100 King Street West
Job Family Group:
The Financial Crimes Unit (FCU) brings together our Cybersecurity, Fraud and Physical Security capabilities to address the ever-growing and increasingly complex global security environment. It is a highly collaborative effort that greatly enhances BMO’s ability to rapidly prevent, detect, respond to, and recover from all security threats. This position offers a unique experience to learn from experienced leaders in the industry, join a team building the 21st century model for security and helping grow the good by protecting our customers and communities.
The Director, Advanced Threat Detection (L3) is responsible to lead, support and manage the 24 x 365 delivery of Advanced Threat Detection services to proactively hunt for cyber threats that are undetected by current security tools, analyze malware samples, perform forensic analysis, and provide incident response support for junior teams. The Director, Advanced Threat Detection is also accountable to drive continuous development and enhancement of the Advanced Threat Detection service through management of the Advanced Threat Detection program roadmap, budget, resourcing, and mentorship of team resources to consistently deliver excellence.
Leads the execution of the Cyber Security Operations Centre’s Advanced Threat Detection service line; assesses and adapts as needed to ensure quality of execution
Monitors and evaluates overall performance by gathering, analyzing and interpreting data and metrics.
Manages the effective delivery of Advanced Threat Detection services through mentorship of Advanced Threat Detection specialists.
Provides subject matter expertise and guidance for development of threat hunting models and hypotheses, and execution of threat hunting missions to proactively identify threats within BMO
Provides subject matter expertise and guidance for effective static and dynamic analysis of malware samples, and reverse engineering of advanced samples to enable incident responders within BMO
Provides subject matter expertise and guidance for effective forensic analysis for all BMO technology assets (workstations, servers, mobile devices, etc.) to enable incident responders within BMO
Develops, maintains, and tracks execution against monthly, quarterly and annual milestones and goals to develop and enhance the effectiveness of the Advanced Threat Detection team.
Creates and documents operating processes and procedures used by the team to deliver Advanced Threat Detection services
Collaborates with internal and external stakeholders in order to deliver on business objectives and to support operational activities for Information Security.
Ensures that the CSOC ATD team actions service requests, transactions, queries etc. within relevant service level agreements.
Coordinates and facilitates incident response activities. Includes deploying changes to the production environment and engaging 3rd party providers contracted to the Bank during an incident.
Recommends approaches or changes to streamline and integrates security processes and systems in the organization, while considering Information Security methodology to improve overall efficiency.
Provides technical Information Security subject matter expertise.
Identifies opportunities to strengthen the capability of the Information Security organization at BMO, such as: sharing expertise to promote technical development and mentoring employees.
Ensures consistent, high quality practices/work and the achievement of business results in alignment with business/group strategies and with productivity goals.Acts as a trusted advisor to senior leaders for making business decisions and implementing strategic initiatives.
Acts as a subject matter expert on relevant regulations and policies.
Networks with industry contacts to gather competitive insights and best practices.
Recommends measures to improve organizational effectiveness.
Provides advice, expertise, counsel and support to senior leaders as input to business decisions and medium to long term strategic planning and roadmaps
Acts as the prime contact for internal/external stakeholder relationships, which may include regulators.
Prepares and delivers presentations for senior leadership.
Recommends and sets strategic goals and budget for operational activities.
Plans and controls unit operating expenses in accordance with forecasts.
Ensures processes and procedures are well documented and promotes their implementation.
Ensures governance and oversight activities in place to ensure team efficiency and effectiveness and compliance to applicable
Regularly evaluates and reports on the efficiency of business processes according to organizational objectives and applies improvements.
Assesses and adapts existing operational programs; develops new capabilities to ensure ongoing success.
Assist with the documentation of procedures and processes or in the preparation of end user materials
Typically 9+ years of relevant experience and in Business or Computer Science, or a related field of study or an equivalent combination of formal training, or industry / technical certifications or work experience.
Multiple Information Security certifications from a well-recognized institution (e.g. (ISC)2, ISACA, SANS). Additional certifications in related fields preferred.
Expert knowledge of Information Security operations – including processes, procedures, and performance/ operation metrics
Expert knowledge of information security processes, procedures and controls
Expert knowledge of hypothesis-based threat hunting theory, processes and execution within an enterprise environment
Expert knowledge of malware analysis processes and execution in support of incident response activities
Expert knowledge of forensic analysis processes and execution in support of incident response activities
Minimum 7 years of Enterprise Incident Response and/or Security Operations Centre experience
Minimum 7 years of experience with standard Enterprise-class security stack (Firewall, IDS/IPS, Antivirus, SIEM, Web Proxy, Web Application Firewall)
Functional knowledge of Cyber Security and Incident Response foundations, theory, terminology (Kill Chain, TTPs, APT, Threat Hunting)
>3 year operational experience with Splunk, ELK/Elastic, or similar log aggregation and log analysis platforms
>3 year operational experience with the following advanced capabilities:
- Malware Reverse Engineering
- Advanced Dynamic Malware Analysis via Debugging
- Network Forensics via Packet Inspection & Analysis
- Malware Traffic Decryption
- Malware Packer Reversal
Breach-class Incident Response Experience (Scoping, Sweeping, Containment, Remediation Planning)
Understanding and problem solving ability of information security issues across the bank and appreciation of the scope of complexity that exists in the operating environment and the ways which security platforms impact that environment - Expert.
Understanding of industry standards and frameworks e.g. NIST Cyber Security Framework (CSF), ISO 27001 and 27002 - Expert.
Experience in Information Security or with multiple areas of systems and computer operations (e.g.Identity & Access Management, IT operations, Certification & Key Management, Security Platform Administration, Security Incident Response)
Expert partnering, communication, and negotiation skills to communicate effectively within the team and with technology and business partners
Understands the scope of complexity that exists in the operating environment and the ways which security platforms impact that environment.
Expert knowledge of information security support and operations concepts, practices, concepts, and technology obtained through formal training and work experience.
Expert knowledge of the technical and business environment and the corporate processes and procedures
Expert understanding of information security risk and regulatory requirements
Seasoned expert with extensive industry knowledge
Technical leader viewed as a thought leader for innovation.
Expert verbal & written communication skills
Expert analytical and problem solving skills
Expert influence skills
Expert collaboration & team skills; with a focus on cross-group collaboration
Able to manage ambiguity.
Expert in data driven decision making
We’re here to help
At BMO we are driven by a shared Purpose:
Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.
As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.
To find out more visit us at https://bmocareers.com .
BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.