MANDATE   • Design, implement and configure, administer and support Vulnerability Assessment and Scanning platforms and services for the enterprise   • Ensure adequate discovery, triage, assessment, prioritization and reporting on vulnerabilities and misconfigurations affecting server platforms, databases, applications, endpoints and appliances and network equipment   • Facilitate pro-active protection of information technology assets against external or internal threats.   • Implement or evolve vulnerability Assessment or management processes   • Develop and implement security metrics representative of performance and risk related to the Vulnerability Management domain. Key Accountabilities:   • The role’s main responsibility as a Subject Matter Expert (SME) on Enterprise Vulnerability Management is to provide expertise for the implementation and configuration of enterprise platforms and services with a role in discovery, identification, prioritization, reporting and follow-up on Information Technology vulnerabilities and misconfigurations   • Leadership and oversight to other team members for the mature and effective delivery of services, platform management   • Administration and day-to-day support activities, including monitoring the environment with performance tools, by maintaining optimal configuration and technical policy management of platforms such as Qualys, DBProtect and other tools. Authorities:   • Accountable for the operational management and administration of Vulnerability Management Platforms and Services Scope & Impact:   • This job contributes to Technology and Operations through protecting against electronic threats to BMO’s infrastructure. Cross-Functional Relationships: The Senior Specialist will report to the Information Security Threat Management manager in the Information Security Operations and will be responsible for maintaining relationships with internal IS Operations groups as well as other technology entities, including enterprise infrastructure, technology governance, and technology risk management. Qualifications Knowledge & Skills:   • Completion of a Bachelor’s degree or equivalent program in Computer Science, Management Information Systems or similar field   • 7 - 10 years of relevant experience in Information Security at enterprise level   • 5 years work experience in configuring, implementing and administering Security tools and delivering security services. Experience must include implementation and configuration management of multiple security tools and delivery of security services in large enterprise environments.   • Hands-on experience with Vulnerability Management Scanning platforms like QUALYS, McAfee and others is required (MUST HAVE)   • Hands-on experience with managing penetration testing engagements by 3rd party pen testing services providers for the purpose of assessing enterprise exposures at network and Web Applications level.   • Work experience with TrustWave and DBProtect   • Work experience with Application Code Scanner technologies a strong plus.   • CISSP certification or equivalent a definite plus;   • Prior participation and responsibilities for 24x7 on-call schedule for technical support.   • Knowledge of regulatory and compliance-driven processes and activities to ensure enterprise compliancy to internal policies and regulatory requirements.   • Experience with defining, generating and operationalizing security metrics.   • Excellent oral and written communication skills required.   • Prior financial services institutions experience a plus. At our company, we have been helping our customers and communities for over 195 years. Working with us means being part of a team of talented and passionate individuals with a shared focus on working together to deliver great customer experiences. We stand behind your success with the support you need to turn your potential into performance. To find out more visit our website at Company website. Company is committed to an inclusive, equitable and accessible workplace. By embracing diversity, we gain strength through our people and our perspectives.