Job Description Job Title: Business Information Security Officer (BISO) Date Written: September 2024 Department: Finance Crime Unit – Cyber Security Location: Dublin, Ireland Immediate Manager’s Location: London, UK Mandate BMO’s Cyber Security (CS) team shall protect the security of our customers data and enable BMO’s Lines of Business to operate most successfully in an increasingly competitive global environment. The Business Information Security Officer (BISO) enables secure business strategies and processes by providing advisory services to leaders and effectively connecting business needs to security solutions. Knowledge and Skills Knowledge: 7 years of experience in information security or related discipline. Financial industry experience is preferred. Degree in Engineering - computer science/electrical/electronic/Information Systems or equivalent. Information Security Certifications preferred, CISSP, CISM, CISA, ISO27001 Skills: Ability to prioriti s e, execute tasks and handle multiple projects concurrently. Ability to communicate and present effectively through a range of mediums, to various audiences, in a way that demonstrates subject matter knowledge. Strong influencing and negotiation skills with the demonstrated ability to engage and persuade stakeholders to act and make decisions that aim to further business objectives. Strong service management and service delivery orientation Strong conceptual skills: ability to deal with ambiguity; creativity; lateral thinker. Strong working knowledge of local and European Laws and Regulations (DORA, CBI, EU etc) Key Accountabilities Serves as the primary Interface to the Cyber Security ( C S) organization supporting Lines of businesses, operations, and technology. Serves as the BISO for the business partners to share emerging risks and focus areas with business and technology management teams. Facilitate the implementation and monitoring of corporate C S policies /standards /programs within lines of business, to ensure timely program delivery of programs and management of risk within tolerance. Partner with the Technology Teams to ensure implementation and sustainability of controls. Partner with the Outsourcing Supplier Risk Management team to ensure remediation of risks. Develop strong understanding of underlying technical requirements of the Enterprise technical C S and IT standards, identification of security gaps and provide consultation to the businesses for remediation options. Maintain and enhance status as a subject matter expert for all C S matters. Partner with the C S Operations team to provide support on cyber security investigations and incident response. Provide oversight to ensure that processes and projects are completed in a timely manner. Monitor risk exceptions, and resolutions, in response to security events, assessment and audit results. Maintain and socialize the status of C S programs and initiatives within lines of businesses. Respond to security events by initiating and coordinating actions needed to protect the business and its clients. Provides expert advice to the business on current cyber threats affecting the business and clients. Engage with regulators and auditors on key Cyber Security matters. Contribute to and maintain an effective Operational Risk Management Framework, escalating any observed operational risk matters to the BME Operational Risk Manager. Authorities (decision-making\autonomy) Advisory Monitoring Recommending Issue Resolution Coordinating Scope and Impact The BISOs operate in a one-to-one relationship with their assigned LoB and ensure continued coverage and act as a conduit into the broader Cyber Security organisation. Cross Functional Relationships Team members Technology, O perations, and R isk teams Lines of Business for BMO International Regulators and Auditors Technology 1st Line Functions Operational Risk Management Group Privacy Legal, Risk & Compliance Internal & External Audit Working Conditions This role operates within a hybrid working environment which entails balancing meaningful time spent in the office for collaboration and connection with teams based on the expectations of your business group and role, along with time spent working remotely .