise to promote technical development, mentoring employees, building communities of practice and networks across technology.
Strong experience with staying abreast of industry technical and business trends through participation in professional associations, practice communities & individual learning.
Expertise with architectural expertise & domain knowledge to advise & guide senior leaders
Expertise with serving as an escalation point for Security Architects
Proven experience with managing a team of network security professionals to lead the network security portfolio.
Experience with providing side by side coaching for less experienced Architects and Engineers
Additional required experience:
Knowledge of computer or network systems hardware and software theory, practice, concepts and technology relevant to organizational vision - Expert.
Sufficient business knowledge to assess impact of applied technology on customer’s business processes.
Knowledge of project management methodology and its applicability to successful delivery of technical change - Expert.
Understanding and problem-solving ability of Information Technology of various scale, degree and dimension of complexity - Expert.
Proficient in the in the techniques that go into producing designs of complex systems, including requirements discovery and analysis, formulation of solution context, identification of solution alternatives and their assessment, technology selection, and design configuration.
Knowledge of network protocols and networking infrastructure - In-depth.
Knowledge of Information Security risk, and industry best practices with minimum of 5 years relevant experience - In-depth.
Knowledge of the technical areas such as data warehouses, mainframes, networks, applications etc. - In-depth.
Knowledge of Corporate Policies, Standards, and operating procedures relating to information security risk - In-depth.
Knowledge of the technology domain the architecture is being developed for. E.g. Databases, Product, Service, etc. - Expert.
Knowledge of the organization's technologies and architectures - Expert.
Deep technical and system-level expertise in one or more technology areas.
Seasoned expert with extensive industry knowledge.
Technical leader viewed as a thought leader for innovation.
Verbal & written communication skills - Expert.
Analytical and problem-solving skills - Expert.
Influence skills - Expert.
Collaboration & team skills; with a focus on cross-group collaboration - Expert.
Able to manage ambiguity.
Data driven decision making - Expert.
We’re here to help
At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.
As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.
To find out more visit us at https://bmocareers.com.
BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.
BMO Financial GroupServing customers for 200 years and counting, BMO is a highly diversified financial services provider – the 8th largest bank, by assets, in North America. With total assets of $728 billion as of October 31, 2018, and a team of diverse and highly engaged employees, BMO provides a broad range of personal and commercial banking, wealth management and investment banking products and services to more than 12 million customers and conducts business through three operating groups: Personal and Commercial Banking, BMO Wealth Management and BMO Capital Markets.We serve Canadian clients through BMO Bank of Montreal®, our personal and commercial banking business, BMO Nesbitt Burns®*, one of Canada's leading wealth management firms, and BMO Capital Markets™, our North American investment and corporate banking division.In the United States, clients are served through BMO Harris Bank, a major U.S. Midwest personal and commercial bank, and BMO Private Bank, with wealth management offices across the United States, as well as BMO Capital Markets™, our North American investment and corporate banking division.We help our customers make money make sense by delivering the broadest range of financial services through a single point of contact. Our financial service professionals provide access to any services our customers require across the entire enterprise.