Security Metrics Analyst in United States

BMO Financial Group's picture
Contract Type: 
This role is located at 777 Bay Street, Downtown Toronto or at 111 W. Munro in Chicago.  The Security Metrics Analyst is accountable to provide coordination support to the Manager Centralized Information Security Metric Program (CISMP) team in all aspects of coordination, tracking and reporting activities as they relate to Information Security performance metrics.
Accountable to effectively and proactively contribute to the success of the Information Security mission through the coordination, consolidation, analysis, recommendations, and reporting of data related to:
  • Information Security & Risk Metrics
  • Key Risk Indicators (KRIs)
  • Key Performance Indicators (KPIs)
  • Process & Controls data outputs
  • Metrics derived from Industry Standards and Regulatory requirements
Provide facilitation and guidance to the team toward ensuring that metrics program is closely aligned with and supports following Enterprise business priority areas:
  • Early warning capability to assist executive team with pro-active decision data
  • Cyber Security – Threat & Risk, Data Loss Prevention, new/emergent cyber security threats
  • Enterprise strategy
  • Quality program projects
  • Finance
  • General Management Information
Take ownership for the collection/consolidation of data to be used for management and executive communications, including presentations, organizational program support, and communications between teams

This role focuses on up to a twelve - month time horizon (i.e twelve months of ‘look-back’ data)
Performance Management
• Provide hands-on input, support and guidance for the establishment of the Information Security Metrics baseline and identify gaps for which new metrics may need to be developed and reported against.
• Support and guide business and technical stakeholders in the collection and analysis of key data related Information Security metrics, Internal measures KPIs and KRIs reporting that is timely, accurate, consistent, complete and relevant for the purpose of providing comprehensive information for strategic Information Security management decisions.
• Provide guidance and support to the team to analyze Information Security metric performance data to produce weekly, monthly, quarterly and annual performance reports, and ad hoc reports as requested, in a concise and consistent manner, soliciting input from a number of sources both internal and external to the business unit.
• Support and guide the team in the development of dashboard front-end reporting capability for executive reporting that provides critical Information Security metric trending and forecasting information, summarized as appropriate for executive-level consumption.
• Provide support to the manager CISMP to Lead and support the team in the delivery of exceptional customer service that builds trust through responsive, accurate, consistent, knowledgeable and available services and support.
Core Role deliverables
• Provide guidance and facilitation support to the team and to the Manager Reporting & Analysis in the establishment and implementation of procedures and controls to govern Information Security Metrics data, database management (Including any automation tool that may be employed), and metric report creation that demonstrate the effectiveness and usefulness of CISMP reports.
• Through in-depth knowledge of Information Security Metrics trends/results, provide support to the Manager Reporting & Analysis and the team in the early identification of potential risks/impacts that may become apparent through inference, patterns and analysis of Information Security metric data, and make recommendations or escalate to management, as per established up-level management reporting guidelines.
• Play key role in supporting the development of capability to provide current information security metric inputs that may be required for regulatory reporting and audit queries.
• Take ownership role for the establishment of a current and up-to-date Information Security metrics baseline. Ensure all appropriate authorizations/approvals are obtained in accordance with appropriate enterprise policies and controls.
• University degree/college diploma or equivalent work experience
• 2 to 3 years’ experience in Information Security management reporting processes and methodology (experience in IT Business operations metric reporting will be an added bonus).
• Working knowledge and understanding of Information Security key performance indicators (KPIs) and key risk indicators (KRIs)
• Good knowledge of Information Security processes, procedures and controls
• Good understanding of Information Security risk and regulatory requirements
• Solid understanding of Information Security management reporting processes
• Good understanding of industry practices and metric reporting fundamentals
•The candidate is familiar with multiple standards and frameworks, including NIST Cyber Security Framework (CSF), ISO 27001 and 27002, Payment Card Industry (PCI) Data Security Standard (DSS), etc.
• At least 2 years’ experience in supervising/managing and leading teams to success
• At least 2 years’ experience in managing projects and using project management skills
• Experience in interfacing at multiple levels of client management and building relationships
• Good knowledge of standard desktop applications used by the business unit

• English (Fluent)
• Ability to provide subject matter expertise in designing and enhancing the IT risk/security metrics program will be a bonus.
• Strong leadership skills
• Working knowledge of RSA Archer GRC (UCF) will be a bonus – ability to develop skills for this tool is a critical requirement if not already existing.
• Working knowledge of BMO IDP (Integrated Data Platform) and Spotfire tool will be a bonus
• Strong computer literacy, with an ability to leverage technology associated with the job
• Strong analytical and problem-solving skills
• Strong prioritization skills
• Strong organizational skills and attention to detail
• Strong teamwork skills
• Strong presentation, written and oral communication skills
• Ability to multi-task and function in a fast-paced environment
Working Conditions:
This job operates within normal office conditions with minimal exposure to health and safety risks. There may be a requirement to periodically work extra hours as dictated by the business.
We’re here to help

At BMO we have a shared purpose; we put the customer at the centre of everything we do – helping people is in our DNA. For 200 years we have thought about the future—the future of our customers, our communities and our people. We help our customers and our communities by working together, innovating and pushing boundaries to bring them our very best every day. Together we’re changing the way people think about a bank.
As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.
To find out more visit us at

BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process.

Contact Employer

BMO Financial Group

+ Other Jobs in United States