Global Information & Technology Risk Management (GITRM) is a division of BMO that combines Information Security, Information Management and Technology Risk into a comprehensive department. GITRM’s mandate is to provide sound governance and guidance on information and technology risk and to provide critical services central to protecting the Bank against cyber threats. The core principle of Information Security is to protect the confidentiality, integrity, and availability of information. GITRM achieves this through the development and implementation of strategies, investment plans, services and solutions that support and enable BMO lines of business to operate securely in an increasingly connected global environment.
- Setting and driving adoption of the overall strategy for information and technology risk, including cyber security for the Bank
- Establishing and providing governance over the policies, standards, and directives that guide the lines of business in protecting their information and technology assets within the boundaries of their risk appetite
- Delivering enterprise solutions and services that support the cyber security strategy in a timely and cost effective manner
Develops and implements Information Security platform/infrastructure strategies for the Bank
Develops, tests and implements information security platforms/infrastructures for BMO. Provides cybersecurity subject matter expertise and advanced technical support. Builds the plans and roadmaps for future-focused IS solutions based on technical and business strategies, organizational growth and anticipated changes in the threat landscape.
• System Engineering:
Works with stakeholders to recommend information security solutions based on engineering requirements. Ensures that information security systems and infrastructure align with business value and are technically sound and well-integrated.
• Production Support:
Responsible for timely response to escalations of critical issues to evaluate solutions, coordinate recovery and ensure resolution.
Computer Science, Engineering, Information Systems, Information Security and/or equivalent formal training plus industry/technical certifications.
Technical and system-level expertise in one or more information security solutions and/or extensive background in IT design and engineering.