Senior Manager, Corporate Technology Risk & Compliance

Address:

At BMO, we empower you to lead the future of technology risk and compliance in a dynamic financial environment. As a Senior Manager, Corporate Technology Risk & Compliance, you will play a pivotal role in shaping a secure and resilient technology landscape.

Why Join Us?

Strategic Impact: Lead high-stakes initiatives that strengthen our enterprise-wide technology risk and compliance framework. Your insights will directly influence executive decision-making and regulatory alignment.

Collaborative Culture: Work alongside top-tier professionals in Technology risk, compliance, and controls. Foster a culture of security awareness and risk intelligence across the organization.

Career Growth & Development: We invest in your success and there are many internal career opportunities to drive change.

Purpose-Driven Work: Your role is crucial in maintaining trust, regulatory compliance, and business continuity in an evolving digital world.

Join us and take your career to the next level in a role that blends strategic leadership, regulatory expertise, and cutting-edge technology risk management.

Be a leader. Be an innovator. Be a guardian of trust.

***This role is a Hybrid role****. You will be in the office once per week. Our two office locations are First Canadian Place ( Bay and King) or BMO place (Yonge and Dundas)

MAIN Responsibilities:

1) Technology Risk Governance & Internal Controls

• Maintains Corporate Areas Technology's Process Risk Controls inventory within the risk governance frameworks

• Support facilitation and participation of key stakeholders in the Products, Services and Processes Risk Assessment (PSP RA)

• Ensure alignment with regulatory requirements, industry standards and internal policies Oversee technology risk assessments and control effectiveness evaluations.

• Partner with IT, cybersecurity, risk, audit, and compliance teams to strengthen governance.

• Maintain relationships and reviews, understand and action in a timely manner issues and trends highlighted in risk, governance, and control reporting.

2) Regulatory Compliance & Risk Management

• Ensure ongoing compliance with all applicable internal and risk policies, standards and procedures.

• Interpret new and evolving technology regulations and assess their impact to the first line.

• Monitor and report on compliance with technology risk policies and frameworks.

• Leads change management programs of varying scope and type, including readiness assessments, planning, stakeholder management, execution, evaluation and sustainment of initiatives.

• Develops, documents and maintains business/group procedures updating and obtaining approvals as regulations or the operating environment changes and communicates changes to the business/group & relevant stakeholder groups.

• Builds awareness, knowledge, and skills internally and, as necessary, provides communication, practical tools and ongoing support including making presentations, to promote a culture of risk identification and management.

3) Technology Risk Advisory & Strategy

• Provide strategic guidance to senior leadership on technology risk and compliance.

• Develop and execute risk mitigation strategies aligned with business objectives.

• Facilitates training to ensure business unit employees fully understand requirements.

• Conducts independent analysis and assessment to resolve strategic issues.

• Provides quality control for investigations, self-reports, examinations and independent reviews conducted by internal and external stakeholders, providing verbal and written responses to requests for positions, action plans, information and/or documentation.

4) Audit, Testing and Issue Management

• Act as a key liaison between corporate function, internal/external auditors and testers.

• Oversee technology risk issues, root cause analysis, and remediation efforts in the central tracking system.

• Ensure appropriate risk escalation and reporting mechanisms are in place.

• Lead Stakeholder Engagement & Collaboration to enhance IT control testing, monitoring, and reporting capabilities.

• Influence and negotiate risk and compliance strategies across business units.

• Tracks exception/exemption requests and corresponding approvals.

KEY Desired Skills:

Technology Risk Management & Governance expertise- 7 years experience in the following areas

• Expertise in technology risk frameworks.

• Strong understanding of IT process controls, risk assessments, and control testing.

• Knowledge of operational resilience, third-party risk management, and issues management.

Regulatory Compliance & Cybersecurity expertise- 7 years experience in the following areas

• Familiarity with financial regulations impacting technology (e.g., SOX, FFIEC, Basel).

• Experience with cybersecurity risk management, vulnerability assessments, and threat modeling.

• Understanding of data governance and compliance requirements.

Risk Analytics & Reporting expertise: 7 years experience in the following areas

• Proficiency in data analysis and reporting tools (Power BI, SQL risk analytics).

• Ability to develop risk dashboards, KRIs, and automated risk reporting mechanisms.

• Experience in conducting trend analysis and risk scenario modeling.

IT Audit & Control Testing expertise- 7 years experience in the following areas

• Hands-on experience in IT audits, control assessments, and regulatory reviews.

• Ability to perform gap analyses, compliance reviews, and remediation planning.

• Knowledge of penetration testing, ethical hacking, and cybersecurity resilience assessments.

Stakeholder Management & Communication- 7 years experience in the following areas

• Expert ability to translate complex technology risks into business impact for senior leadership.

• Experience working with regulators, auditors, and cross-functional teams.

• Ability to influence risk decisions and drive compliance across global organizations.

Experience in Program Management as well as experience with delivering presentations and creating PowerPoint decks to large groups.

Additional Information:

Develops and maintains an effective internal control framework that defines the ways and methods governance is implemented, managed, and monitored in the designated business/group portfolio. The governance framework includes policies, guidelines and provides programs, practices and measures to promote transparency, accuracy, consistency across groups. Applies specialized knowledge of risk management, regulatory compliance and internal controls related to business processes and information.

• Provides strategic input into business decisions as a trusted advisor.
• Makes recommendations to senior leaders on strategy and new initiatives, based on an in-depth understanding of the business/group.
• Acts as a subject matter expert on relevant regulations and policies.
• May network with industry contacts to gain competitive insights and best practices.
• Interprets new regulations and assesses impacts to the internal controls governance framework/program.
• Develops reports on the status of the governance program or framework components to various internal & external stakeholder audiences.
• Influences and negotiates to achieve business objectives.
• Identifies emerging issues and trends to inform decision-making.
• Recommends business priorities, advises on resource requirements and develops roadmap for strategic execution.
• Manages resources and leads the execution of strategic initiatives to deliver on business and financial goals.
• Measures the effectiveness of risk governance system and framework; recommends changes as required.
• Conducts independent analysis and assessment to resolve strategic issues.
• Leads the development and maintenance of the internal controls governance system and framework.
• Acts as the prime subject matter expert for internal/external stakeholders.
• Designs and produces regular and ad-hoc reports, and dashboards.
• Develops and manages comprehensive information management systems; designs and/or leads initiatives to improve processes, analysis and reporting.
• Leads the development of the communication strategy focusing on positively influencing or changing behaviour.
• Leads change management programs of varying scope and type, including readiness assessments, planning, stakeholder management, execution, evaluation and sustainment of initiatives.
• Leads the execution of operational programs; assesses and adapts as needed to ensure quality of execution.
• Manages the review and sign-off process for relevant regulatory reporting.
• Leads and integrates the monitoring, measurement & reporting on the status of the internal controls governance framework/program to internal & external stakeholders.
• Leads the management of governance meetings and maintenance of governing body mandates, oversight and approval guidelines.
• May provide specialized support for other internal and external regulatory requirements.
• Provides input into the planning and implementation of ongoing operational programs in support of the model validation/risk framework.
• Leads in the design, implementation and management of core business/group processes.
• Develops governance and control-related solutions and makes recommendations based on an understanding of the business strategy and stakeholder needs.
• Provides advice and guidance to assigned business/group on the implementation of the control framework, including effective challenge.
• Performs testing on design of controls as required e.g. observation, inspection, replication, recalculation to ensure risks are identified and controls are effective.
• Reviews processes and identifies opportunities for risk mitigation through proposing new controls or revising existing controls.
• Identifies where corrective actions are required and escalates per guidelines; ensures corrective action is taken as necessary.
• Coordinates and participates in the execution of oversight/governance activities including reporting; assessment of education & training needs, development/delivery of training; development and execution of regulatory administration processes & procedures; management of review/updates to policies, etc.
• Consults with stakeholders to improve consistency and transparency of control measurement/metrics and reporting.
• Assists with the interpretation of new or changing regulations and assessing impacts to the governance frameworks.
• Develops and maintains in-depth knowledge of business and related risk management requirements and legislative/regulatory directives and guidance.
• Builds effective relationships with internal/external stakeholders.
• Ensures alignment between stakeholders.
• Analyzes data and information to provide insights and recommendations.
• Documents the internal control governance system, processes and framework to describe compliance requirements, activities, processes, roles & responsibilities.
• Develops tools, checklists and communications to address gaps, issues and new requirements.
• Monitors and tracks performance; addresses any issues.
• Operates at a group/enterprise-wide level and serves as a specialist resource to senior leaders and stakeholders.
• Applies expertise and thinks creatively to address unique or ambiguous situations and to find solutions to problems that can be complex and non-routine.
• Implements changes in response to shifting trends.
• Broader work or accountabilities may be assigned as needed.

  Qualifications:

• Typically 7+ years of relevant experience and post-secondary degree in related field of study or an equivalent combination of education and experience.
• Experience in risk management, audit, compliance, governance and/or project management is preferred.
• In-depth knowledge of business and regulatory environment.
• In-depth/expert knowledge & experience with risk policy frameworks; quality control/testing frameworks. e.g. SOX
• Seasoned professional with a combination of education, experience and industry knowledge.
• Verbal & written communication skills - In-depth / Expert.
• Analytical and problem solving skills - In-depth / Expert.
• Influence skills - In-depth / Expert.
• Collaboration & team skills; with a focus on cross-group collaboration - In-depth / Expert.
• Able to manage ambiguity.
• Data driven decision making - In-depth / Expert.

The above represents BMO Financial Group's pay range and type.

Salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role, and may include a commission structure. Salaries for part-time roles will be pro-rated based on number of hours regularly worked. For commission roles, the salary listed above represents BMO Financial Group's expected target for the first year in this position.

BMO Financial Group's total compensation package will vary based on the pay type of the position and may include performance-based incentives, discretionary bonuses, as well as other perks and rewards. BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans. To view more details of our benefits, please visit: https://jobs.bmo.com/global/en/Total-Rewards

About Us

At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.

As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one - for yourself and our customers. We'll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we'll help you gain valuable experience, and broaden your skillset.

To find out more visit us at https://jobs.bmo.com/ca/en.

BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other's differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.

Note to Recruiters: BMO does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to BMO, directly or indirectly, will be considered BMO property. BMO will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for service to submit resumes.