BMO Financial Group Application Security Architect in Virtual, Ohio
200 W Adams Street
Job Family Group:
The Financial Crimes Unit (FCU) brings together our Cybersecurity, Fraud, Physical Security and Resilience Planning capabilities to address the ever-growing and increasingly complex global security environment. It is a highly collaborative effort that greatly enhances BMO’s ability to rapidly prevent, detect, respond to, and recover from all security & crisis threats. This position offers a unique experience to learn from experienced leaders in the industry, join a team building the 21st century model for security and helping grow the good by protecting our customers and communities.
BMO’s Security Architecture group is a senior-level function that is responsible for providing secure solutions and services which safely enable BMO’s enterprise computing systems. We help ensure that business solutions meet security and compliance mandates, partnering with stakeholders across the enterprise to get the job done.
In this role, you will create an architecture roadmap and organizational strategy to align business and IT and you will lead/facilitate the design and implementation of repeatable technical solutions and processes related to technology architecture. In addition, you will define and document efficient and transparent architecture principles, standards and guidelines regarding the proper use and deployment of business applications, data and technology within the Bank. Furthermore, you will partner with broader stakeholders in technology and business in defining architecture possibilities and futures. By working with business and development teams, you will be recommending process or system design and enhancements. You will also ensure that systems are functionally appropriate, technically sound and well-integrated and provide immediate response to critical production program-wide problems to evaluate solutions, coordinate recovery and ensure resolution.
Works with managers and senior individual contributors (within group) to provide architectural recommendations & guidance as well as executive-level presentations at the enterprise level.
Provides architectural expertise & domain knowledge to advise & guide senior leaders.
Participates in architecture governance (may be as a non-voting member).
Acts as a subject matter expert on relevant regulations and policies.
Assists in the development of Information Security Roadmaps.
Acts as the prime subject matter expert for internal/external stakeholders.
Develops a deep understanding of organizational complexity to build strong rapport with the appropriate matrix areas for the construction and delivery of the solution.
Leverages metrics and analytics to gain insight for planning, design and management to facilitate the identification of improvement opportunities.
Breaks down strategic problems, and analyses data and information to provide insights and recommendations.
Identifies opportunities to strengthen the capability of the technology organization at BMO, such as: sharing architectural expertise to promote technical development, mentoring employees, building communities of practice and networks across technology.
Stays abreast of industry technical and business trends through participation in professional associations, practice communities & individual learning.
Analyzes and designs viable solutions to high complexity business problems according to user specifications and oversees implementation of end-to-end integrated solutions.
Ensures sound and robust architecture and provides sufficient guidance for the successful implementation of solutions to mitigate any negative impact on Technology and Enterprise budget.
Identifies risks or issues with technology solution & design which may impact realization of project benefits and provides guidance and support to stakeholders in making good decisions to proactively resolve or mitigate potential risks/delays to the project.
Participates in the system specification review process to ensure system requirements can be translated into valid software architecture.
Identifies and researches relevant technologies, performs Proof of Concepts / Prototypes, and recommends applications of such technologies to future product architectures.
Plans, researches, and designs robust security architectures, standards, systems and authentication protocols for any IT project.
Ensures that chosen technology is flexible, supportable and requires minimal maintenance.
Provides security review and guidance for projects driven by groups outside of Information security, specifically developing security requirements and developing secure designs.
Reviews architectural designs and makes recommendations for improvements.
Participates in checkpoint and design reviews.
Participates in Information security projects throughout the entire project lifecycle.
Authors security standards and procedures.
Develops a complete understanding of a company’s technology and information systems.
Performs vulnerability testing, risk analyses and security assessments.
Analyzes trends to proactively prevent problems. Effectively resolves and follows-up on problems as they occur.
Develops and recommends productivity aids in all aspects of assignments to accelerate delivery.
Operates at a group/enterprise-wide level and serves as a specialist resource to senior leaders and stakeholders.
Applies expertise and thinks creatively to address unique or ambiguous situations and to find solutions to problems that can be complex and non-routine.
Implements changes in response to shifting trends.
Broader work or accountabilities may be assigned as needed
Min of 10+ years of security experience – candidates that started as a Security Engineer and moved into Security Architecture preferred
Experience as an Application Security Architect operating at an enterprise level
Expertise with Application Security or Platform Security required
Must have the technical depth to assist with the build and design of security solutions for projects and closely collaborate with the appropriate people to get the job done.
Will be engaged on multiple, highly visible projects during their career at BMO. Candidate must have excellent time management and organizational skills.
Knowledge of microservice application architecture patterns and security best practices.
Knowledge of Risk Management lifecycles based on an established framework such as: NIST CSF; ISO27001/17/18; FFIEC; OSFI; etc.
U.S. & Canadian Banking regulations experience, as it pertains to Information Security, is preferred
Knowledge of policy and security architecture frameworks such as SABSA is desirable
Security certifications such as CISSP, CISA, CRISC, SABSA, CCSP, CCSK or equivalent is preferred.
Excellent verbal, written and interpersonal skills
Typically 7+ years of relevant experience and a post-secondary degree in Computer Science, Engineering, or Information Systems or a related field of study or an equivalent combination of education and experience.
Knowledge of Zero Trust Architecture principles and best practices.
Knowledge of DevSecOps. Candidates that have had experience in implementing successful DevSecOps programs preferred.
Familiarity with IoT (Internet of Things) security risks and concerns.
Sufficient business knowledge to assess impact of applied technology on customer’s business processes.
Knowledge of project management methodology and its applicability to successful delivery of technical change.
Understanding and problem solving ability of Information Technology of various scale, degree and dimension of complexity - In-depth.
Proficient in the techniques that go into producing designs of complex systems, including requirements discovery and analysis, formulation of solution context, identification of solution alternatives and their assessment, technology selection, and design configuration.
Knowledge of Information security risk, and industry best practices with minimum of 2 years relevant experience - Working.
Knowledge of the technical areas such as data warehouses, mainframes, networks, applications etc. - Working.
Knowledge of Corporate Policies, Standards, and operating procedures relating to information security risk.
Knowledge of the technology domain the architecture is being developed for. E.g. Databases, Product, Service, etc. - Working.
Deep technical and system-level expertise in one or more technology areas.
Seasoned professional with a combination of education, experience and industry knowledge.
Verbal & written communication skills - In-depth / Expert.
Analytical and problem solving skills - In-depth / Expert.
Influence skills - In-depth / Expert.
Collaboration & team skills; with a focus on cross-group collaboration - In-depth / Expert.
Able to manage ambiguity.
Data driven decision making - In-depth / Expert.
We’re here to help
At BMO Harris Bank we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.
As a member of the BMO Harris Bank team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.
To find out more visit us at https://jobs.bmoharris.com.
BMO Harris Bank is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. BMO Harris Bank N.A. is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.
BMO Financial Group Serving customers for 200 years and counting, BMO is a highly diversified financial services provider – the 8th largest bank, by assets, in North America. With total assets of $728 billion as of October 31, 2018, and a team of diverse and highly engaged employees, BMO provides a broad range of personal and commercial banking, wealth management and investment banking products and services to more than 12 million customers and conducts business through three operating groups: Personal and Commercial Banking, BMO Wealth Management and BMO Capital Markets.We serve Canadian clients through BMO Bank of Montreal®, our personal and commercial banking business, BMO Nesbitt Burns®*, one of Canada's leading wealth management firms, and BMO Capital Markets™, our North American investment and corporate banking division.In the United States, clients are served through BMO Harris Bank, a major U.S. Midwest personal and commercial bank, and BMO Private Bank, with wealth management offices across the United States, as well as BMO Capital Markets™, our North American investment and corporate banking division.We help our customers make money make sense by delivering the broadest range of financial services through a single point of contact. Our financial service professionals provide access to any services our customers require across the entire enterprise.