Lead Cybersecurity Governance Specialist - Public-Private Partnerships

This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration.

Overview:   

Supports cybersecurity-focused external engagement plan with targeted actions, tailored to key external stakeholders. Assists in identifying, building, and managing relationships with external stakeholders/audiences. As part of M&T’s Cybersecurity Governance organization, you play a pivotal role in ensuring that M&T’s cybersecurity policies, procedures and controls align with industry norms and best practices.  Assist in assessing and prioritizing information security and cybersecurity risks across the Bank, combining technical, framework and regulatory understanding based on knowledge of industry norms.

Primary Responsibilities:

• Assists in Execution of comprehensive external cybersecurity engagement plan, which aligns with and supports the cybersecurity strategy
• Engages with trade organizations, participates in industry forums and working groups to identify opportunities to build coalitions around M&T priorities and support sector initiatives.
• Develop messaging that clearly articulates the M&T Bank position as it relates to sector initiatives to leverage in external-facing engagements for executive leadership
• Support the development of cybersecurity commnuications geared towards new and potential customers using various communication channels and materials
• Collaborate to develop, review, and update strategies, policies and procedures pertaining to various cybersecurity and technology governance areas.
• Manage Governance routines & meetings as part of overall Governance framework
• Foster strong partnerships with stakeholders in Cybersecurity teams to ensure successful creation and implementation of governance processes and partnership engagements.
• Partner across Cybersecurity, Technology, First Line Risk and Business Risk teams to proactively mitigate risk by identifying best practices through sector forums.
• Identify industry best practices and regulatory requirements to ensure governance enhancements improves resiliency and security of the Bank.
• Track upcoming changes in regulations and update policies and controls accordingly
• Serve as a resource to Cybersecurity teams and managers to educate on requirements and assist with projects.
• Partner with Cybersecurity teams and managers to ensure process documentation, reporting, and performance metrics continuously improve with organizational maturity.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite.
• Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
• Recommend key actions and milestones in project plan and leads execution of specification project milestones.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Complete other related duties as assigned.

Scope of Responsibilities:

• Partners with peers, manager, Cybersecurity team and leadership, to develop and manage engagement strategies with US government partners and industry forums. 
• Maintains detailed awareness of developments and trajectory in USG and financial sector cybersecurity forums, identifying early opportunities to influence in accordance with M&T strategy.
• Exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results.  Exerts significant latitude in determining objective of assignment. Work is accomplished with limited direction.

Education and Experience Required:

• Bachelor's degree in relevant field such as Cybersecurity Policy, Risk Management, Public Policy, or related disciplines
• Minimum of 5 years’ experience in a GRC, risk management, cybersecurity or a related field, ideally within banking, financial service, or highly regulated industry.
•  Demonstrated advanced knowledge of major U.S. banking regulations and frameworks such as FFIEC, GLBA, etc and Federal Reserve, OCC, and FDIC guidelines.
• Critical thinking and problem-solving skills.
• Excellent written and verbal communication skills

Education and Experience Preferred:

• Self-starter with ability to build partnerships and function effectively with limited direction
• Demonstrate advanced knowledge of cybersecurity and technology risk principles and compliance requirements
• Demonstrated knowledge of cybersecurity policy, communications, and stakeholder engagement
• A background in cybersecurity outreach and communications is key, ideally in the financial services sector.
• Experience in serving as a representative to larger, sector-wide groups; experience in providing support to senior executives and preparing materials for senior executives and Boards
• Ability to understand and effectively communicate technical issues to diverse audiences, both in writing and verbally
• Demonstrated experience collaborating with leaders to communicate GRC activities

#Hybrid

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $128,337.00 - $213,895.01 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationWashington, District of Columbia, United States of America