Technology and Cybersecurity Risk Oversight Program Governance Manager

Overview:

M&T Bank is seeking an experienced Operational Risk Manager within the Technology and Cybersecurity Risk Oversight team.  This position is responsible for the development, management and oversight of the delivery of technology and cybersecurity second line risk management and oversight services in line with area policies, industry standards, and management expectations.  The individual will utilize their years of experience in first- or second-line technology and/or cybersecurity risk management or oversight roles to establish and maintain a second line Technology and Cybersecurity Risk Oversight Program to ensure activities remain effective at identifying and mitigating potential risks within first line management practices.  The position is responsible for advising senior and executive leadership as it relates to operational technology and cybersecurity risks with appropriate consideration for the audience and is expected to do so in a collaborative manner, with other risk partners, as applicable.  The position will be responsible for supporting the evolving landscape of the technology and cybersecurity risk management environment and be able to positively influence both internal and external personnel with the evolution of such changes.  The position requires the ability to function autonomously in the oversight and/or execution of one or more of the following activities in a manner that adheres to the expectations of the enterprise and operational risk management frameworks, as it evolves, and the expectations of key stakeholders, up to and including the Board:  identification, assessment, quantification, documentation, escalation, reporting, and communication of unmitigated technology and cybersecurity risks within the business and Technology division.  The individual is considered a technology and cybersecurity subject matter expert in the businesses or functions that they support.   Given its responsibilities, the position requires the establishment of relationships with senior level personnel to remain apprised of changes in the business, and to communicate and present emerging risks, changes to the regulatory landscape, and consideration of cost beneficial risk management enhancements for the business.   The position may have responsibility over members within the team, who will develop their skill sets under the guidance or direction of this individual.

Primary Responsibilities:

• Develop and implement a program that provides independent oversight and critical challenge to the First Line of Defense in the areas of identifying, assessing, monitoring, and controlling technology and cybersecurity risks. Be aware of and monitor emerging and ongoing risks for all pillars of risk identified in M&T’s Risk Appetite Statement.
• Provide effective oversight and challenge of the identification, assessment, monitoring, mitigation, and reporting of all significant risks within Cybersecurity, Technology, Enterprise Data, and Resiliency/Continuity Planning areas of the Bank.
• Build and maintain processes necessary to independently monitor Technology division and Business Unit adherence to corporate risk policies, defined Business unit procedures and key risk related controls. Make enhancements to the processes when necessary to ensure independent oversight satisfactory.
• Review and validate technology and cybersecurity risk/event data, testing or monitoring results collected and analyzed by team members for inclusion in monthly risk reporting to senior management.
• Establish and lead a data analytics, metrics, and reporting function that supports the needs of technology and cybersecurity risk oversight activities and requirements.
• Execute and validate fulfillment of ad hoc data requests related to operational risks and events.  Analyze technology and cybersecurity risk and event information to assist in identifying trends to mitigate future losses.
• Effectively communicate with others throughout the Bank, including senior management, via phone, email or in person to obtain information necessary for the completion of reporting, project information and issue resolution.
• Prepare and deliver materials/presentations to senior managers.
• Participate in various risk committees, understand and utilize the Enterprise Risk Framework, implement the practices, processes and tools necessary to effectively perform oversight duties and ensure the Bank's remains within its risk appetite.
• Serve as primary point of contact to assist others in communicating with the Technology division and Business Units by aiding providing clear message and what is required.
• Indirect participation in specific regulatory inquiries, examinations and ongoing periodic status updates.  Serve a departmental represented in discussions with Internal Audit.
• Oversee the design and implementation of departmental procedures and implement the steps necessary to ensure work is performed accurately and timely.
• Report findings on risk exposures to first and second line Technology and Cybersecurity Risk leadership, senior executives, and various Risk Committees.
• Determine the impact and likelihood of issues and violations of Bank Policy.
• Develop, review and approve departmental procedures and other documentation to demonstrate the process. In addition, review and approve training materials to be leveraged by those within the department or the Bank.
• Effectively assess both impact and likelihood using a high level of discretion when determining the appropriate approach to resolving complex issues and matters that require resolution.
• Meet training requirements assigned by the Bank, Division and Department through self-management of appropriate, applicable, cost-effective training opportunities. Proactively pursue knowledge of new bank initiatives (i.e. Agile project management methodology).  Limited travel may be required for infrequent seminars and conferences.
• Review Training materials to ensure accuracy.
• On a limited basis, serve as the departmental representative when other areas of the Bank request a presentation of the department.
• Provide guidance and direction to others regarding various matters related to technology and cybersecurity, which may include assisting in solving complex issues. In providing performance feedback, provide guidance and direction with respect to a team member’s career goals.
• Provide critical leadership to the department by serving as a champion of the Bank's goals, Department objectives and risk culture.
• Develop solutions to complex issues based upon limited information and direction. The need for and pace of change may be dynamic and frequent.
• Adhere to applicable compliance/operational risk controls in accordance with Company or regulatory standards and policies.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Exercise usual authority of a manager concerning staffing, performance appraisals, promotions, salary recommendations, performance management and terminations.
• Complete other related duties as assigned.

Supervisory/ Managerial Responsibilities:

Manage a team of Analysts, Specialists and/or Advisors

Education and Experience Required:

Bachelor’s degree and eight years' experience in compliance, legal, audit, risk or other relevant function,
OR in lieu of degree,
A combined minimum twelve years’ higher education and/or work experience including eight years’ experience in compliance, legal, audit, risk or other relevant function.

Minimum of four years’ managerial or supervisory experience.
Demonstrated leadership capabilities. Proficient computer skills (including spreadsheet and word processing software), analytical skills, working knowledge of applicable laws, written and verbal communications w/ all levels.

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $115,703.73 - $192,839.55 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America