Lead Cybersecurity Governance Specialist

The Bank sponsors individuals for TN and H-1B transfers on a case by case basis. Please note that this position is not open to anyone on an F-1 student visa including those eligible for CPT/OPT or the Stem OPT extension.

This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub.

Overview:   

Responsible for ensuring that M&T’s cybersecurity policies, procedures and controls align with its overall business goals, regulatory requirements and risk management framework.   As part of M&T’s Cybersecurity Governance organization, you play a pivotal role in assessing and prioritizing information security and cybersecurity risks across the Bank, combining technical, framework and regulatory understanding with the demonstrated ability to manage risks and ensure compliance.

Primary Responsibilities:

Governance Oversight & Framework Implementation

• Collaborate to develop, review, and update strategies, policies and procedures pertaining to various cybersecurity and technology governance areas.
• Manage Governance routines & meetings as part of overall Governance framework
• Maintain and implement processes for monitoring compliance to policies and procedures
• Foster strong partnerships with stakeholders in Cybersecurity teams to ensure successful creation and implementation of governance processes.
• Partner across Cybersecurity, Technology, First Line Risk and Business Risk teams to proactively mitigate risk through robust governance practices.
• Identify and analyze cybersecurity risk and control data to inform insightful recommendations and reporting to the Cybersecurity Senior Leadership Team.
• Create remediation plans and supports team implementation, providing guidance to teams to ensure comprehensive execution against key actions and milestones.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
• Recommend key actions and milestones in project plan and leads execution of specification project milestones.

Audit Support and Compliance

• Execute comprehensive Cybersecurity responses to Risk, Audit and Regulatory requests, actively developing and collaborating in documentation reviews to ensure accuracy and consistency.
• Prepare for and support internal and external audits in collaboration with respective Cybersecurity domain owner
• Address findings and oversee timely closure of identified gaps
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.

Regulatory and Legal Requirements

• Identify industry best practices and regulatory requirements to ensure governance enhancements improves resiliency and security of the Bank.
• Track upcoming changes in regulations and update policies and controls accordingly
• Serve as a governance subject matter resource to Cybersecurity teams and managers to educate on requirements and assist with projects.

Metrics and Reporting

• Partner with Cybersecurity teams and managers to ensure process documentation, reporting, and performance metrics continuously improve with organizational maturity.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Complete other related duties as assigned.
   

Scope of Responsibilities:

• Partners with peers, manager, Cybersecurity team and leadership, First Line Risk, 2nd Line Independent Risk, Internal Audit, Regulators and external engagements

• Exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results. 

• Exerts significant latitude in determining objective of assignment. Work is accomplished with limited direction.

Education and Experience Required:

• Bachelor's degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience inclusive of a minimum 4 years’ work experience in/with the specific Cybersecurity or Technology area and/or team
• Demonstrated advanced knowledge of cybersecurity principles and compliance requirements.

Education and Experience Preferred:

• Self-starter with ability to build partnerships and function effectively with limited direction
• Demonstrated advanced knowledge of major U.S. banking regulations and frameworks such as FFIEC, GLBA, etc and Federal Reserve, OCC, and FDIC guidelines.
• Demonstrate advanced knowledge of cybersecurity and technology risk principles and compliance requirements
• Experience in conducting and management technology relevant risk and control assessments, audits, and reporting
• Experience in implementing a risk-based approach to managing and reporting on third party independent oversight reviews and engagements
• Ability to understand and effectively communicate technical issues to diverse audiences, both in writing and verbally
• Demonstrated experience collaborating with leaders to communicate GRC activities
• Proficiency in use case development with GRC tools such as Archer, ServiceNow GRC, Fusion, Riskonnect etc.

 #LI-JB3 #Hybrid

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $110,635.01 - $184,391.68 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America