Sr. Cybersecurity Consultant - Application Security
BMO U.S. · Chicago, IL · Yesterday
Information Technology$122k–$228k/yrFull-time
About the role
The Cyber Security Senior Consultant leads and supports cybersecurity, risk management, and operational governance activities across the organization for business managed applications. This role also leads initiatives to perform application security risk assessments.
Responsibilities
- Lead or support cybersecurity governance, risk, and operational processes across applications, systems, and business managed application environments.
- Perform application and associated technology security risk assessments using threat modeling methodology.
- Manage multiple priorities across competing workstreams, while maintaining clear ownership, follow-up, and communication.
- Work across organizational boundaries with business, technology, cybersecurity, risk, and control partners to clarify needs, resolve issues, and drive work forward.
- Oversee maintenance of accurate records, dashboards, trackers, reports, and documentation used for security oversight and management reporting.
- Coordinate and lead follow-ups with application owners, technology teams, risk partners, and other stakeholders to support timely completion of required activities.
- Review data from multiple sources to identify gaps, inconsistencies, trends, or items requiring escalation.
- Build and continuously look to enhance program metrics, prepare materials for governance forums, leadership updates, audits, assessments, or regulatory inquiries.
- Document procedures, process flows, and manage evidence of completed security program activities as needed for audit or regulatory inquiries.
- Partner with cybersecurity subject matter experts to understand new security requirements, provide program requirements to relevant control owners to collect relevant data for metrics creation to translate them into clear business and operational actions.
Qualifications
- 3-5 years of experience managing team or leading as individual contributor in cybersecurity, risk management, compliance program management (e.g., PCI DSS), technical delivery/program manager or technology operations in regulated industry.
- Strong attention to detail, strong analytical skills with the ability to review data, identify gaps, perform risk analysis and summarize findings clearly.
- Strong written and verbal communication skills, including the ability to communicate with both technical and non-technical stakeholders, including senior stakeholders.
- Ability to manage multiple priorities, adapt to changing needs, and follow through on open items in a fast-paced environment.
- Ability to successfully manage multiple priorities, work across teams and organizational boundaries, building effective relationships with stakeholders who may have different goals, priorities, or levels of cybersecurity experience.
- Experience preparing management reporting, executive summaries, meeting materials, or audit/control evidence.
- Comfortable working at expert level with spreadsheets, dashboards, structured data as well as experience with use of Jira and ServiceNow.
- Prior experience implementing cybersecurity frameworks and threat modeling methodologies is a plus.
- Experience using LLMs/conversational AI and autonomous agents is a plus.
- Scripting language or development skills is a plus.