Third Party Risk Assessor

About The Position

Requirements

• Bachelor's degree in technology, information/cyber security, related major, or equivalent work experience
• 4 or more years experience with cybersecurity, third party risk management, IT Risk and Compliance (GRC), IT Audit, Information Security or Assurance
• Strong audit/technical evaluation experience with various types of systems and networks and cloud technology
• Experience with conducting cybersecurity assessments using common industry frameworks, including NIST Cyber Security Framework (CSF), NIST 800-53, ISO 27001 and 27002, Payment Card Industry (PCI) Data Security Standard (DSS), CIS Top 18/20, or OWASP
• Industry certifications such as CISA, CISM, CRISC, CISSP, CTPRP, or related is highly preferred
• Demonstrated in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains
• Self-driven performer with established skills in tracking self and project performance
• Strong ability to interact and communicate both written and verbally with people at all levels
• Strong risk analysis and problem solving skills
• Must be flexible to ensure assessments are performed by the mandated compliance date
• Experience debating issues with senior decision makers and pushing back when necessary
• Strong written and verbal skills

Nice To Haves

• Experience with cloud security
• Knowledge of incident management processes

Responsibilities

• Coordinate with key Global Third Party Risk Management stakeholders to initiate, scope and plan cyber security risk controls assessments of new and existing high risk suppliers.
• Make meaningful risk mitigating recommendations to directly improve the third party risk posture of BMO.
• Serve as a third party risk assessor, performing risk assessments by evaluating third party attestations, performing control design review, and control implementation validation.
• Complete assessments using established procedures and standards, industry frameworks, and best practices.
• Leverage OSINT, consortiums, and other independent reviews during the assessment process.
• Multitask and project manage multiple assessment deadlines by coordinating execution with both the external suppliers and internal business partners.
• Escalate issues, understand project trends, and anticipate potential blockers.
• Foster relationships with internal and external stakeholders.
• Collaborate internally with security experts to understand requirements and standards.
• Understand the threat landscape and evaluate supplier control environments to measure the rigor of cyber security controls.
• Engage and influence stakeholders to discuss and risk treat identified gaps.
• Be a champion for security and model behaviors consistent with cybersecurity best practices.

Benefits

• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)