Controls Assessment & Testing Specialist - Technology and Cybersecurity Risk

The Bank sponsors individuals on TN and H-1B transfers on a case by case basis. Please note that this position is not open to anyone on a H-1B or F-1 student visa including those eligible for CPT/OPT or the Stem OPT extension.

This role follows a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for onsite and in person collaboration the other three days.

Overview:     

Guides the risk analysis process providing direction for risk mitigation. Collaborates with cross-functional risk, technology, cybersecurity, and business teams to enhance risk policies and contribute to organizational resilience.

Primary Responsibilities:

• Lead comprehensive and complex risk assessments, ensuring the identification, analysis, and mitigation of potential control gaps and corresponding remediation plans.

• Formulate and implement risk management plans, inclusive of reporting and documentation, such as writing standards or reviewing non-compliance to standards, creating targeted risk assessments, or reporting on findings, or leading risk controls self-assessments.

• Lead compliance efforts for respective function, ensuring adherence to industry regulations and standards through internal standards.

• Partner strategically with cross-functional teams and senior leadership to ensure swift and effective action when events occur which are beyond or potentially beyond the Bank's risk appetite.

• Assist with preparation and response to regulatory engagements, including preparing materials, coordinating responses from various individuals, aiding in exam management (template folders, collection of first day letter and follow-up requests).

• Assess implications of new methodologies and recommend ways for Technology and Cybersecurity Risk leadership to innovate the risk management strategy and their integration while maintaining a proactive stance against potential risks.

• Mentor newer analysts, fostering their professional growth and ensuring a high standard for all risk analysts within the team.

• Recommend enhancements to Technology and Cybersecurity risk management training programs to increase technology's overall awareness and application of best practices.

• Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite.  Identify risk-related issues needing escalation to management.

• Promote an environment that supports diversity and reflects the M&T Bank brand.

• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.

• Complete other related duties as assigned.

Scope of Responsibilities:

• This position will interact primarily with individual contributors and people leaders within the Technology and Cybersecurity teams. It will have occasional to frequent interaction with senior leaders of Technology, Cybersecurity, the Risk Division and Internal Audit. 

• Work is accomplished with limited direction, and the incumbent exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results. It exerts significant latitude in determining objective of assignment. 

• This role will prepare materials for Regulators under the direction of senior Technology and Cybersecurity Risk leaders.

Supervisory/Managerial Responsibilities:

No supervisory responsibilities.

Education and Experience Required:

• Bachelor's degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience

• Demonstrated advanced knowledge of Technology and Cybersecurity risk principles

• Minimum of 4 years' relevant work experience in or with the specific Technology and/ or Cybersecurity risk area and/or business unit

This role requires understanding the risk, independently challenging the controls, defining the test steps / approach, and then executing the testing to conclude on effectiveness and residual risk.

Extensive experience managing and completing actual testing as listed below.

• Meeting with stakeholders to understand the control and perform detailed walkthroughs

• Documenting / defining test plans and test steps to effectively assess the design and operation of controls

• Opining on controls that have been defined to confirm it has been designed effectively and it truly mitigates the associated risk

• Documenting / defining test plans and test steps to effectively assess the design and operation of controls

• Requesting and reviewing evidence to gain assurance that controls are effectively embedded and operating

• Executing and documenting test papers and conclusion of controls

• Defining remediation plans for ineffective controls and following up to validate the remediation plans have been effectively implemented / actioned to address the risk

• Delivering within defined timelines in a fast-paced environment.

• Multi-tasking / working across different activities simultaneously.

• Able to provide examples of non-ITGC (IT General Control) audits/reviews/testing that they have recently conducted

Education and Experience Preferred:

• Applicable certification align to function or domain such as Certified in Risk and Information Systems Control (CRISC®), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP)

• Proficient level of critical thinking and able to lead problem solving

• Excellent communication and interpersonal skills

• Experience partnering with leadership to design solutions

• Excellent ability to strategically seek critical information, and apply to specific processes

• Prior experience prioritizing across competing priorities and quickly changing landscape, and deliver results aligned with priorities

• Proficient persuasive communication skills to gain buy-in of others

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $119,400.84 - $199,001.40 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBridgeport, Connecticut, United States of America