Specialist III-IC Information Security Consulting

at  BMO Financial Group

100 King Street West Toronto Ontario,M5X 1A1
Provides information security consulting services for all of BMO, especially about client assessment requests, regulatory responses, and information security industry certifications. Delivers timely responses to requests regarding the BMO Cyber Security Program for prospective and existing clients as well as regulators within the BMO footprint. Offers advice on security language during contract reviews. Maintains required documentation and governance oversight for ongoing certification and cyclical audits of ISO27001:2022, NYDFS Part 500 Cyber Security Requirements, etc.
Builds exceptional relationships with internal and external stakeholders and delivers impeccable customer service. Provides thought leadership, and promotes new processes methodologies, and emerging technologies, with an eye toward continuous improvement of processes and procedures.

QUALIFICATIONS:

• Typically between 4 - 7 years of relevant experience and a post-secondary degree in Information Security, Computer Science, Engineering, and/or Information Systems or a related field of study or an equivalent combination of education and experience.
• Preference for candidates who have at least one certification in a related field, with a strong preference for Information security certifications from a well-recognized institution (e.g. (ISC)2, ISACA, SANS)
• Understanding of industry standards and frameworks e.g. NIST Cyber Security Framework (CSF), ISO 27001 and 27002, Payment Card Industry (PCI) Data Security Standard (DSS), etc. - In-depth
• Experience in information security concepts and methodology
• Knowledge of business analysis, project delivery practices, and standards across the project lifecycle - In-depth
• Knowledge of information security processes, procedures, and controls - In-depth.
• Understanding of and problem-solving ability for information security issues within their business group - Working
• Understanding of information security risk and regulatory requirements - Working
• Deep knowledge and technical proficiency gained through extensive education and business experience
• Verbal & written communication skills - In-depth
• Collaboration & team skills - In-depth
• Analytical and problem-solving skills - In-depth
• Influence skills - In-depth
• Data-driven decision-making - In-depth

• Acts as a trusted advisor to internal and external customers
• Assists in the development of strategic plans
• Understands and can explain to others the core processes, risks, and mitigation techniques for designated areas
• Creates professional presentations and delivers them in a meaningful and concise way to internal and external audiences, including management
• Maintains Statement of Applicability for ISO 27001:2022 certification
• Prepares and maintains impactful metrics to articulate service value
• Promotes process improvements and methodologies; keeps emerging information security issues and trends in mind and ensures standards are followed
• Breaks down strategic problems, and analyses data and information to provide insights and recommendations
• Tracks metrics and milestones, providing recommendations for resolution and escalating as appropriate when issues arise
• Gathers, examines, and interprets data and information to extract meaningful insights, answer business questions, and provide actionable recommendations
• Provides specialized consulting, analytical and technical support
• Exercises judgment to identify, diagnose, and solve problems within given rules.
• Works independently and regularly handles non-routine situations
• Broader work or accountabilities may be assigned as needed