Managing Director - Insider Threat Program

BMOToronto, ON
CA$190,000 - CA$225,000Onsite

About The Position

Leads the Bank’s enterprise insider threat program, defining strategy, governance, and operating model to proactively identify, assess, mitigate, and prevent insider-driven risk. Establishes a risk-based approach to insider threat, strengthening the Bank’s ability to anticipate emerging threats, close control gaps, and enhance operational resilience. Maintains a forward-looking view of emerging insider risks, including employee-enabled fraud, credential misuse, data exfiltration, collusion, third-party insider risk, and cyber-enabled activity. The insider threat program is a centralized program requiring strict governance and confidentiality, with only involving stakeholders on a need-to-know basis in a controlled escalation environment.

Requirements

  • 10+ years in a global systemically important bank (GSIB), large financial institution, intelligence agency, law enforcement, military, or critical infrastructure environment.
  • Experience in leading enterprise-side or global risk or security programs.
  • Proven track record building or transforming insider threat, cyber, fraud, or security capabilities.
  • Deep experience managing complex investigations involving employees, contractors, third parties, cyber incidents, fraud activity, or data misuse.
  • Strong knowledge in one or more areas: insider threat, cybersecurity, fraud, financial crime, investigations, operational risk, or enterprise security.
  • Understanding of banking operations, conduct risk, and financial crime typologies.
  • Knowledge of regulatory expectations related to cyber, fraud, and operational resilience.
  • Working knowledge of analytics, detection models, and insider threat tools.
  • Ability to lead global distributed teams and build multidisciplinary capabilities.
  • Strong leadership presence with the ability to influence senior stakeholders.
  • High judgment and discretion in handling sensitive matters.
  • Ability to translate complete risk signals into clear, actionable insights.

Nice To Haves

  • Preferred professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Fraud Examiner (CFE), Certified Anti-Money Laundering Specialist (CAMS), Certified Protection Professional (CPP), Global Information Assurance Certification (GIAC), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or relevant investigations/intelligence credentials.
  • Background in law enforcement, intelligence, or national security organizations (e.g., federal agencies or equivalent).
  • Established external network across industry, law enforcement, and intelligence communities.

Responsibilities

  • Defines and leads the enterprise insider threat strategy and long-term roadmap.
  • Builds a consistent global framework aligned to regulatory, legal, privacy and labor requirements; regulatory first design.
  • Establishes governance structures, escalation protocols, and decision-making forums.
  • Matures capabilities from reactive investigations to proactive, intelligence-led prevention.
  • Partners across Cybersecurity, Fraud, Financial Crimes, Corporate Security, Operations, Legal, Global Investigations, Risk, Privacy, and Human Resources.
  • Integrates insider threat capabilities across systems, platforms, and control environments.
  • Establishes clear routines for collaboration, escalation, and coordinated response.
  • Promotes a culture of proactive risk identification and responsible escalation.
  • Develops and optimizes insider threat analytics (i.e., user and entity behavior analytics), tools, and capabilities to support scalable, intelligence-driven risk detection.
  • Builds a consolidated insider threat intelligence capability integrating cyber, fraud, financial crime, HR, and investigative signals (data fusion).
  • Delivers executive-level reporting and insights on insider threat posture, emerging risks, significant cases, control effectiveness, and remediation progress.
  • Leverages data, analytics, and risk indicators to inform strategy, prioritization, and investment decisions.
  • Owns the end-to-end insider threat control framework, including prevention rules, risk-based detection models, behavioral analytics, investigative protocols, case management standards, and escalation processes.
  • Embeds privacy-by-design and ethical monitoring practices, ensuring transparency, proportionality, and protection of employee dignity.
  • Develops and enhances intelligence-led detection capabilities and response frameworks to enable proactive risk identification and mitigation.
  • Partners with Global Investigations to ensure that consistent triage, investigation, escalation, and resolution related to Insider threat occurs across the enterprise.
  • Defines standards for response actions ensuring timeliness, proportionality, governance, and defensibility.
  • Participates in complex, high-risk investigations involving employees, contractors, third parties, cyber events, fraud activity, and control breaches, as required partnering with the Global Investigations team.
  • Identifies systemic control gaps and drives remediation across identity and access management, privileged access, data protection, fraud controls, vendor access, and critical operations.
  • Oversees adherence to the Bank’s Risk Appetite Framework, ensuring insider threat risks are managed within defined tolerances.
  • Defines and manages key risk indicators (KRIs), key performance indicators (KPIs), and insider treat risk appetite.
  • Supports regulatory exams, audits, and governance reviews, ensuring readiness and effective response across cyber risk, fraud, conduct risk, and operational resilience.
  • Promotes and supports the Bank’s risk culture including ensuring employees understand their accountabilities for risk-taking activities, promoting an environment of open communication and effective challenge, and establishing the “tone from the top” through leading by example.
  • Complies with the Bank’s Risk Appetite framework and ensures risk-taking activities remain within agreed limits and comply with all regulatory requirements.
  • Role models driving simplicity and productivity enhancements for optimization across groups, driving continuous improvement on key measures.
  • Activates our winning culture, aligned with Purpose.
  • Ignites engagement by aligning our culture to our strategy and fueling exceptional execution.
  • Fosters an inclusive environment for all employees by eliminating barriers to inclusion.
  • Develops leaders, plans for succession, and fosters a high-performance culture.
  • Drives top talent acquisition and retention, developing organizational capabilities to drive competitive advantage.
  • Leads and mentors a team with diverse risk and business experience, skills, and orientation.
  • Leads, promotes, and reinforces the Bank’s Ambition; personally, role models One Bank leadership; drives sustainable improvements in customer loyalty and business growth; adheres and supports enterprise customer experience and brand standards.

Benefits

  • health insurance
  • tuition reimbursement
  • accident and life insurance
  • retirement savings plans
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service