Senior Manager, Third Party Risk, Cybersecurity

VIRTUAL59 - REMOTE / TELETRAVAIL - ON - BMO

Job Family Group: Technology

As a Senior Manager of Third-Party Risk Assessment at BMO, you won't just manage assessments - you'll shape how we secure hundreds of critical third-party relationships that power one of North America's leading financial institutions. This is more than a people management role - it's a chance to build, coach, and elevate a team of experts while leading frontline efforts in cyber defense.

What Makes This Role Stand Out:

• 100% Remote Flexibility: Work remotely while leading a team of experienced Third Party Cyber Assessors - most of whom are tenured and highly skilled in Third Party Risk Assessments.
• Strong Peer Collaboration: You'll partner closely with another senior manager and report directly to a Director who leads a dynamic 20-person assessment team. You'll never lead in isolation - you'll be part of a collaborative leadership structure.
• High Impact & Visibility: Lead quality assurance across hundreds of assessments annually, coach Third Party Risk Assessors, engage with executive stakeholders, and help drive resolution of complex risk findings. You'll be seen as a go-to expert and decision-maker.
• Mission-Driven Culture: Our team thrives in a fast-moving, high-stakes environment where we balance business agility with security, regulatory expectations, and internal audit. This is cyber with real-world impact - where negotiation, leadership, and strategy matter just as much as technical acumen.
• Growth & Thought Leadership: You'll be expected to challenge the status quo, bring fresh ideas to evolve our assessment model, and stay ahead of emerging threats - while mentoring others to do the same.

What You Bring to the Table:

• 5-10+ years of Cyber Third-Party Risk assessment experience.
• 5+ years in people-leadership (Managerial) role(s).
• CISSP certified.
• Deep knowledge of NIST, ISO, or CIS frameworks.
• Hands-on experience with major Cloud platforms such as AWS, Azure, or Google Cloud with a strong understanding of cloud security principles, architectures, and best practices.
• Expert-level capability in interviewing, auditing, documentation, and risk reporting.
• Strong coaching instincts and the ability to raise the bar on technical quality.
• A calm, assertive presence with proven skills in conflict resolution, negotiation, and influence.
• Bonus points for ethical hacking certifications (OSCP, GPEN, CEPT).

You'll Excel Here If You...

• Love being the calm in the chaos - stepping into crisis calls, leading tough conversations, and helping teams find clarity.
• Get energy from teaching others and raising the standard of the whole team.
• Aren't afraid to push back when needed, while still keeping people on your side.
• Are a fast learner with the curiosity and technical aptitude to pick up new concepts quickly.

Key Responsibilities:

• You are a Quality Assurance Czar. You will be responsible for ensuring all assessments have consistent strong quality and meet the expectations of our stakeholders.
• Train and coach: Work closely with your team of Assessors and provide them feedback on their assessments - this can include both technical and soft skills, like negotiation and communication. Being comfortable challenging others and critiquing the work of others is a must-have.
• Enjoy sharing knowledge. This could include coaching people outside of your team, e.g. explaining to the business a technical security control so that they can better understand the risk.
• Findings management. Review evidence and negotiate the closure of findings with internal teams and third parties.
• Be a thought leader. Bring new ideas to the team and challenge the status quo. The security landscape is always changing - we need to ensure that our assessments are aligned with the latest threats.

Join us if you're ready to lead with purpose, grow a best-in-class cyber risk team, and help secure the future of banking.

Qualifications:

• Typically 7+ years of relevant experience and a post-secondary degree in Information Security, Computer Science, Engineering, and/or Information Systems or a related field of study or an equivalent combination of education and experience.
• Multiple information security certifications from a well-recognized institution (e.g. (ISC)2, ISACA, SANS). Possesses an expert level of knowledge of information security processes, procedures and controls.
• Understanding of industry standards and frameworks e.g. NIST Cyber Security Framework (CSF), ISO 27001 and 27002 - In-depth / Expert.
• Knowledge of business analysis, project delivery practices and standards across the project lifecycle - In-depth / Expert.
• Demonstrates in-depth knowledge of information security concepts, methodology, processes, procedures and controls.
• Understanding and problem-solving ability of information security issues across the bank - In-depth / Expert.
• Understanding of information security risk and regulatory requirements - In-depth / Expert.
• Knowledge of the technical/business environment and the corporate processes and procedures - In-depth / Expert.
• Seasoned professional with a combination of education, experience and industry knowledge.
• Analytical and problem-solving skills - In-depth / Expert.
• Influence skills - In-depth / Expert.
• Collaboration & team skills; with a focus on cross-group collaboration - In-depth / Expert.
• Able to manage ambiguity.