Business Information Security Officer – Chief Technology Officer and End User Computing

Overview:         

Member of the Cybersecurity department and reporting to the Deputy Chief Information Security Officer. Responsible for serving as a trusted, strategic security advisor to the Chief Technology Officer, the Head of End User Computing, and senior leaders. Builds strategic relationships with Technology and the business across multiple services and platforms to address risk, while advising business leaders to ensure they are making decisions with security as a priority and enabler.

Primary Responsibilities:

• Serve as the senior cybersecurity advisor to technology infrastructure, providing direct counsel to EVPs and SVPs within technology.

• Establish and maintain strategic relationships with technology teams to deliver security-by-design controls, ensuring cybersecurity practices are built into infrastructure, applications, and architecture for the entire lifecycle

• Partner with other members of the Business Information Security Office to maintain and mature BISO program artifacts and collateral

• Drive cybersecurity continuous improvement within technology by maintaining current knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge appropriately throughout technology with key actions to implement.

• Identify and document threats and vulnerabilities that may impact the technology teams and address them regularly with technology leaders through detailed reporting and integration in strategic plans.

  • Engage with executive technology leaders and cross-functional teams to remove complexity and obstacles that hinder efficient security controls within technology.
• Strategize with cybersecurity and technology leaders to define key performance indicators and metrics aligning with technology initiatives and deliver them clearly and effectively.
• Provide guidance and advocacy to technology leadership regarding the prioritization of technology investments that impact cybersecurity.
• Advise business unit leadership on cybersecurity-related risk issues and recommend actions in close partnership with Technology Risk Management and in support of the organization’s wider risk management and compliance programs.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.
   

Scope of Responsibilities:

• Primary stakeholders: Technology EVPs and SVPs
• Primary partners: Cybersecurity people leaders, Technology EVPs, and Technology SVPs
• Work is accomplished with minimal direction; strategizes team-specific imperatives in alignment with Bank imperatives.
• Subject matter expert of multiple Cybersecurity functions

Education and Experience Required:

• Bachelor's degree and a minimum of 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 11 years’ higher education and/or work experience, including a minimum of 5 years relevant work experience in an operationally focused security practitioner role.
• Minimum of 3 years’ experience working with business leadership and enterprise projects.

Education and Experience Preferred:

• Minimum of 13 years of cybersecurity experience
• Master’s degree in information assurance, computer science, business administration, or related field
• Excellent communication and interpersonal skills; ability to effectively convey messages to technical and business leaders.
• Strong ability to translate cybersecurity issues to business leader initiatives.
• Experience strategizing with senior leadership, third parties, project managers, technical and cybersecurity subject matter experts, and business subject matter experts
• Working understanding of cybersecurity technologies, their purpose, and their security requirements and data protection needs
• Strong understanding of threats, risk mitigations, and technical controls recommended by security leaders
• Experience partnering with senior leaders to design solutions to business needs
• Strong ability to influence bank-wide efforts through effective clear communication, leveraging program management principles, and escalating when necessary
• Strong ability to prioritize and deliver results across changing priorities and quickly changing landscape based on business and technology needs
• Ability to work effectively with diverse teams and varying personalities and adapt leadership and influence styles to effectively reach mutually beneficial outcome.
• Strong knowledge of national and global cybersecurity policies, regulations, and security frameworks

 #LI-JB3 #Hybrid

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $115,703.73 - $192,839.55 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America