Managing Director - Insider Threat Program at BMO Bank N.A. — Chicago, IL
Full job description
Application Deadline:
08/28/2026
Address:
320 S Canal Street
Job Family Group:
Technology
Leads the Bank’s enterprise insider threat program, defining strategy, governance, and operating model to proactively identify, assess, mitigate, and prevent insider-driven risk. Establishes a risk-based approach to insider threat, strengthening the Bank’s ability to anticipate emerging threats, close control gaps, and enhance operational resilience. Maintains a forward-looking view of emerging insider risks, including employee-enabled fraud, credential misuse, data exfiltration, collusion, third-party insider risk, and cyber-enabled activity. The insider threat program is a centralized program requiring strict governance and confidentiality, with only involving stakeholders on a need-to-know basis in a controlled escalation environment.
Strategy & Operating Model
- Defines and leads the enterprise insider threat strategy and long-term roadmap.
- Builds a consistent global framework aligned to regulatory, legal, privacy and labor requirements; regulatory first design.
- Establishes governance structures, escalation protocols, and decision-making forums.
- Matures capabilities from reactive investigations to proactive, intelligence-led prevention.
Cross-Functional Leadership & Integration.
- Partners across Cybersecurity, Fraud, Financial Crimes, Corporate Security, Operations. Legal, Global Investigations, Risk, Privacy, and Human Resources.
- Integrates insider threat capabilities across systems, platforms, and control environments.
- Establishes clear routines for collaboration, escalation, and coordinated response.
- Promotes a culture of proactive risk identification and responsible escalation.
Data, Analytics & Intelligence
- Develops and optimizes insider threat analytics (i.e., user and entity behavior analytics), tools, and capabilities to support scalable, intelligence-driven risk detection.
- Builds a consolidated insider threat intelligence capability integrating cyber, fraud, financial crime, HR, and investigative signals (data fusion).
- Delivers executive-level reporting and insights on insider threat posture, emerging risks, significant cases, control effectiveness, and remediation progress.
- Leverages data, analytics, and risk indicators to inform strategy, prioritization, and investment decisions.
Detection, Investigation & Response
- Owns the end-to-end insider threat control framework, including prevention rules, risk-based detection models, behavioral analytics, investigative protocols, case management standards, and escalation processes.
- Embeds privacy-by-design and ethical monitoring practices, ensuring transparency, proportionality, and protection of employee dignity.
- Develops and enhances intelligence-led detection capabilities and response frameworks to enable proactive risk identification and mitigation.
- Partners with Global Investigations to ensure that consistent triage, investigation, escalation, and resolution related to Insider threat occurs across the enterprise.
- Defines standards for response actions ensuring timeliness, proportionality, governance, and defensibility.
- Participates in complex, high-risk investigations involving employees, contractors, third parties, cyber events, fraud activity, and control breaches, as required partnering with the Global Investigations team.
Governance, Risk & Regulatory Oversight
- Identifies systemic control gaps and drives remediation across identity and access management, privileged access, data protection, fraud controls, vendor access, and critical operations.
- Oversees adherence to the Bank’s Risk Appetite Framework, ensuring insider threat risks are managed within defined tolerances.
- Defines and manages key risk indicators (KRIs), key performance indicators (KPIs), and insider treat risk appetite.
- Supports regulatory exams, audits, and governance reviews, ensuring readiness and effective response across cyber risk, fraud, conduct risk, and operational resilience
Leadership & Culture
- Within the mandate of this role, promotes and supports the Bank’s risk culture including ensuring employees understand their accountabilities for risk-taking activities, promoting an environment of open communication and effective challenge, and establishing the “tone from the top” through leading by example.
- Complies with the Bank’s Risk Appetite framework and ensures risk-taking activities remain within agreed limits and comply with all regulatory requirements.
- Role models driving simplicity and productivity enhancements for optimization across groups, driving continuous improvement on key measures.
- Activates our winning culture, aligned with Purpose. Ignites engagement by aligning our culture to our strategy and fueling exceptional execution.
- Fosters an inclusive environment for all employees by eliminating barriers to inclusion.
- Develops leaders, plans for succession, and fosters a high-performance culture.
- Drives top talent acquisition and retention, developing organizational capabilities to drive competitive advantage.
- Leads and mentors a team with diverse risk and business experience, skills, and orientation.
- Leads, promotes, and reinforces the Bank’s Ambition; personally, role models One Bank leadership; drives sustainable improvements in customer loyalty and business growth; adheres and supports enterprise customer experience and brand standards.
Qualifications
- 10+ years in a global systemically important bank (GSIB), large financial institution, intelligence agency, law enforcement, military, or critical infrastructure environment.
- Experience in leading enterprise-side or global risk or security programs.
- Proven track record building or transforming insider threat, cyber, fraud, or security capabilities.
- Deep experience managing complex investigations involving employees, contractors, third parties, cyber incidents, fraud activity, or data misuse.
- Strong knowledge in one or more areas: insider threat, cybersecurity, fraud, financial crime, investigations, operational risk, or enterprise security.
- Understanding of banking operations, conduct risk, and financial crime typologies.
- Knowledge of regulatory expectations related to cyber, fraud, and operational resilience.
- Working knowledge of analytics, detection models, and insider threat tools.
- Ability to lead global distributed teams and build multidisciplinary capabilities.
- Strong leadership presence with the ability to influence senior stakeholders.
- High judgment and discretion in handling sensitive matters.
- Ability to translate complete risk signals into clear, actionable insights.
- Preferred professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Fraud Examiner (CFE), Certified Anti-Money Laundering Specialist (CAMS), Certified Protection Professional (CPP), Global Information Assurance Certification (GIAC), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or relevant investigations/intelligence credentials.
- Background in law enforcement, intelligence, or national security organizations (e.g., federal agencies or equivalent). Established external network across industry, law enforcement, and intelligence communities.
Please note: The position is targeted at a base range between $225K USD and $300K USD
Salary
Pay Type:
Salaried