Senior Risk Specialist (Enterprise Risk Management)

02 / 27 / 2025

Must have risk management experience in addition to portfolio knowledge, and strong understanding of Data Management frameworks. Please note this role is subject to Hybrid work model (2 days in the office in Toronto, ON).

Oversees, monitors, and reports on information and technology operational risks for a designated portfolio (Corporate Finance, AML). Develops and monitors the risk management and governance framework and practices leveraged across BMO to manage information and technology risks. Develops and monitors adherence to policies, standards, methodologies, and controls that increase transparency, accuracy, and consistency across groups. Works with stakeholders to implement the methodology, metrics, and program standards for the assigned portfolio to ensure compliance, effective monitoring, timely reporting, and identify action plans.

Key Skills / Experience :

• Must have strong knowledge of one of the Enterprise Risk & Portfolio Management corporate functions / business activities to enable business risk identification related to data & analytics risks. Knowledge of Market Risk, or Credit Risk or Finance data management activities will be an asset.
• Must have risk management experience in addition to portfolio knowledge, and strong understanding of Data Management frameworks.

Accountabilities :

• Provides Effective Challenge in the area of data and analytics.
• Interprets new regulations and assesses impacts to the governance framework.
• Develops regulatory reports on the status of the governance program or framework components to various internal and external stakeholder audiences.
• Owns self-assessment activities, compliance.
• Identifies emerging issues and trends to inform decision-making.
• Researches existing or emerging requirements and related best practices to develop recommendations for changes / enhancements.
• Independently assesses the information and technology risk profile (e.g. exposures, material initiatives, systems issues or weaknesses in the control structure) for the assigned portfolio.
• Measures the effectiveness of risk governance system and framework; recommends changes as required.
• Leads the development and maintenance of the governance system and framework.
• Represents the risk program / governance structure during internal / external regulatory audits and / or examinations.
• Leads the development of the communication strategy focusing on positively influencing or changing behaviour.
• Manages the review and sign-off process for relevant regulatory reporting.
• May provide specialized support for other internal and external regulatory requirements.
• Leads / participates in the design, implementation and management of core business / group processes.
• Administers and maintains technology and information security and management risk program activities adhering to applicable policies, procedures, and established processes.
• Reviews new business initiatives and monitors existing initiatives to identify potential risk situations / impacts; makes recommendations or escalates as per guidelines.
• Identifies potential risk situations / impacts and makes recommendations or escalates.
• Provides advice and guidance to assigned business / group on implementation of the risk framework, including effective challenge.
• Coordinates and participates in the execution of oversight / governance activities including reporting; assessment of education & training needs, development / delivery of training; development and execution of regulatory administration processes & procedures.
• Consults with stakeholders to improve consistency and transparency of risk measurement, metrics and reporting.
• Supports the development and maintenance of the governance system and framework including supporting policy / standard / operating procedures lifecycle management, education and training assessments.
• Builds effective relationships with internal / external stakeholders e.g. business stakeholders and corporate support areas to provide second line of defense information and technology risk management support.
• Analyzes data and information to provide insights and recommendations; includes identification of risk impacts for new processes and workflows related to initiatives.
• Maintains tools and templates for information and technology risk programs and standards e.g. Risk Control Self Assessment (RCSA), Sarbanes-Oxley (SOX), business continuity planning standards and policies for internal and third-party solution development.
• Broader work or accountabilities may be assigned as needed.

Qualifications :

• Typically 7+ years of relevant experience in Risk Management (Operational Risk, Technology Risk, Second line of defense) and post-secondary degree in related field of study or an equivalent combination of education and experience.
• Degree in Information Technology, Computer Science, Business Administration, or related field of study preferred.
• Experience with Enterprise Data Risk preferred.
• Experience with effective challenge of data and analytics ideal.
• In-depth / expert knowledge of information and technology risk management practices.
• In-depth / expert knowledge of regulatory requirements.
• In-depth / expert knowledge and experience with risk policy frameworks; quality control / testing frameworks.

92,400.00 - $171,600.00

J-18808-Ljbffr