Senior Cybersecurity Governance Specialist

The Bank sponsors individuals for TN and H-1B transfers on a case by case basis. Please note that this position is not open to anyone on an F-1 student visa including those eligible for CPT/OPT or the Stem OPT extension.

This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub.

Overview:   

Responsible for assisting in creating M&T’s cybersecurity policies, procedures and controls and aligning with its overall business goals, regulatory requirements and risk management framework.   As part of M&T’s Cybersecurity Governance organization, you play a key role in combining technical, framework and regulatory understanding to manage cybersecurity risks and ensure compliance.

Primary Responsibilities:

Governance Oversight & Framework Implementation

• Participate in the development, review, and update of strategies, policies and procedures pertaining to various cybersecurity and technology governance areas.
• Assist in managing Governance routines & meetings as part of overall Governance framework
• Maintain and implement processes for monitoring compliance to policies and procedures
• Build and maintain relationships amongst stakeholders in Cybersecurity teams to ensure successful creation and implementation of governance processes.

• Coordinate various aspects of risk and control remediation activities, drafting and socializing key actions, timelines and plans, tracking through to completion.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
• Serve as a resource to Cybersecurity teams and managers to educate and assist with projects.

Audit Support and Compliance

• Coordinate responses to Risk, Audit and Regulatory requests by actively gathering data and participating in documentation reviews for accuracy.
• Prepare for and support internal and external audits in collaboration with respective Cybersecurity domain owner
• Assist in addressing findings and overseeing timely closure of identified gaps
• Participate in maintaining M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.

Regulatory and Legal Requirements

• Research and analyze industry best practices and regulatory requirements to ensure governance enhancements improves resiliency and security of the Bank.
• Serve as a resource to Cybersecurity teams and managers to educate on requirements and assist with projects.

Metrics and Reporting

• Collaborate with other members of the Governance team and across other Cybersecurity teams to identify, document and report on key risk and performance metrics.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Complete other related duties as assigned.

Scope of Responsibilities:

• Partners with peers, manager, Cybersecurity team and leadership, First Line Risk, 2nd Line Independent Risk, Internal Audit, Regulators and external engagements
• Determines and develops approach to solutions. Work is evaluated upon completion to ensure objectives have been met. Work is accomplished with periodic check-ins for alignment and limited direction.

Education and Experience Required:

• Bachelor's degree in relevant field such as Cybersecurity Policy, Risk Management, Public Policy, or related disciplines
• Minimum of 3 years’ experience in a GRC, risk management, cybersecurity or a related field, ideally within banking, financial service, or highly regulated industry.
•  Demonstrated intermediate knowledge of major U.S. banking regulations and frameworks such as FFIEC, GLBA, etc and Federal Reserve, OCC, and FDIC guidelines.
• Critical thinking and problem-solving skills.
• Excellent written and verbal communication skills

Education and Experience Preferred:

• Self-starter with ability to build partnerships and function effectively with limited direction
• Demonstrate intermediate knowledge of cybersecurity and technology risk principles and compliance requirements
• Experience in implementing a risk-based approach to managing and reporting on third party independent oversight reviews and engagements
• Ability to understand and effectively communicate technical issues to diverse audiences, both in writing and verbally

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $93,581.10 - $155,968.51 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America