Managing Director - Information Security Technology Risk
BMO, Chicago, IL, United States
Identifies, assesses, remediates and reports on all non‑financial risks related to their area of expertise and ensures these risks are managed within the Bank’s risk appetite. Delivers expert advice, credible challenge, and effective oversight across the organization to identify, assess, control, and manage these risks. Provides strategic future‑forward vision of the required maturity of these risk domains, leveraging predictive analytics. Plays a critical role in ensuring the company’s risk‑taking entities are aware of the inherent risks in their activities and decisions, the impact of their actions on the company at an enterprise level, and opportunities to reduce, mitigate, or avoid risks. Works closely with colleagues across ERPM and with other businesses and functions across the enterprise.
Provides oversight of 1st line activities establishing the risk frameworks required to mitigate Non‑Financial Risk exposures, ensuring compliance with regulatory requirements, Corporate Policies, Corporate Standards, and other directives.
Provides subject‑matter expertise, specialist support, and oversight for transactions and circumstances representing significant risk exposures to the Enterprise.
Ensures alignment between the risk framework and the NFRMF for consistency and supports aggregation of results; reviews and challenges sub‑risks to keep the Non‑Financial Risk Profile aligned with business strategy.
Ensures appropriate actions are underway to manage significant Non‑Financial Risk exposures, providing challenge and oversight as appropriate.
Implements and maintains a monitoring, surveillance, and assessment function that provides reasonable assurance of compliance with relevant policies and frameworks.
Monitors Non‑Financial sub‑risks to ensure exposures remain within enterprise tolerances and recommends corrective actions to the Operating Group or Corporate Services when outside established limits.
Reviews and recommends changes to processes or procedures, overseeing significant business‑unit corrective actions as necessary.
Reports an independent Non‑Financial Risk Profile for their sub‑risk category or as required by the NFRMF.
Leads operational NFR risk oversight, establishing understanding of internal and external NFR risks that can impact the organization’s overall business and value chain.
Assesses and enhances the organization’s NFR sub‑risk capability maturity, maintaining and updating risk models, and developing innovative assessment techniques.
Provides independent expertise during maturity reviews, preparing assessments of maturity levels and developing reports for senior management; identifies alternative mitigation approaches and advises business and stakeholder leadership on trade‑offs.
Speaks authoritatively with regulatory officials regarding controls, the risk‑management framework, and emerging threats and challenges.
Collaborates with corporate areas, technology, Lines of Business, and other risk‑management offices to support evaluations of NFR sub‑risk capability maturity and offers independent advice for further development.
Brings clarity of roles and accountabilities within the organization, refining team and portfolio structure.
Manages independent evaluations of information security, cybersecurity, cloud, and technology capabilities, providing expertise on accelerating cyber maturity.
Identifies and develops quantitative assessment of vulnerabilities, risks, and remediation strategies, providing insights to senior leaders, regulatory agencies, and the Board of Directors as needed.
Drives a risk‑management focus with a customer/resilience lens that promotes the bank’s digital strategy while maintaining soundness.
Stays current on emerging NFR sub‑risk threats and mentors junior team members.
Collaborates effectively with stakeholders across multiple organizations to achieve objectives.
Leads program‑related activities and deliverables, ensuring effective collaboration within the team and across stakeholder groups.
Ensures initiatives are compliant with regulatory standards and corporate policies, understanding potential impacts on profitability and reputation.
Manages key NFR sub‑risks impacting operational and business functions.
Collaborates with business partners and Enterprise functions to design target state and interim NFR risk‑management tool architecture.
Drives the evolution and development of the NFR sub‑risk function, appetite view, and reporting requirements.
Leads development and implementation of key risk indicators (KRIs) and key performance indicators (KPIs) that are risk‑sensitive and adapt to new threats.
Promotes the Bank’s risk culture, ensuring employees understand accountability, fostering open communication, and establishing the tone from the top.
Complies with the Bank’s Risk Appetite framework, ensuring risk‑taking remains within agreed limits.
Models simplicity and productivity, driving continuous improvement across groups.
Activates a winning culture aligned with Purpose, igniting engagement to support strategy and execution.
Fosters diversity, equity, and inclusion, creating an inclusive environment by removing barriers.
Develops leaders, plans for succession, and fosters a high‑performance culture.
Drives top‑talent acquisition and retention, building organizational capabilities for competitive advantage.
Leads and mentors a diverse team of risk and business professionals.
Promotes and reinforces the Bank’s customer focus to support our vision.
Personally models customer focus.
Drives sustainable improvements in customer loyalty and business growth.
Adheres to and supports enterprise customer experience and brand standards.
Qualifications
An undergraduate degree is required; professional certifications (CISSP, CCSP, AWS CCP, etc.) beneficial.
15+ years of cyber security experience with at least five years of managing a team and influencing management and key stakeholders.
Experience working with technology in a large, complex, regulated financial-services enterprise.
Highly skilled NFR sub‑risk professional with a wealth of experience and a demonstrated ability to provide value‑added recommendations and deliver high‑impact results.
Proven ability to manage a team and work independently in a fast‑paced environment, able to contribute immediately.
Salary Base salary range for this position is $220,000 to 260,000 US.
Pay Type Salaried
BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans.
BMO is proud to be an equal employment opportunity employer. We evaluate applicants without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or any other legally protected characteristics. We also consider applicants with criminal histories, consistent with applicable federal, state and local law.
BMO is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e‑mail to BMOCareers.Support@bmo.com and let us know the nature of your request and your contact information.
#J-18808-Ljbffr
Provides oversight of 1st line activities establishing the risk frameworks required to mitigate Non‑Financial Risk exposures, ensuring compliance with regulatory requirements, Corporate Policies, Corporate Standards, and other directives.
Provides subject‑matter expertise, specialist support, and oversight for transactions and circumstances representing significant risk exposures to the Enterprise.
Ensures alignment between the risk framework and the NFRMF for consistency and supports aggregation of results; reviews and challenges sub‑risks to keep the Non‑Financial Risk Profile aligned with business strategy.
Ensures appropriate actions are underway to manage significant Non‑Financial Risk exposures, providing challenge and oversight as appropriate.
Implements and maintains a monitoring, surveillance, and assessment function that provides reasonable assurance of compliance with relevant policies and frameworks.
Monitors Non‑Financial sub‑risks to ensure exposures remain within enterprise tolerances and recommends corrective actions to the Operating Group or Corporate Services when outside established limits.
Reviews and recommends changes to processes or procedures, overseeing significant business‑unit corrective actions as necessary.
Reports an independent Non‑Financial Risk Profile for their sub‑risk category or as required by the NFRMF.
Leads operational NFR risk oversight, establishing understanding of internal and external NFR risks that can impact the organization’s overall business and value chain.
Assesses and enhances the organization’s NFR sub‑risk capability maturity, maintaining and updating risk models, and developing innovative assessment techniques.
Provides independent expertise during maturity reviews, preparing assessments of maturity levels and developing reports for senior management; identifies alternative mitigation approaches and advises business and stakeholder leadership on trade‑offs.
Speaks authoritatively with regulatory officials regarding controls, the risk‑management framework, and emerging threats and challenges.
Collaborates with corporate areas, technology, Lines of Business, and other risk‑management offices to support evaluations of NFR sub‑risk capability maturity and offers independent advice for further development.
Brings clarity of roles and accountabilities within the organization, refining team and portfolio structure.
Manages independent evaluations of information security, cybersecurity, cloud, and technology capabilities, providing expertise on accelerating cyber maturity.
Identifies and develops quantitative assessment of vulnerabilities, risks, and remediation strategies, providing insights to senior leaders, regulatory agencies, and the Board of Directors as needed.
Drives a risk‑management focus with a customer/resilience lens that promotes the bank’s digital strategy while maintaining soundness.
Stays current on emerging NFR sub‑risk threats and mentors junior team members.
Collaborates effectively with stakeholders across multiple organizations to achieve objectives.
Leads program‑related activities and deliverables, ensuring effective collaboration within the team and across stakeholder groups.
Ensures initiatives are compliant with regulatory standards and corporate policies, understanding potential impacts on profitability and reputation.
Manages key NFR sub‑risks impacting operational and business functions.
Collaborates with business partners and Enterprise functions to design target state and interim NFR risk‑management tool architecture.
Drives the evolution and development of the NFR sub‑risk function, appetite view, and reporting requirements.
Leads development and implementation of key risk indicators (KRIs) and key performance indicators (KPIs) that are risk‑sensitive and adapt to new threats.
Promotes the Bank’s risk culture, ensuring employees understand accountability, fostering open communication, and establishing the tone from the top.
Complies with the Bank’s Risk Appetite framework, ensuring risk‑taking remains within agreed limits.
Models simplicity and productivity, driving continuous improvement across groups.
Activates a winning culture aligned with Purpose, igniting engagement to support strategy and execution.
Fosters diversity, equity, and inclusion, creating an inclusive environment by removing barriers.
Develops leaders, plans for succession, and fosters a high‑performance culture.
Drives top‑talent acquisition and retention, building organizational capabilities for competitive advantage.
Leads and mentors a diverse team of risk and business professionals.
Promotes and reinforces the Bank’s customer focus to support our vision.
Personally models customer focus.
Drives sustainable improvements in customer loyalty and business growth.
Adheres to and supports enterprise customer experience and brand standards.
Qualifications
An undergraduate degree is required; professional certifications (CISSP, CCSP, AWS CCP, etc.) beneficial.
15+ years of cyber security experience with at least five years of managing a team and influencing management and key stakeholders.
Experience working with technology in a large, complex, regulated financial-services enterprise.
Highly skilled NFR sub‑risk professional with a wealth of experience and a demonstrated ability to provide value‑added recommendations and deliver high‑impact results.
Proven ability to manage a team and work independently in a fast‑paced environment, able to contribute immediately.
Salary Base salary range for this position is $220,000 to 260,000 US.
Pay Type Salaried
BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans.
BMO is proud to be an equal employment opportunity employer. We evaluate applicants without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or any other legally protected characteristics. We also consider applicants with criminal histories, consistent with applicable federal, state and local law.
BMO is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e‑mail to BMOCareers.Support@bmo.com and let us know the nature of your request and your contact information.
#J-18808-Ljbffr