Managing Director - InfoSec Technology Risk

Operational Non-Financial Risk Leader

Identifies, assesses, remediates and reports of all non-financial risks related to their area of expertise and ensures these risks are managed within the Risk appetite of the Bank. Delivers expert advice, credible challenge, and effective oversight across to identify, assess, control, and manage these risks throughout the company. Provides strategic future forward vision of the required maturity of these risk domains leveraging more predictive analytics. Plays a critical role in ensuring the company's risk-taking entities are aware of the risks inherent in their activities and decisions, the impact of their actions on the company at an enterprise level, and opportunities to reduce, mitigate, or avoid risks altogether. As an Operational NFR leader, works closely with colleagues across ERPM and with other businesses and functions across the enterprise.

Key Accountabilities

• Provides oversight over 1st line activities establishing the risk frameworks required to mitigate Non-Financial Risk exposures, to comply with regulatory requirements, Corporate Policies, Corporate Standards and other published directives that support these policies and standards
• Provides subject matter expertise, specialist support, and oversight for transactions and circumstances representing significant risk exposures to the Enterprise.
• Ensures alignment between their respective risk framework and the NFRMF for consistency and to support the aggregation of results; reviews, provides Effective Challenge and monitors their respective sub-risks so that Non-Financial Risk Profile is consistent with business strategy
• Ensures appropriate actions are underway to manage significant Non-Financial Risk exposures, providing Effective Challenge and oversight as appropriate.
• Implements and maintains an appropriate monitoring, surveillance and / or assessment function that provides reasonable assurance of compliance with their respective policies and frameworks
• Monitors non-financial sub-risks to ensure exposures are within Enterprise Non-Financial Risk tolerances and recommends corrective actions to be taken by Operating Group / Corporate Services when outside the established tolerances
• Reviews and recommends changes to processes or procedures, and oversees any significant business unit corrective actions, as necessary
• Reports an independent Non-Financial Risk Profile for their Non-Financial sub-risk category, or as required by the NFRMF
• Serves as a leader in the Operational NFR risk oversight team, establishing a solid understanding of internal and external NFR risks within their area of expertise that can impact the organization's overall business and value chain.
• Plays a key role in assessing and enhancing the organization's NFR sub-risk capability maturity and maintains and updates risk models, identifying and developing innovative risk assessment techniques, and incorporates data driven risk assessment that are end to end vs point in time.
• Develop and implement mechanisms to identify emerging trends and best practices in technology cyber risk management, leveraging resources / industry trends; Experience with quantifiable metrics and key performance indicators (KPIs) and key risk indicators (KRIs) to objectively measure program effectiveness / identify areas for improvement.
• Provides independent expertise during capability maturity reviews, preparing independent assessments of maturity levels, and developing reports for senior management. Identifies and assesses alternative approaches to risk mitigation and advises the business and stakeholder leadership with respect to trade-offs.
• Speaks authoritatively with regulatory officials with respect to existing controls, the risk management framework overall, and emerging threats and challenges
• Facing experience with OCC / FRB or other oversight regulatory bodies, oversee regulatory compliance requirements, lead supervised regulatory MRA remediations.
• As part of the second line of defense, collaborates closely with associates' corporate areas, technology, Lines of Business, and other risk management offices to perform and support evaluations of the firm's NFR sub-risk capability maturity levels and offers independent advice and recommendations regarding ways to further mature the firm's risk management capabilities. Contributes to the identification and analysis of new or emerging NFR sub-risks to the enterprise, and aid in integrating capabilities maturity assessment activities with other risk management programs across the enterprise.
• As a member of an evolving organization, brings clarity of roles and accountabilities within the organization structure and refines team and portfolio
• Manage the conduct of independent evaluations of the firm's information security, cybersecurity, cloud and technology capabilities, and provide expertise and advice on accelerating maturity of the firm's cyber capabilities
• Identifies and develops quantitative assessment of vulnerabilities, risks and remediation strategies, providing insights to senior leaders and other stakeholders including regulatory agencies and the Board of Directors, as needed
• Drives a risk management focus taking a customer / resilience lens that promotes banks digital strategy while maintaining soundness of the bank
• Stays current on emerging NFR sub-risk threats and potential implications to the firm and mentors / coaches more junior members of the team
• Collaborates effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives
• Leads program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups
• Ensures initiatives are compliant with regulatory standards and corporate policies, as well as with understanding and quantifying potential impact on profitability and firm reputation of these projects.
• Understands, reviews and help manage and mitigate key NFR sub-risks that impact the operational and business functions of the organization
• Collaborates with business partners and Enterprise functions to design target state and interim NFR risk management tool architecture.
• Drives the evolution and development of the NFR sub-risk function and "appetite" view and the risk reporting requirements.
• Leads the development and implementation of key risk indicators (KRI's), key performance indicators (KPI's) that are risk sensitive and adapting as new threats emerge.
• Within the mandate of this role, promotes and supports the Bank's risk culture including ensuring employees understand their accountabilities for risk-taking activities, promoting an environment of open communication and effective challenge, and establishing the "tone from the top" through leading by example.
• Complies with the Bank's Risk Appetite framework and ensures risk-taking activities remain within agreed limits and comply with all regulatory requirements.
• Role models driving simplicity and productivity enhancements for optimization across groups driving continuous improvement on key measures.
• Activates our winning culture, aligned with Purpose. Ignites engagement by aligning our culture to our strategy and fueling exceptional execution.
• Fosters diversity, equity and inclusion and creates an inclusive environment for all employees by eliminating barriers to inclusion.
• Develops leaders, plans for succession, and fosters a high-performance culture.
• Drives top talent acquisition and retention, developing organizational capabilities to drive competitive advantage.
• Leads and mentors a team with diverse risk and business experience, skills and orientation.
• Leads, promotes and reinforces the Bank's customer focus to support our vision.
• Personally, role models customer focus.
• Drives sustainable improvements in customer loyalty and business growth.
• Adheres and supports enterprise customer experience and brand standards
• Qualifications :
• An undergraduate degree is required; Professional certifications (CISSP, CCSP, AWS CCP, etc.) beneficial
• 15+ years of cyber security experience with at least five years of managing a team and influencing management and key stakeholders.
• Candidates must have had exposure to technology in a large, complex, regulated financial services enterprise.
• Must be highly skilled NFR sub-risk professional who has a wealth of experience and a demonstrated ability to provide value added recommendations and deliver high-impact results.
• Proven ability to manage a team and work independently in a fast-paced environment and can begin contributing immediately
• Leverage strong investigative, problem-solving, and decision-making skills to resolve complex risk and compliance issues, driving informed decisions and effective mitigation strategies,
• Strong technical acumen in 2 or more areas : cybersecurity, technology, data protection, Identity Access Management, Infrastructure
• Salary :
• Pay Type :
• Salaried

The above represents BMO Financial Group's pay range and type. Salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role, and may include a commission structure. Salaries for part-time roles will be pro-rated based on number of hours regularly worked. For commission roles, the salary listed above represents BMO Financial Group's expected target for the first year in this position. BMO Financial Group's total compensation package will vary based on the pay type of the position and may include performance-based incentives, discretionary bonuses, as well as other perks and rewards.

BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans.