Cybersecurity Risk Advisor

Overview:

This role is within the Technology and Cybersecurity Risk Operations (TCRO) organization. This role functions with a moderate level of autonomy, leveraging team peer connections, support from Risk Specialists and more senior members in the oversight of the team to execute second line risk management functions.  The functions of this role are primarily focused on a proactive risk management activity for assigned areas within the Technology and Cybersecurity division, providing oversight, effective challenge, assessment and/or advisory services.  This is accomplished through direct oversight of Technology and Cybersecurity operations and includes documenting engagement activities, areas of concern, effective challenge, and measuring the potential risk to the organization as it relates to the organizations risk appetite.  This may include issuance of reports, findings, review of remediation plans and validation of closure evidence

Primary Responsibilities:

• Appropriate management of the Technology and Cybersecurity risk activities (findings/validations, remediation plans/updates, closure and closure validation).
• Execute independent/annual Targeted Review(s); planning, execution and reporting of detailed fieldwork regarding high/medium-high risk areas within the Technology/Cybersecurity division.
• Assist with oversight of Technology and Cybersecurity Risk Control Self Assessments (RCSAs) and other risk management reporting; this includes gap and delta assessments.
• Engage with assigned oversight areas; understanding the technology, overseeing and advising project/product work prior to implementation leveraging past experience and expertise, risk management practices, existing risk register and validation of controls.
• Identify and assess emerging risks and risks associated with new products/ services/ markets/ channels or changes to existing products/ services/ markets/ channels.
• Responsible for fieldwork (analysis, investigations, incidents, KRI/KPI metrics breaches, etc.) where some of this may be supported by team Risk Specialists.
• Participate in audits and in-depth reviews of Technology/Cybersecurity business line efforts and risk management activities.
• Adhere to applicable operational risk controls in accordance with Company or regulatory standards and policies and standards.
• Leverage existing hands on experience in Technology and/or Cybersecurity roles and knowledge of industry frameworks utilized by the by the organization such as NIST, FFIEC AIO, and ITIL to provide guidance and build trusted partnerships with internal staff and third parties.
• Develop and analyze Technology & Cybersecurity metrics (KRIs, KPIs)

Specific to Posting:

Practical hands-on experience managing or contributing to the following functions are a plus: Incident Response, Security Operations Centers, Operational Resilience (BCM/DR), cloud security, application security, cyber risk management.

Industry Cybersecurity Certificates preferred.

Provides effective oversight and challenge of the identification, assessment, monitoring, mitigation, and reporting of all significant risks within Cybersecurity and Technology.

Opportunity to utilize your past experience and expertise to influence risk-based decision making in Technology and Cybersecurity efforts.

Leverage risk management practices to identify risks and provide advice on the selection, design, implementation, testing and operation of controls.

Supervisory/Managerial Responsibilities:

No direct management but may provide guidance to analysts and specialists.

Education and Experience Required:

Bachelor’s degree and six years' experience in compliance, legal, audit, risk or other relevant function,
OR in lieu of degree,
A combined minimum ten years’ higher education and/or work experience including six years’ experience in compliance, legal, audit, risk or other relevant function.

Proficient computer skills (including spreadsheet and word processing software), analytical skills, working knowledge of applicable laws, written and verbal communications w/ all levels.

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $110,635.01 - $184,391.68 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America