Senior Manager, Insider Threat Monitoring

BMO Financial Group - Toronto, ON (30+ days ago)

Apply Now

302 Bay Street

Job Family Group:

The Financial Crimes Unit (FCU) brings together our Cybersecurity, Fraud and Physical Security capabilities to address the ever-growing and increasingly complex global security environment. It is a highly collaborative effort that greatly enhances BMO’s ability to rapidly prevent, detect, respond to, and recover from all security threats. This position offers a unique experience to learn from experienced leaders in the industry, join a team building the 21st century model for security and helping grow the good by protecting our customers and communities.

The BMO Information Security Technical Investigations team is looking for a Technical leader to lead the User and Behavioral monitoring team and drive the Insider Threat monitoring program.

In this exceptional opportunity, you will be responsible for monitoring incoming events utilizing the User and Entity Behavioral analytics, SIEM and associated platforms to triage, analyse and escalate incidents appropriately . You will have the unique opportunity to identify requirements for Insider Threat Monitoring, create and maintain watchlists for high risk insider activities, take pro-active and reactive action based on insider threat incidents, gather metrics, identify/ minimize risk from high risk users and entities, and implement technical and non-technical solutions while working with internal and external stakeholders in technology and business.

This is a technical leadership role with responsibilities to build out, operationalize and manage a strong UEBA platform capability at the Bank.

The BMO Insider Risk Management team is part of a 24x7 operations team that pro-actively looks for insider threats in the organization and finds ways to prevent, where possible, and monitor these identified threats through various technical means like UEBA, DLP etc., If you have a strong technical background, enjoy greenfield opportunities in getting tools tuned and increase the alert fidelity, like to work in a team environment you should apply for this role!.

***This role may require managing staff being on-call on a rotational monthly shift to address after-hour support needs of the organization.

Responsibilities :
Monitors, restores service, changes, supports and handles day-to-day activities 7/24/365 required to run the mission critical Information Security systems for BMO. Provides responsive customer service in support of cyber security.
Provides strategic input into business decisions as a trusted advisor.
Acts as a subject matter expert on relevant regulations and policies.
Helps determine business priorities and best sequence for execution of business/group strategy.
Acts as the prime subject matter expert for internal/external stakeholders.
Prepares and delivers presentations for senior management.
Leads the execution of operational programs; assesses and adapts as needed to ensure quality of execution.
Organizes efforts to ensure processes and procedures are well documented and promotes their implementation.
Leads the preparation of end user reference materials.
Gathers requirements and documents these requirements for use in various audits, reports, & projects.
Acts in a larger project planning capacity, audits the quality of reports submitted by analysts and provides related coaching and support.
Performs governance and oversight in support of the team, by producing and reviewing reports to ensure completeness and compliance to applicable standards.
Regularly evaluates and reports on the efficiency of business processes and procedures according to organizational objectives and applies improvements.
Leads customer support processes and organizes them to enhance customer satisfaction.
Collaborates in the management of financial information and adjustment of operational budgets to promote profitability.
Evaluates overall performance by gathering, analyzing and interpreting data and metrics.
Monitors & maintains security tools and applications.
Creates activity reports for security tools and applications.
Collaborates with internal and external stakeholders in order to deliver on business objectives and to support operational activities for Information Security.
Develops an understanding of organizational interactions and complexity to engage with the appropriate matrix areas.
Actions service requests, transactions, queries etc. within relevant service level agreements.
Coordinates and facilitates incident management activities. Includes deploying changes to the production environment and engaging 2rd party providers contracted to the Bank during an incident.
Recommends approaches or changes to streamline and integrates security processes and systems in the organization, while considering Information Security methodology to improve overall efficiency.
Provides technical Information Security subject matter expertise.
Identifies opportunities to strengthen the capability of the Information Security organization at BMO, such as: sharing expertise to promote technical development and mentoring employees.
Stays abreast of industry technical and business trends through participation in professional associations, practice communities and individual learning.
Ensures consistent, high quality practices/work and the achievement of business results in alignment with business/group strategies and with productivity goals.
Operates at a group/enterprise-wide level and serves as a specialist resource to senior leaders and stakeholders.
Applies expertise and thinks creatively to address unique or ambiguous situations and to find solutions to problems that can be complex and non-routine.
Implements changes in response to shifting trends.
Broader work or accountabilities may be assigned as needed.

Qualifications :
5-6 years of recent experience within SOC dealing with Triage, Analysis and Escalation phases of security incident management with specific focus on UEBA
Recent hands on experience in SIEM (Security Incident and Event Management) log management platform
3-5 years experience with scripting and expertise in various platforms including Powershell, Javascript, Python, scripting within Splunk, regular expression searches across a wide variety of platforms / log sources, basic SQL knowledge on database queries and data visualization
Strong knowledge and experience with basic and advanced networking principles / TCPIP troubleshooting
Ability to conduct real-time analysis and correlation on User and Entity Behavior analysis events
Ability to draft requirements, SOPs and define program model for Insider threat detection use cases. Ability to partner with peer teams and tune use cases to improve alert fidelity
Ability to correspond with internal employees as well as their managers, determining next steps and escalation paths based on incoming insider threat incidents
Knowledge of common UEBA, DLP platforms in the market and how they operate together

Ability to multi-task, maintain relationship with broader technical and non-technical teams and advance the Insider Risk program objectives

Ability to manage up to 5 staff in a 24x7 operational environment and provide technical guidance to the team managing the day-to-day operations
Typically 7+ years of relevant experience and a post-secondary degree in Business or Computer Science, or a related field of study or an equivalent combination of formal training, or industry / technical certifications or work experience.
Multiple information security certifications from a well-recognized institution (e.g. (ISC)2, ISACA, SANS).
Knowledge of information security processes, procedures and controls - In-depth/Expert.
Understanding and problem solving ability of information security issues across the bank and appreciation of the scope of complexity that exists in the operating environment and the ways which security platforms impact that environment - In-depth/Expert.
Understanding of industry standards and frameworks e.g. NIST Cyber Security Framework (CSF), ISO 27001 and 27002 - In-depth/Expert.
Experience in Information Security or with multiple areas of systems and computer operations (e.g. Identity & Access Management, IT operations, Certification & Key Management, Security Platform Administration, Security Incident Response)
Partnering, communication, and negotiation skills to communicate effectively within the team and with technology and business partners - In-depth/Expert.
Understands the scope of complexity that exists in the operating environment and the ways which security platforms impact that environment.
Knowledge of information security support and operations concepts, practices, concepts, and technology obtained through formal training and work experience.
Knowledge of information security processes, procedures and controls - In-depth/Expert.
Knowledge of the technical and business environment and the corporate processes and procedures - In-depth/Expert.
Understanding of information security risk and regulatory requirements - In-depth/Expert.
Seasoned professional with a combination of education, experience and industry knowledge.
Verbal & written communication skills - In-depth / Expert.
Analytical and problem solving skills - In-depth / Expert.
Influence skills - In-depth / Expert.
Collaboration & team skills; with a focus on cross-group collaboration - In-depth / Expert.
Able to manage ambiguity.
Data driven decision making - In-depth / Expert.

We’re here to help

At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.

As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.

To find out more visit us at .

BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.