Associate General Counsel - Cybersecurity

** Work Arrangement/Location: This is a hybrid position requiring in-office work three days every week. Ideally the position will be based in Buffalo, NY but may be in an M&T office in Buffalo, NY, Baltimore, MD, NYC, NY, Boston, MA, Wilmington, DE, or Washington, DC.

There is potential for a remote work arrangement if the final candidate is not near one of the above locations.

 

Overview:

The successful candidate will be responsible for providing legal advice and guidance with respect to Cybersecurity, Privacy, Data Protection, and Data Retention.  This position will interact closely with the CISO team, CRM Privacy Compliance Manager, Chief Data Officer as well as other departments/business units across the enterprise, including HR, Enterprise Risk and Technology.  Accordingly, it is important for the successful candidate to be a trusted advisor who is able to work collaboratively with others.

Primary Responsibilities:

• Act as the primary legal advisor on Cybersecurity laws, regulations, and guidance that impact M&T and Wilmington Trust businesses. Assist with Privacy and Data Protection laws, regulations and guidance that impact M&T and Wilmington Trust businesses.

• Continuously monitor and advise on a complex framework of US and international cybersecurity, privacy, and data protection laws including international data transfer laws between the EU, UK and other jurisdictions.

• Participate in cybersecurity Tabletop Exercises to assess M&T’s readiness for data breach and cybersecurity incidents.

• Possess strong transactional drafting experience and excellent research and analysis skills with strong attention to detail.

• Provide legal advice and guidance with respect to M&T’s Cybersecurity, Privacy, and Data Protection policies, processes, procedures, and provide legal guidance with respect to best-practices.

• Provide strategic legal guidance to departments/business units in the development and evaluation of Cybersecurity, Privacy, and Data Protection related tools and projects.

• Provide legal support with respect to the preparation of Cybersecurity, Privacy, and Data Protection internal training, FAQs and communications.

• Collaborate with and support other attorneys in the Legal Division on the drafting, review and negotiation of Cybersecurity, Privacy, and Data Protection matters related to customer, vendor, and third-party contracts (e.g., data transfer agreements, model clauses, privacy notices/policies).

• Provide legal support with respect to examinations and other activities with regulatory and data protection authorities for matters relating to Cybersecurity, Privacy, and Data Protection (e.g., State AGs, OCC, FRB, CFPB, SEC).

• Provide legal support with respect to inquiries from clients, vendors, auditors and regulators related to Cybersecurity, Privacy, and Data Protection matters.

• Provide legal support for cyber incident response team (CIRT) and data disclosure incident response (DDIR) matters, including participating in internal meetings to understand the scope and impact of the cybersecurity or data disclosure incident, advising on breach notification obligations under State, Federal and other breach notification laws, implementing legal holds to preserve chain of custody and helping to draft and advise on regulatory, client and other communications.

• Interface with outside Breach Coach when necessary.

• Provide legal support with respect to cybersecurity and data privacy matters relating to M&T’s records management program.

• Attend/represent M&T on trade association meetings.

• Provide legal advice on the cybersecurity and privacy aspects of mergers and acquisitions, and assist with cybersecurity and privacy post-M&A integration activities.

• Provide legal advice and counsel on cybersecurity insurance matters.

• Partner with M&T’s compliance, risk and audit groups on Cybersecurity, Privacy, and Data Protection matters.

• Keep senior management and other personnel up to date on pertinent legal developments, including legal risks.

Scope of Responsibilities:

This position is responsible for providing analysis and counsel on complex legal issues for departments supported.
Incumbent should be able to anticipate and guard against legal risks facing M&T, develop and recommend corporate policy and positions on legal issues and conduct and coordinate research into a variety of legal issues. This is a senior level position that requires interaction with senior and executive management on a regular basis.

Education and Experience Required:

• J.D. from an accredited law school.

• Minimum of 7 years' experience as an attorney or other relevant legal experience.

• Cybersecurity subject matter expertise.

• Minimum of 5 years' work leadership experience

• New York State or applicable state bar admission.

• Ability to identify legal issues, evaluate legal risks, and offer solutions.

• Strong negotiation, interpersonal, organizational skills.

• Excellent writing, analytical and verbal skills.

• Strong analytical and decision-making skills.

• Demonstrated experience in leading others, through direct relationships and/or indirectly

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $154,629.62 - $257,716.03 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America