BMO Financial Group Technology Information Security Officer - Application Security in Toronto, Ontario
YSC - 2 Sheppard Avenue East
Job Family Group:
Technology Information Security Officer (Application Security) – Grade 8
At our company, we have been helping our customers and communities for over 190 years. Working with us means being part of a team of talented, passionate individuals with a shared focus on working together to deliver great customer experiences. We stand behind your success with the support you need to turn your potential into performance.
BMO Financial Group is committed to an inclusive, equitable and accessible workplace. By embracing diversity, we gain strength through our people and our perspectives.
This position is for the role of Technology Information Security Officer (TISO) at BMO for providing services to technology development group. The TISO is accountable to ensure that information security risks within the assigned projects are identified, assessed and reported, appropriate controls are in place, and procedures and activities comply with BMO Information Security policies, standards and operating procedures, industry best practices and regulatory requirements. In addition, the TISO is the center of competence for Information Security, providing advisory services, and is aligned to the line of business.
Consulting and Advisory
Governance and Control
Training and Awareness
- Consulting and Advisory:
Work closely with project personnel, stakeholders, and senior management to identify Information Security related risks and controls
Understand business, local and Information Security strategies as they relate to the project.
Provide Information security requirements, advice and counsel to project personnel ensuring alignment to IS processes and solutions
Contribute to Application Security Risk Assessment (ASRA) work on identified applications
Manage/facilitate security due diligence activities throughout the Application Software Development Life Cycle (SDLC) to ensure that security risks are identified and controls are implemented to mitigate risk
Evaluate and assess emerging security threats and vulnerabilities in project and work with Security Architecture team to identify appropriate controls.
Be an advocate for Information Security solutions and standards
Work as Information Security subject matter expert and provide expertise
Be a subject matter expert on security controls applicable to rapid software development methodologies and DevOps automation
- Governance and Control:
Direct and monitor due diligence of information security risk processes and results on projects
Identifies, evaluates the magnitude and documents information security risks in the project and ensures necessary approvals are obtained
Oversees and manages information security issues in Issue Management System that are assigned to ensure these are current, accurate and are supported by sound resolution plans or formal risk acceptance by business executive
Process security vulnerability exceptions that are assigned to ensure rationale, plan and timeline are reasonable
Review and provide recommendations to IS policies, standards, guidelines/ processes when required by management
Escalate potential or unresolved security issues to management for resolution as appropriate
Communication and Reporting: Consolidate, interpret and report key information security risk for the project and understand effectiveness of controls in managing the key risks. This includes contribution to centralized reporting efforts, and initiation of ad hoc analyses and reporting for a variety of stakeholders to ensure that appropriate parties are aware of security issues.
Training and Awareness:
Participate, facilitate and deliver training and awareness to promote Information Security within development teams
Promoting centralized training and awareness opportunities to ensure participation from development teams
Spreading awareness and knowledge of good Information Security practices in development teams
This role requires the incumbent to interact with the following processes and/or groups in BMO FG:
Chief Information Officer (CIO), Lead Technology Officer (LTO), Senior Technology Officer (STO), development staff and SDLC process of supported portfolio
Chief Information Security Officer (CISO)
Other Information Security teams
Other TISOs and BISOs
Supplier Relationship Owners/Procedures,
Corporate Risk Areas
KNOWLEDGE AND SKILLS:
In depth knowledge of Application Security, Information Security risk and industry best practices
Knowledge based on hands on experience in implementing security in rapid software development methodologies (like, Agile) and DevOps automation
Working knowledge of the technical areas supported e.g. data warehouses, mainframes, networks, etc.
Working knowledge of BMO Operating Group businesses, or equivalent knowledge from other financial institutions
Working knowledge of policies, standards and operating procedures in large organizations relating to information security risk
Information Security certification e.g. CISSP, CISSLP, GIAC etc.
Advanced analytic skills
Highly developed communication skills, both verbal and written
Strong relationship management skills
Specialization in any of the following areas is highly desirable:
Experience in working in a large application software development organization as software developer
Application Security (e.g. defensive programming, source code analysis, application penetration testing, threat modelling)
BMO Financial Group thanks all applicants. We advise only those who qualify for an interview will be contacted
We’re here to help
At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.
As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.
To find out more visit us at https://bmocareers.com.
BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.
BMO Financial GroupServing customers for 200 years and counting, BMO is a highly diversified financial services provider – the 8th largest bank, by assets, in North America. With total assets of $728 billion as of October 31, 2018, and a team of diverse and highly engaged employees, BMO provides a broad range of personal and commercial banking, wealth management and investment banking products and services to more than 12 million customers and conducts business through three operating groups: Personal and Commercial Banking, BMO Wealth Management and BMO Capital Markets.We serve Canadian clients through BMO Bank of Montreal®, our personal and commercial banking business, BMO Nesbitt Burns®*, one of Canada's leading wealth management firms, and BMO Capital Markets™, our North American investment and corporate banking division.In the United States, clients are served through BMO Harris Bank, a major U.S. Midwest personal and commercial bank, and BMO Private Bank, with wealth management offices across the United States, as well as BMO Capital Markets™, our North American investment and corporate banking division.We help our customers make money make sense by delivering the broadest range of financial services through a single point of contact. Our financial service professionals provide access to any services our customers require across the entire enterprise.