Senior Security Analyst, Test Validation
The Financial Crimes Unit (FCU) brings together our Cybersecurity, Fraud and Physical Security capabilities to address the ever-growing and increasingly complex global security environment. It is a highly collaborative effort that greatly enhances BMO's ability to rapidly prevent, detect, respond to, and recover from all security threats. This position offers a unique experience to learn from experienced leaders in the industry, join a team building the 21 st century model for security and helping grow the good by protecting our customers and communities.
Testing Validation Analyst is responsible for providing day-to-day oversight and execution of the 1B Test Validation activities in alignment with the broader 1B function which facilitates independent periodic review of metrics, risk assessments and testing areas across Technology, Information Security and Enterprise Data &AI (EDAI).
The Test Validation Analyst will work with Test Validation Lead to execute reviews of IT general controls, SOX and disaster recovery (DR) testing activities to determine whether control testing has been conducted in a complete, consistent and accurate manner. This role will support reporting to senior leaders to identify and track issues and the associated efforts to remediate concerns. ACCOUNTABILITIES
Qualifications KNOWLEDGE AND SKILLS Knowledge:
- Provides independent validation of Disaster Recovery TV and SOX IT General Controls for ITGC testing conducted across Information Security, Technology and EDAI.
- Ensures that validation activities cover all appropriate applications and controls.
- Interacts with appropriate teams in to facilitate supporting evidence to facilitate validation activities.
- Conducts detailed reviews in a constructive manner.
- Consolidates outcomes of the validation activities and report findings for stakeholders.
- Clearly communicate validation outcomes to stakeholders.
- Demonstrates understanding of business processes and capabilities being validated
- Champions and facilitates discussions supporting actions in areas needing improvement.
- Provide oversight to ensure identified remediation efforts are regularly reviewed and addressed.
- Propose enhancements / solutions that lead to risk reduction.
- Advises responsible management teams of risk issues and/or risk portfolio trends.
- Participates in support activities across the broader 1B team activities as needed.
- Possesses a university degree/college diploma in Information Security, Technology or Risk Management or equivalent work experience, and/or 5+ years of experience in IT audit, information security audit or related field.
- Financial industry experience preferred.
- At least 5 years of overall relevant experience in Info Security, IT Security, IT Risk Management, IT controls governance, Business Continuity / Disaster Recovery Planning
- Solid experience in IT controls mapping, Sarbanes-Oxley (SOX) IT general controls (ITGC) testing / re-testing, test validation, and reporting
- Working knowledge / experience with Disaster Recovery (DR) testing and test validation
- Ability to review, parse, filter, and report on large volumes of test results using calculations, scripts, pivot tables, macros, etc. in MS-Excel (or similar tool)
- Ability to compile reports for stakeholders such as, executives, Internal Audit, Technology owners, Application owners, etc.
- Possess strong working knowledge across ISO 27001:2. NIST CSF, SOX, CoBIT and ITIL frameworks
- Strong experience in facilitating periodic testing and validation review of metrics, IS and Technology controls, and DR activities.
- CISA, CISSP or other related professional security certifications
- Information technology/security subject matter expert on technical solutions, standards, process, procedures, compliance, risk and awareness.
- Possesses analytical and problem-solving skills
- Maintains an awareness of emerging Information Security technologies and industry trends
- Working knowledge of Archer GRC
- Project Management skills a plus
We're here to help
- Possesses expert communication skills, both written and verbal
- Strong collaboration skills
- Demonstrates expert leadership skills and capabilities
- Displays high ethics and trust values
- Ability to operate effectively in a matrix environment
At BMO we have a shared purpose; we put the customer at the centre of everything we do - helping people is in our DNA. For 200 years we have thought about the future-the future of our customers, our communities and our people. We help our customers and our communities by working together, innovating and pushing boundaries to bring them our very best every day. Together we're changing the way people think about a bank.
As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one - for yourself and our customers. We'll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we'll help you gain valuable experience, and broaden your skillset.
To find out more visit us at https://bmocareers.com .
BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other's differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.