Jobs for Veterans, Veteran Job Board |

Post Jobs

Job Information

BMO Financial Group Information Security Policy and Standards Advisor in Chicago, Illinois


The Information Security Policies and Standards (ISPS)Advisor is accountable to ensure that information security requirements withinBMO are identified, assessed and documented, with appropriate controls inplace. Ensuring that documentation comply with internal BMO InformationSecurity (IS) Corporate Policy and Standards as well as alignment with industrybest practice frameworks (ie. NIST, ISO) and regulatory requirements. Inaddition, the Advisor is expected to act as the lead resource reporting intothe Sr. Manager of IS Policies and Standards, providing global risk andcompliance (GRC) consulting and advisory services.

We’re looking for enthusiastic individuals with a passion toinnovate and find creative approaches to execute this function. Connecting withindustry leaders and peers to improve the effectiveness of this function.

Consulting and Advisory

Reporting, Governance and Control

Training and Awareness



Consulting and Advisory:

  • Work closely with portfolio personnel, stakeholders, andsenior management to identify improvements to Information Security relatedpolices and standards.

  • Understand business, local and Information Securitystrategies as they relate to the portfolio.

  • Translatehigh level corporate information security policy requirements into granular ISmanagement standards and operating directives.

  • Act aslead resource to support Management, track and maintain currency of existing ISmanagement standards and operating directives. Ensure continual alignment ofstandards to regulatory requirements and industry best practices

  • Initiateand lead collaborative working sessions with key stakeholders across theenterprise to solicit input / feedback and obtain consensus on new or revisedIS standards and directives

  • Supportthe development and maintenance of internal process documentation to ensurethese documents across all US CISO & Enterprise IS Programs teams are consistentin their content and quality

  • Helpdeliver effective performance and risk metrics

  • Provideleadership in identifying risk exposure, championing best practices andimplementing continuous process improvement initiatives.

  • AssistManagement with data gathering evidence for audits and regulatory reviews, aidin the resolution of security issues / findings.

  • Evaluateand assess emerging security threats and vulnerabilities in portfolio and workwith leadership to develop appropriate documentation and requirements.

  • Delivereffective execution of all processes in order to meet productivity, qualityservice and business goals.

  • Providesstrong SME consultation and guidance to a multi-disciplinary, professional teamof contractors and employees.

  • Be anadvocate for IS solutions and standards.

Reporting, Governance andControl:

  • Identify and report IS trends by reviewing ISPS Teamportfolio and compliance risks to generate reports.

  • Consolidate, interpret and report key information securityrisk, trends for the portfolio and understand effectiveness of requirements inmanaging the key risks.

  • Support implementation of information security riskgovernance and control processes within the ISPS Team that incorporates aconsistent, sustainable methodology for identifying, assessing, and documentinginformation security Standards that provides early warning of potential gaps ininformation security requirements.

  • Monitors due diligence of information security Policies andStandards on an ongoing basis

  • Encourage compliance to standards specific to the localorganization, consistent with IS policies and guidelines, and with T&Ocontrol frameworks

  • Review and provide recommendations to IS policies,standards, guidelines/ processes.

  • Escalate IS potential or unresolved issues tomanagement for resolution as appropriate

Training and Awareness:

  • Participate and facilitate communication, and training,to promote effective Information Security awareness of Policies andStandards

  • Influence processes for adoption of the requirements withinthe local organization, leveraging existing programs where available.

  • Promoting awareness and knowledge of good InformationSecurity practices in the general

  • Encourage local organizations in developing cascadingprocess documents that align to overarching policies and standards andimplementing their own unit or role specific Information Security training andawareness programs as appropriate.




Post-secondary education in Information Security, Information Technology, Risk Management or a related discipline or equivalent combination of education and on-the-job experience

  • 6 years of working experience in information security

  • Strong knowledge of information security and industry best practices

  • Previous experience in writing or contributing to the creation of IS security standards and policies

  • Previous experience in addressing audit and regulatory requirements

  • Familiarity with security and privacy legislation, regulation and industry standards impacting global financial institutions

  • At least 1 industry certification related to the information security field is preferred (e.g. CISSP, CISA, CISM, CRISC)

  • Experience working in a large financial institution preferred


  • Highly developed oral and written communication skills, ability to express oneself and communicate effectively at all levels within the organization

  • Strong ability to negotiate / facilitate & influence discussions with senior leaders

  • Strong collaboration and relationship management skills

  • Advanced presentation skills

  • Strong analytical and organizational skills

  • Good problem solving and risk analysis skills

  • Good consulting and leadership skills

We’re here to help

At BMO we have a shared purpose; we put the customer at the centre of everything we do – helping people is in our DNA. For 200 years we have thought about the future—the future of our customers, our communities and our people. We help our customers and our communities by working together, innovating and pushing boundaries to bring them our very best every day. Together we’re changing the way people think about a bank.

As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.

To find out more visit us at

BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process.

Job Field:

Information Security

Job Schedule:


Primary Location:

United States-Illinois-Chicago