Senior Specialist - Technology and Cybersecurity Risk

This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration.  Sponsorship is NOT available for this position.

Overview:     

Leads risk analysis for complex initiatives, influencing overarching risk framework and providing advanced guidance to leadership for informed decision-making aligned with organizational imperatives.

Primary Responsibilities:

• Develop and implement strategic approaches for in-depth risk assessments for comprehensive coverage of all technology capabilities.

• Develop and execute sophisticated risk management framework and programs that informs how to align practices with business objectives and regulatory requirements, including (but not limited to) developing complex process maps, leading risk controls self-assessments, and summary of complex findings.

• Drive enforcement of frameworks, providing expert guidance and continually assessing regulation and standards to achieve industry-leading technology risk compliance.

• Spearhead collaboration among cross-functional teams and senior or executive leadership to align technology practices with overarching business goals and regulatory requirements; maintain productive relationships with stakeholders and/or with third-party engagements to ensure resiliency of Technology, Cybersecurity, and the overall Bank.

• Coordinate preparation and response to regulatory engagements, including reviewing responses for accuracy and meeting regulatory request, organizing documents and packets, and leading exam management (i.e., template folders, review of first day letter and follow-up requests).

• Encourage innovation in risk management strategies through identification of advanced methodologies to address evolving threats and the recommendation of path for implementation to Technology and Cybersecurity Risk leadership.

• Provide advanced mentorship to mid-level analysts, fostering their professional growth and ensuring a high standard for all risk analysts within the team.

• Contribute to design and delivery of training programs to ensure comprehensive knowledge of technology and cybersecurity risk management and growing critical skills to enhance team's outcomes.

• Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite.  Identify risk-related issues needing escalation to management.

• Promote an environment that supports diversity and reflects the M&T Bank brand.

• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.

• Complete other related duties as assigned.

Scope of Responsibilities:

• This role primarily interacts with senior people leaders within the Technology and Cybersecurity teams, senior people leaders of Technology and Cybersecurity Risk, and internal partners such as the Risk Division, Internal Audit, and Regulatory Affairs. 

• Work is accomplished with periodic direction.  The position exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results. It exerts significant latitude in determining objective of assignment and takes calculated risks with consultation from expert. 

• This role may present to Regulators under direction of senior Technology and Cybersecurity Risk leaders.

Supervisory/Managerial Responsibilities:

No supervisory responsibilities.

Education and Experience Required:

• Bachelor's degree and a minimum of 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 11 years’ higher education and/or work experience

• Demonstrated expert knowledge of Technology and/or Cybersecurity risk principles

• Minimum of 6 years' relevant work experience in or with the specific Technology, Cybersecurity risk area and/or business unit

• Previous experience of NIST (National Institute of Standards and Technology) or Cybersecurity frameworks, with a strong focus NIST 800-53 and 800-53a

• Strong knowledge of cybersecurity principles and industry best practices (relevant to confidentiality, integrity, availability)

• Proven knowledge of information technology security principles and implementation methods (e.g., firewalls, demilitarized zones, encryption, Active Directory / LDAP, SAML)

• Skilled in evaluating security controls based on confidentiality, integrity and availability requirements of systems

• Experience with handling multiple projects

• Experience meeting strict deadlines

• Experience overseeing project tasks for less experienced team members

Education and Experience Preferred:

• Master's degree in Information Technology, Computer Science, Cybersecurity, Law, Business Administration, or related field

• Active CISA (Certified Information Systems Auditor), CAP (Certified Authorization Professional), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) certification or Cybersecurity domain-related industry-recognized certification

• Working knowledge of the current version of the NIST SP800-53 and 800-53a Controls, or other recognized control frameworks, such as COBIT (Control Objectives for Information and Related Technology) or ISO

• Knowledge of organization's risk tolerance and/or risk management approach

• Working knowledge of project management methodology

• Strong and proven knowledge of security technologies and architecture, including encryption, cloud network security design, role-based access control, perimeter security and application security

• Knowledge of Cybersecurity threats and emerging security issues

• Experienced in conducting security control testing of systems

• IT Audit experience

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $115,703.73 - $192,839.55 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America