Senior Cloud Security Engineer

Address:

Job Family Group:

We are seeking an enthusiastic and passionate professional for aSenior Cloud AI & Data Security Engineerrole who wants to design and implement security solutions for systems and services acrossAWS Azure and AI/ML platforms. We need someone who can establish the highest standards that meet and exceed security governance solutions and practices provide assurance to management and auditors and ensure sustained protection by embedding controls in operational and DevOps (CI/CD) practices with a focus on automation.

We are looking for someone who has a high level of technical security expertise and who takes seriously the responsibility of monitoring detecting protecting and maintaining the security ofdata AI/ML systems cloud platforms and networks.

You are a leader with a strong technical background. You have demonstrated strength in:

• Developing and implementingsecure cloud and AI/ML architecturesusing a risk-based cybersecurity and data privacy strategy

• Defining security patterns roadmaps and operating models that leverage collaboration

• Facilitating industry-standard information security governance

• Advising senior leadership on cybersecurityAI risk and privacy risks threats and investment strategies

• Documenting appropriate policies and procedures to manage information security risksincluding those unique to AI/ML systems and sensitive data assets

As a qualified candidate you will be part of the team driving BMOs Cloud AI and Data Security implementation. As a member of this team you should possess the ability to inspire yourself and all of our team. Based on your previous experiences you will inject new knowledge and skills into an already high-performing team thus elevating our efforts to new heights.

Your Responsibilities

Cloud Security

• Assess design implement automate and document security solutions controls and processes forAmazon Web Services (AWS)andMicrosoft Azurecloud platforms

• Develop and maintain security patterns for cloud platforms and services; assess all cloud patterns to ensure adherence to best security practices and controls

• Design and implement security baseline controls for Cloud Services for integration into the CI/CD process

• Build and deliverpolicies as code automating security controls and best practices

• Review and approve code and changes with security implications (e.g. IAM Roles and Policies Security Groups etc.)

• Be the cloud security subject matter expert for the Cloud Engineering group and its partners in any IaaS PaaS and SaaS implementations

AI & Machine Learning Security

• Define and implement asecurity framework for AI/ML systems covering the full model lifecycle from data ingestion and training to deployment and monitoring

• Assess and mitigateAI-specific threatsincluding adversarial attacks model inversion data poisoning prompt injection and model theft

• Evaluate and secureAI/ML platforms and tools(e.g. Amazon SageMaker Azure Machine Learning Hugging Face OpenAI APIs) against organizational risk standards

• Collaborate with data science and AI engineering teams to integrate security controls intoMLOps pipelines ensuring model integrity access controls and auditability

• Monitor emerging AI threat landscapes and regulatory developments (e.g. EU AI Act NIST AI RMF) and translate these into actionable organizational controls

Data Security

• Implement and managedata security posture management (DSPM)tools to continuously monitor sensitive data exposure across cloud environments

• Establish controls forstructured and unstructured data stores including databases data lakes data warehouses (e.g. Snowflake AWS S3 Azure Data Lake) and file sharing platforms

• Drive the adoption ofdata-centric securitypractices within application development and analytics teams

General Security Leadership

• Provide subject matter expertise on architecture authentication and systems security based on a clear understanding of the engineering stack services and data flow

• Lead focused and continuous cybersecurity risk assessments of new and existing technologies - includingAI/ML systems and data platforms- to identify risks and appropriate controls that balance security and operability

• Provide effective and pragmatic cybersecurity guidance upfront in major technology projects to enable the business to innovate securely

• Assist in the investigation and remediation of security incidents and issuesincluding those involving AI model compromise or data breaches

• Work closely with Information Security product and software development teams to assess cybersecurity risk and recommend solutions in cloud AI and data environments

Your Mindset

• You are aself-starter driven and can handle multiple projects and priorities

• You are passionate about driving theDevSecOps and MLSecOpsmindset and culture in a fast-paced challenging environment where you get the opportunity to work with the latest tools and technologies

• You understand theintersection of security AI and data and actively seek to build bridges between these disciplines

• You are actively looking to improve the solutions you implement understand the efficacy of collaboration and are keen to work in a team of CI/CD infrastructure AI and data specialists

• You are energized by therapidly evolving AI threat landscapeand bring intellectual curiosity and practical judgment to navigating ambiguity

• As a member of this team you will inject new knowledge and skills into an already high-performing team elevating our collective efforts to new heights

Required Core Skills

Foundational

• A university degree inEngineering Computer Science Information Technology or a related field

• 7-10 yearsof experience developing and implementing security architectures and/or engineering with demonstrated breadth acrosscloud data and/or AI security domains

• Security certifications such asCISSP CCSP CCSK or any Cloud Security Specialty certification (e.g. AWS Certified Security Specialty Microsoft Certified: Azure Security Engineer Associate)

• Emerging/preferred:Certifications or demonstrated knowledge inAI security(e.g. CDAI CompTIA AI or equivalent vendor-specific AI security training) ordata security(e.g. CDPSE CIPP)

Cloud Security

• Demonstrated knowledge of cloud architecture cloud operations cloud-based identity and access management security automation and orchestration

• Extensive experience withcloud-native security solutionsand tools (e.g. AWS Security Hub AWS GuardDuty Microsoft Defender for Cloud Azure Sentinel)

• Knowledge of technical security control environments and compliance frameworks includingCSA CCM ISO 27001 ISO 27017 and NIST CSF

AI & ML Security

• Working knowledge ofAI/ML development frameworks and platforms(e.g. TensorFlow PyTorch SageMaker Azure ML) and associated security risks

• Familiarity with theOWASP Top 10 for LLMsMITRE ATLAS andNIST AI Risk Management Framework (AI RMF)

• Understanding ofMLOps pipeline security including securing model registries feature stores training environments and inference endpoints

• Knowledge ofGenerative AI security risks including prompt injection jailbreaking data leakage via LLMs and supply chain risks in AI model dependencies

Data Security

• Experience implementingdata loss prevention (DLP)data classification anddata access governancesolutions in enterprise environments

• Knowledge ofDSPM toolsand practices

• Understanding ofdata encryption at rest and in transit tokenization and key management for large-scale data environments

• Familiarity withdata privacy regulations(e.g. PIPEDA GDPR CCPA) and their technical implementation requirements

• Experience securingcloud-based data platformssuch as Snowflake Databricks AWS Redshift Azure Synapse or equivalent

Technical Skills

• Firm grasp ofnetworking protocols and operations; comfortable with packet analysis tools such as Wireshark Burp Suite nmap Nessus and Metasploit

• Knowledge oftheoretical and applied cryptography key management and cryptographic algorithms (RSA AES TLS PKI etc.)

• Knowledge ofIdentity and Access Management (IAM)concepts including SSO SAML federated identity RBAC and OAuth/OIDC

• Strong scripting and programming skills with experience inPython PowerShell Bash and API/webhook development

• Experience withInfrastructure as Code (IaC)security scanning tools (e.g. Checkov tfsec Prisma Cloud)

Interpersonal & Leadership

• Demonstrable internal and externalrelationship-buildingskills with the ability to clearly articulate complex security concepts across a diverse corporate culture

• Ability to lead in-depth workshops across a broad range of topics includingcloud compliance AI risk and data governance

• Strong ability to influence decision-making at senior leadership levels

Other Skills

• Strong interpersonal communication and leadership skills

• A critical thinker with strong research analytical and problem-solving skills

• Self-motivated with a positive attitude and an ability to work independently and within a team

• Ability to communicate complex technical concepts to a broad range of internal and external stakeholders includingbusiness legal compliance and technology leaders

• Strong time management skills with the ability to manage multiple workstreams and mentor less experienced team members

Why Join Us

This is a rare opportunity to shape thecloud AI and data security strategyof one of Canadas largest financial institutions at a time when these domains are converging and rapidly evolving. You will work at the forefront of emerging threats influence enterprise-wide security standards and collaborate with world-class teams across technology risk and innovation.

Salary:

Pay Type:

The above represents BMO Financial Groups pay range and type.

Salaries will vary based on factors such as location skills experience education and qualifications for the role and may include a commission structure. Salaries for part-time roles will be pro-rated based on number of hours regularly worked. For commission roles the salary listed above represents BMO Financial Groups expected target for the first year in this position.

BMO Financial Groups total compensation package will vary based on the pay type of the position and may include performance-based incentives discretionary bonuses as well as other perks and rewards. BMO also offers health insurance tuition reimbursement accident and life insurance and retirement savings plans. To view more details of our benefits please visit: Us

At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting positive change for our customers our communities and our people. By working together innovating and pushing boundaries we transform lives and businesses and power economic growth around the world.

As a member of the BMO team you are valued respected and heard and you have more ways to grow and make an impact. We strive to help you make an impact from day one for yourself and our customers. Well support you with the tools and resources you need to reach new milestones as you help our customers reach theirs. From in-depth training and coaching to manager support and network-building opportunities well help you gain valuable experience and broaden your skillset.

To find out more visit us at is proud to be an equal employment opportunity employer. We evaluate applicants without regard to race religion color national origin sex (including pregnancy childbirth or related medical conditions) sexual orientation gender identity gender expression transgender status sexual stereotypes age status as a protected veteran status as an individual with a disability or any other legally protected characteristics. We also consider applicants with criminal histories consistent with applicable federal state and local law.

BMO is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process please send an e-mail to and let us know the nature of your request and your contact information.

Note to Recruiters: BMO does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to BMO directly or indirectly will be considered BMO property. BMO will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid written and fully executed agency agreement contract for service to submit resumes.