BMO Financial Group Security Architect -Customer Identity and Access Management in Chicago, Illinois


Global Information & Technology Risk Management (GITRM) is a division of BMO that takes care of Information Security matters. GITRM’s mandate is to provide sound governance and guidance on information security risk and to provide critical services central to protecting the Bank against cyber threats. The core principle of Information Security is to protect the confidentiality, integrity, and availability of information. GITRM achieves this through the development and implementation of strategies, investment plans, services and solutions that support and enable BMO lines of business to operate securely in an increasingly connected global environment.

This includes:

  • Setting and driving adoption of the overall strategy for information security risk, including cyber security, for the Bank

  • Establishing and providing governance over the policies, standards, and directives that guide the lines of business in protecting their information assets within the boundaries of their risk appetite

  • Delivering enterprise solutions and services that support the cyber security strategy in a timely and cost effective manner

Common Accountabilities

  • Success at BMO is driven by our focus on customers, effective financial management and risk & control as well as living Being BMO every day. The following statements for customer, financial, risk and change/improve apply to every job within Information Security.


  • Create & operate stable, optimized, and efficient solutions in consideration of the customer experience and business strategies

  • Embrace and work effectively in a strong customer-centric team-oriented environment


  • Meet our financial objectives

  • Run an efficient and effective information security function which uses common assets, reduces ongoing costs and increases service level performance


  • Promote a strong risk management culture

  • Establish appropriate mitigating controls and assess the effectiveness of these controls


  • Continuously learn and make changes that improve personal and team effectiveness

  • Make recommendations to improve BMO processes and systems

  • Creates a visionary architecture roadmap and organizational strategy for Customer Identity and Access Management (CIAM) to align Business and IT; leads and facilitates the design and implementation of security solutions and processes related to the CIAM technology architecture.


Defines the principles, standards and guidelines focusing on establishing security controls and architecture from a CIAM perspective for all in-scope applications. Partners with broader stakeholders in technology and business in defining secure architecture for any new solutions and products chosen in support of CIAM.

Inventory and scope:

Work with business to understand current controls for applications; understand current control deficiencies for applications, understand the interfaces and data flows for these applications, Risk rank the applications for prioritization.

Build Control Operating Procedures (COP) and Security requirements:

Establish COP to support the CIAM Management standard based on industry recommendations and known control deficiencies of applications.

Threat Modelling:

Ensuring any Threat intelligence data is used to establish a threat model which can then be used to architect the authentication requirements for the applications.

Security requirements for product selection:

Establish product evaluation criteria and help screen or perform due diligence on potential products to be used for CIAM initiative.


Computer Science, Engineering, Information Systems.


Deep technical and system-level expertise in one or more areas in information security, at a minimum including Security architecture, application security, threat modelling, etc.

Security Architect

Key Accountabilities

  • Create secure architecture strategies for the designated portfolio and scope.

  • Provide sufficient guidance for the secure implementation of solutions to mitigate any negative impact on Technology and Enterprise budget.

  • Identifies risks or issues with technology solution & design which may impact realization of project benefits and provide guidance and support to stakeholders in making good decisions to pro-actively resolve or mitigate potential risks/delays to the project.

  • Participates in the system specification review process to ensure system requirements can be translated into secure software architecture.

  • Identifies and researches relevant technologies, performs Proof of Concepts / Prototypes, and recommends applications of such technologies to future product architectures.

  • Provides input into the preparation of business case.

  • Proactively identifies and implements strategies to improve reliability, leveraging automation wherever possible.

  • Seeks to integrate digital methods for agile, rapid prototyping, and for customer involvement.

  • Leverage metrics and analytics to gain insight for planning, design and management to facilitate the identification of improvement opportunities.

  • Designs and oversees implementation of end-to-end integrated solutions.

  • Develops a deep understanding of organizational complexity to build strong rapport with the appropriate matrix areas for the construction and delivery of the solution.

  • Ensures that chosen technology is flexible, supportable and requires minimal maintenance.

  • Ensures the tactical implementation of the computing styles and architecture.

  • Provides security review and guidance for projects driven by groups outside of Information Security, specifically developing security requirements and developing secure designs, standards and controls

  • Assists in the development of Information Security management standards and roadmaps

  • Reviews architectural designs and makes recommendations for improvements

  • Participates in Information Security projects throughout the entire project lifecycle

  • Authors security standards and procedures

  • Acquires a complete understanding of a company’s technology and information systems.

  • Plans, researches, and designs robust security architectures, standards, systems and authentication protocols for any IT project.

  • Performs reviews of vulnerability testing, risk analyses and security assessments.

  • Prepares system security reports by collecting, analyzing, and summarizing data and trends.

Creates and maintains current state of architecture in his/her area which includes:

  • Applications

  • Data

  • Technologies

  • Processes

  • Users


  • Identifies opportunities to strengthen the capability of the technology organization at BMO, such as: sharing architectural expertise to promote technical development, mentoring employees, building communities of practice and networks across technology.

  • Stays abreast of industry technical and business trends through participation in professional associations, practice communities & individual learning.

  • Provides architectural expertise & domain knowledge to advise & guide senior leaders.


Core Knowledge

  • Expert knowledge of computer or network systems, hardware and software theory, practice, concepts and technology relevant to organizational vision.

  • Sufficient business knowledge to assess impact of applied technology on customer’s business processes.

  • Knowledge of project management methodology and its applicability to successful delivery of technical change.

  • Understands the strategic technical direction of:

  • Middleware

  • Continuous Integration and Continuous Deployment

  • Testing

  • Systems Mgmt.

  • Enterprise Data & Access Layers

  • Pertinent Styles of computing

  • Actively participates in architecture governance (may be as a non-voting member)

  • Actively participates in setting technical direction of the styles of computing

  • Actively participates in checkpoint and design reviews

  • Possesses a deep understanding and problem solving ability of Information Technology of various scale, degree and dimension of complexity

  • Proficient in the techniques that go into producing designs of complex systems, including requirements discovery and analysis, formulation of solution context, identification of solution alternatives and their assessment, technology selection, and design configuration.

  • Familiar with network protocols and networking infrastructure.

  • Working knowledge of Information Security risk, and industry best practices with minimum of 10 years relevant experience

  • Working knowledge of the technical areas such as data warehouses, mainframes, networks, applications etc.

  • Knowledge of Corporate Policies, Standards, and operating procedures relating to information security risk

  • Working knowledge of the technology domain the architecture is being developed for. E.g. Databases, Product, Service, etc.

We’re here to help

At BMO Harris Bank we have a shared purpose; we put the customer at the center of everything we do – helping people is in our DNA. For 200 years we have thought about the future—the future of our customers, our communities and our people. We help our customers and our communities by working together, innovating and pushing boundaries to bring them our very best every day. Together we’re changing the way people think about a bank.

As a member of the BMO Harris Bank team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.

To find out more visit us at .

BMO Harris Bank is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. BMO Harris Bank is an Equal Opportunity Employer for all, inclusive of Minorities, Women, Veterans, and Persons with Disabilities.

Job Field:

Information Technology

Job Schedule:


Primary Location:

United States-Illinois-Chicago