Qualifications
Responsibilities
Benefits
Application Deadline:
Address:
320 S Canal StreetJob Family Group:
TechnologyThe Cyber Security Senior Consultant leads and supports cybersecurity, risk management, and operational governance activities across the organization for business managed applications as well as lead initiatives to perform application security risk assessments. This role is well suited for a leader with strong analytical, communication, and technical skills who is interested in applying those strengths within crossroads of solution design assessments and cybersecurity governance functions.
The role works with technology teams, business stakeholders, cybersecurity partners, and risk/control functions. Responsibilities may include performing, managing and enhancing various aspects of the program such as application security assessments, vulnerability closures management, application inventory solution management, modernization of program activities via building and use of AI capabilities, process documentation, creating metrics and presenting to other governance bodies and senior leadership.
This is a broad, cross-functional role that combines elements of business and technology governance, risk assessment, risk management, some security engineering and process improvement. The candidate is expected to be comfortable managing multiple priorities, shifting between different types of work associated with the program and working across organizational boundaries with business, technology, cybersecurity, 2nd and 3rd lines risk partners.
This is a HYBRID ROLE that currently requires 2 days in the office. This can/may change over time.
Key Responsibilities
Lead or support cybersecurity governance, risk, and operational processes across applications, systems, and business managed application environments.
Perform application and associated technology security risk assessments using threat modeling methodology.
Lead or assist with tracking, analyzing, and reporting on security issues, control gaps, vulnerabilities, findings, remediation activities, and related action items.
Manage multiple priorities across competing workstreams, while maintaining clear ownership, follow-up, and communication.
Work across organizational boundaries with business, technology, cybersecurity, risk, and control partners to clarify needs, resolve issues, and drive work forward.
Oversee maintenance of accurate records, dashboards, trackers, reports, and documentation used for security oversight and management reporting.
Coordinate and lead follow-ups with application owners, technology teams, risk partners, and other stakeholders to support timely completion of required activities.
Review data from multiple sources to identify gaps, inconsistencies, trends, or items requiring escalation.
Build and continuously look to enhance program metrics, prepare materials for governance forums, leadership updates, audits, assessments, or regulatory inquiries.
Document procedures, process flows, and manage evidence of completed security program activities as needed for audit or regulatory inquiries.
Partner with cybersecurity subject matter experts to understand new security requirements, provide program requirements to relevant control owners to collect relevant data for metrics creation to translate them into clear business and operational actions.
Qualifications
3-5 years of experience managing team or leading as individual contributor in cybersecurity, risk management, compliance program management (e.g., PCI DSS), technical delivery/program manager or technology operations in regulated industry.
Strong attention to detail, strong analytical skills with the ability to review data, identify gaps, perform risk analysis and summarize findings clearly.
Strong written and verbal communication skills, including the ability to communicate with both technical and non-technical stakeholders, including senior stakeholders.
Ability to manage multiple priorities, adapt to changing needs, and follow through on open items in a fast-paced environment.
Ability to successfully manage multiple priorities, work across teams and organizational boundaries, building effective relationships with stakeholders who may have different goals, priorities, or levels of cybersecurity experience.
Experience preparing management reporting, executive summaries, meeting materials, or audit/control evidence.
Comfortable working at expert level with spreadsheets, dashboards, structured data as well as experience with use of Jira and ServiceNow.
Prior experience implementing cybersecurity frameworks and threat modeling methodologies is a plus.
Experience using LLMs/conversational AI and autonomous agents is a plus.
Scripting language or development skills is a plus.
Additional Information: Creates a visionary architecture roadmap and organizational strategy to align Business and IT. Leads and facilitates the design and implementation of repeatable technical solutions and processes related to technology architecture. Defines and documents efficient and transparent architecture principles, standards and guidelines regarding the proper use and deployment of business applications, data and technology within the Bank. Partners with broader stakeholders in technology and business in defining architecture possibilities and futures. Works with business and development teams in recommending process or system design and enhancements. Ensures that systems are functionally appropriate, technically sound and well-integrated. Provides immediate response to critical production program-wide problems to evaluate solutions, coordinate recovery and ensure resolution.
Works with managers and senior individual contributors (within group) to provide architectural recommendations & guidance as well as executive-level presentations at the enterprise level.
Provides input into the preparation of business cases.
Provides architectural expertise & domain knowledge to advise & guide senior leaders.
Participates in architecture governance (may be as a non-voting member).
Participates in setting technical direction of the styles of computing.
Acts as a subject matter expert on relevant regulations and policies.
Helps determine business priorities and best sequence for execution of business/group strategy.
Assists in the development of Information Security Roadmaps.
Acts as the prime subject matter expert for internal/external stakeholders.
Develops a deep understanding of organizational complexity to build strong rapport with the appropriate matrix areas for the construction and delivery of the solution.
Leverages metrics and analytics to gain insight for planning, design and management to facilitate the identification of improvement opportunities.
Prepares system security reports by collecting, analyzing, and summarizing data and trends.
Breaks down strategic problems, and analyses data and information to provide insights and recommendations.
Identifies opportunities to strengthen the capability of the technology organization at BMO, such as: sharing architectural expertise to promote technical development, mentoring employees, building communities of practice and networks across technology.
Stays abreast of industry technical and business trends through participation in professional associations, practice communities & individual learning.
Creates and manages the various architecture assets for the designated portfolio and scope. Includes Applications, Data, Technologies, Processes, and Users.
Analyzes and designs viable solutions to high complexity business problems according to user specifications and oversees implementation of end-to-end integrated solutions.
Ensures sound and robust architecture and provides sufficient guidance for the successful implementation of solutions to mitigate any negative impact on Technology and Enterprise budget.
Identifies risks or issues with technology solution & design which may impact realization of project benefits and provides guidance and support to stakeholders in making good decisions to proactively resolve or mitigate potential risks/delays to the project.
Participates in the system specification review process to ensure system requirements can be translated into valid software architecture.
Identifies and researches relevant technologies, performs Proof of Concepts / Prototypes, and recommends applications of such technologies to future product architectures.
Proactively identifies and implements strategies to improve reliability, leveraging automation wherever possible.
Seeks to integrate digital methods for agile, rapid prototyping, and for customer involvement.
Plans, researches, and designs robust security architectures, standards, systems and authentication protocols for any IT project.
Participates and contributes to future Infrastructure Releases and Middleware/Hub.
Ensures that chosen technology is flexible, supportable and requires minimal maintenance.
Ensures the tactical implementation of the computing styles and architecture.
Provides security review and guidance for projects driven by groups outside of Information security, specifically developing security requirements and developing secure designs.
Reviews architectural designs and makes recommendations for improvements.
Participates in checkpoint and design reviews.
Participates in Information security projects throughout the entire project lifecycle.
Authors security standards and procedures.
Develops a complete understanding of a company’s technology and information systems.
Performs vulnerability testing, risk analyses and security assessments.
Analyzes trends to proactively prevent problems. Effectively resolves and follows-up on problems as they occur.
Develops and recommends productivity aids in all aspects of assignments to accelerate delivery.
Operates at a group/enterprise-wide level and serves as a specialist resource to senior leaders and stakeholders.
Applies expertise and thinks creatively to address unique or ambiguous situations and to find solutions to problems that can be complex and non-routine.
Implements changes in response to shifting trends.
Broader work or accountabilities may be assigned as needed.
Take measured risks while protecting the bank by applying our Risk Management Framework in the execution of your role, in line with our Risk Culture and within our approved Risk Appetite, making sound and risk informed decisions that align to business strategy, protect assets, and adhere to applicable policy documents (Frameworks, Policies, Standards, Procedures and Supporting documents), laws and regulations.
Qualifications:
Typically 7+ years of relevant experience and a post-secondary degree in Computer Science, Engineering, or Information Systems or a related field of study or an equivalent combination of education and experience.
Information Security certification is preferred e.g. CISSP, CISSLP, GIAC etc.
Knowledge of computer or network systems hardware and software theory, practice, concepts and technology relevant to organizational vision - Expert.
Sufficient business knowledge to assess impact of applied technology on customer’s business processes.
Knowledge of project management methodology and its applicability to successful delivery of technical change.
Understands the strategic technical direction of: Middleware, Continuous Integration and Continuous Deployment Testing, Systems Management, Enterprise Data & Access Layers, Pertinent Styles of Computing.
Understanding and problem solving ability of Information Technology of various scale, degree and dimension of complexity - In-depth.
Proficient in the techniques that go into producing designs of complex systems, including requirements discovery and analysis, formulation of solution context, identification of solution alternatives and their assessment, technology selection, and design configuration.
Familiar with network protocols and networking infrastructure.
Knowledge of Information security risk, and industry best practices with minimum of 2 years relevant experience - Working.
Knowledge of the technical areas such as data warehouses, mainframes, networks, applications etc. - Working.
Knowledge of Corporate Policies, Standards, and operating procedures relating to information security risk.
Knowledge of the technology domain the architecture is being developed for. E.g. Databases, Product, Service, etc. - Working.
Deep technical and system-level expertise in one or more technology areas.
Seasoned professional with a combination of education, experience and industry knowledge.
Verbal & written communication skills - In-depth / Expert.
Analytical and problem solving skills - In-depth / Expert.
Influence skills - In-depth / Expert.
Collaboration & team skills; with a focus on cross-group collaboration - In-depth / Expert.
Able to manage ambiguity.
Data driven decision making - In-depth / Expert.
Salary:
Pay
About Bank of Montreal
Similar Jobs

More Jobs at Bank of Montreal





More Information Technology Jobs

