This role is expected to deliver expert risk advice, credible challenge, and effective oversight of cybersecurity domains specific to Identity and Access Management (IAM) capabilities to identify, assess, control, and manage risk throughout the company. The role is critical in helping to ensure that the company's risk taking entities are aware of the IAM security risks inherent in their activities and decisions, the impact of their actions on the company at an enterprise level, and opportunities to reduce, mitigate, or avoid risks altogether. The role requires a skilled cybersecurity risk management professional who has a wealth of IAM experience across the IAM space, including access rights management, privileged access management, privileged user management, cloud IAM roles, secrets management, etc. The candidate should have a demonstrated ability to provide value-added recommendations and deliver high-impact results. This role will work closely with Cyber Security, Technology & Operations, and other risk management teams.
+ Serve in the 2nd Line of Defense (2LOD) risk oversight team and have a solid understanding of internal and external cyber risks from an IAM perspective.
+ Play a key role in assessing and enhancing the organization's cybersecurity IAM capability maturity, identifying and developing innovative risk assessment techniques, and incorporate data driven risk assessment that are end to end vs point in time.
+ Providing independent expertise during IAM capability maturity reviews, preparing independent assessments of maturity levels, and developing reports for senior management.
+ Identify and assess alternative approaches to risk mitigation as it relates to IAM functions and advise key stakeholders and leadership with respect to trade-offs.
**Essential Functions (Responsibilities):**
+ Provide subject matter expertise on the following:
+ IAM policies and procedures
+ IAM technology implementations
+ Privileged Access Management (PAM / Privileged User Management (PUM)
+ Multifactor Authentication (MFA) implementations
+ Secrets Management
+ User rights Management, certifications, recertification
+ Toxic pair definitions
+ Cloud IAM roles (AWS, Azure)
+ Metrics related to IAM
+ Review and provide challenge for the design, implementation, and operating effectiveness of on-premise and cloud IAM functions;
+ Review and provide challenge for security patterns for IAM functions;
+ Provide effective and pragmatic cyber security guidance up-front in major technology projects, to enable the business to innovate securely;
+ Work closely with Technology and Information Security, product and software development teams to assess IAM security controls, alignment to standards and recommend solutions and remediation in the cloud environment;
+ Identify improvement opportunities in the areas of process efficiency and security;
+ Participate in and review IAM risk assessments of new and existing technologies to identify risks and appropriate controls that balance security and operability;
+ Identify and develop quantitative assessments of vulnerabilities, risks and remediation strategies pertaining to IAM;
+ Stay current on emerging cyber threats and potential implications to the firm and mentor/coach more junior members of the team;
+ Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives;
+ Lead program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups;
+ Ensure that initiatives are compliant with regulatory standards and corporate policies, as well as with understanding and quantifying potential impact on profitability and firm reputation of these projects;
+ Continue the evolution and development of the Cyber Risk function and "appetite" view and the key risk reporting requirements;
+ Promote a strong risk management culture;Establish appropriate mitigating controls and assess the effectiveness of these controls;
+ Establish and maintain adherence to regulatory requirements and mitigation of Corporate Audit findings;
+ Establish appropriate mitigating controls and assess the effectiveness of these controls within the risk appetite
**Experience In The Following Is Required**
+ 9+ years of relevant experience and post-secondary degree in related field of study or an equivalent combination of education and experience.
+ Baseline security certification such as CISSP/CISM/CISA/cloud certification for Microsoft Azure/AWS or studying towards attaining the certification. Specific IAM certifications would be a plus
+ Candidates must have had exposure to technology in a large, complex, regulated financial services enterprise.
+ Familiarity with NIST 800-53, ISO 27001, and associated standards
+ Direct experience performing risk reviews or audits
+ Experience in IAM program development
+ Experience integrating new technologies with existing technologies
+ Experience implementing technologies with enterprise-wide impact
+ Possess a solid understanding of operations, technology, communications and processes
+ Ability to work in a fast paced, dynamic and changing environment while managing multiple projects simultaneously
+ Verbal & written communication skills
+ Analytical and problem solving skills
+ Influence skills
+ Collaboration & team skills; with a focus on cross-group collaboration
+ Able to manage ambiguity
+ Data driven decision making
+ Strong experience in IAM solution architecture and implementation, including AWS/Microsoft Azure
+ Passion and expertise in cybersecurity, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions
+ Execution oriented and a self-motivator
**We're here to help**
At BMO Harris Bank we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.
As a member of the BMO Harris Bank team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one - for yourself and our customers. We'll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we'll help you gain valuable experience, and broaden your skillset.
To find out more visit us at [ Link removed ] - Click here to apply to Lead - Identity and Access Management Oversight (2nd Line)
BMO Harris Bank is committed to an inclusive, equitable and accessible workplace. By learning from each other's differences, we gain strength through our people and our perspectives. BMO Harris Bank N.A. is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.
Note to Recruiters: BMO Harris Bank does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to BMO Harris Bank, directly or indirectly, will be considered BMO Harris Bank property. BMO Harris Bank will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for service to submit resumes.
- Business Process Improvement
- Certified Information Security Manager
- Certified Information Systems Security Professional