03/23/2026

Address:

VIRTUAL43 - HomeRes - TX

Job Family Group:

Technology

The individual for this role will lead third party incident response and management activities for BMOFG third and fourth-party suppliers. The analyst will provide cybersecurity subject matter expertise to execute on the following:

• Executes end to end cyber security processes for monitoring, engaging, tracking, and remediation activities related to third-party and fourth-party incident response
• Uses analysis to identify risks, understands the scope of complexity that exists in computing environments, across all layers, and the ways which a security incident may impact that environment. Equipped with the technical skills to determine necessary risk mitigations associated with cyber security incidents and root cause analysis
• Reviews technical artifacts to determine if they satisfy remediation requirements, align to industry standard framework requirements, and submit reports with written and detailed analysis surrounding each incident
• Builds effective relationships and communication with both internal and external stakeholders. Troubleshoots and problem solves complex issues with internal and external stakeholders, as required
• Exercises judgment to identify, diagnose, and solve problems for each unique scenario
• Works independently on a range of complex tasks, which may include unique situations
• Ensures consistent, high quality practices/work and the achievement of business results in alignment with business/group strategies and with productivity goals
• Develops and implements changes to streamline and integrate security processes and systems in the organization
• Identifies opportunities to strengthen the information security capability at BMO, such as: sharing expertise to promote technical development, mentoring and educating peers and employees, building communities and professional networks across BMO
• Stays abreast of industry technical and business trends through participation in professional associations, practice communities & individual learning
• Broader work or accountabilities may be assigned as needed

Qualifications:

• Typically between 3 - 5 years of relevant experience within cyber security for third-party incident response and third-party risk management. Additionally, a post-secondary degree in Cyber/Information Security, Computer Science, Engineering, Information Systems, or a related field of study or an equivalent combination of education and experience
• Experience with third-party incident response, reviewing vulnerability management and penetration test reports, familiarity with OWASP, and ability to identify both risks and root causes
• Experience with conducting cybersecurity assessments on third-party suppliers using common industry frameworks, including NIST Cyber Security Framework (CSF), NIST 800-53, ISO 27001 and 27002, Payment Card Industry (PCI) Data Security Standard (DSS), CIS Top 18/20, or OWASP
• Strong analytical experience, the candidate must be able to independently review technical artifacts to determine if they satisfy industry standard framework requirements and submit reports with their written and detailed analysis, including passing quality assurance processes
• Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions vary from written to verbal communications. Additionally, must work well independently with the ability to produce deliverables on a daily basis
• Preference for candidates with at least one certification in a related field, with strong preference for Information Security certifications from a well-recognized institution (e.g. (ISC)2, ISACA, SANS)
• Experience with tools such as BitSight, Nessus, SecurityScorecard, Black Kite, Risk Recon, Recorded Future, Threat Connect, Flashpoint, RSA Archer, or Shodan
• Strong proficiency in Microsoft Excel, Word, and Outlook and closely tracking of tasks with frequent status updates
• Excellent written and verbal communication skills for reporting and presenting reviews to senior leaders - in-depth
• Understanding of multiple information security platforms and able to solve complex issues
• Technical and system-level expertise in one or more information security solutions and/or extensive background in security or IT design and engineering.
• Knowledge of information security design and engineering concepts, practices, and technology obtained through formal training and work experience - In-depth
• Knowledge of the technical/business environment and the corporate processes and procedures - In-depth
• Technical proficiency gained through education and/or business experience
• Collaboration & team skills - In-depth
• Analytical and problem solving skills - In-depth
• Influence skills - In-depth
• Data driven decision making - In-depth

Salary:

$88,800.00 - $165,600.00

Pay Type:

Salaried

The above represents BMO Financial Group’s pay range and type.

Salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role, and may include a commission structure. Salaries for part-time roles will be pro-rated based on number of hours regularly worked. For commission roles, the salary listed above represents BMO Financial Group’s expected target for the first year in this position.

BMO Financial Group’s total compensation package will vary based on the pay type of the position and may include performance-based incentives, discretionary bonuses, as well as other perks and rewards. BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans. To view more details of our benefits, please visit: https://jobs.bmo.com/global/en/Total-Rewards

About Us

At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.

As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact.  We strive to help you make an impact from day one – for yourself and our customers.  We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.

To find out more visit us at http://jobs.bmo.com/us/en

BMO is proud to be an equal employment opportunity employer. We evaluate applicants without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or any other legally protected characteristics. We also consider applicants with criminal histories, consistent with applicable federal, state and local law.

BMO is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to BMOCareers.Support@bmo.com and let us know the nature of your request and your contact information.

Note to Recruiters: BMO does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to BMO, directly or indirectly, will be considered BMO property. BMO will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for service to submit resumes.