Technology/Cyber Risk Oversight Senior Manager

Overview:

M&T Bank is seeking an experienced Technology and Cybersecurity Risk Oversight Senior Manager focused in the areas of technology and enterprise data risk oversight.  This position is responsible for implementing risk oversight strategies and processes for the Bank's technology and enterprise data risk management practices.  The individual will be accountable for establishing processes, procedures, setting direction while managing a team of risk managers and/or practitioners within the second line of defense that are focused on risk identification and proactive risk management practices for the areas that they oversee.  Through their years of experience in first,-second, or third-line technology, enterprise data, and/or cybersecurity risk management or oversight roles, this individual will maintain a second line technology and enterprise data risk oversight program to ensure activities remain effective at identifying and mitigating potential risks within first line management practices.

Primary Responsibilities:

• Provide independent oversight and critical challenge to the First Line of Defense in the areas of identifying, assessing, monitoring, and controlling technology and enterprise data risks. Be aware of and monitor emerging and ongoing risks for all pillars of risk identified in M&T’s Risk Appetite Statement.
• Maintain processes necessary to independently monitor Technology division and Business Unit adherence to corporate risk policies, defined Business unit procedures and key risk related controls. Make enhancements to the processes when necessary to ensure independent oversight satisfactory.
• Establish practices for multiple teams (procedures, templates, reports, etc.).  Review team adherence to practices for tracking (evidence) oversight and challenge that can be reported on as needed (Quarterly/Ad-Hoc).
• Review and validate technology and enterprise data risk/event data, testing or monitoring results collected and analyzed by team members for inclusion in monthly risk reporting to senior management.
• Execute and validate fulfillment of ad hoc data requests related to operational risks and events.  Analyze technology and enterprise data risk and event information to assist in identifying trends to mitigate future incidents and losses.
• Effectively communicate with others throughout the Bank, including senior management, via phone, email or in person to obtain information necessary for the completion of reporting, project information and issue resolution.
• Preparing and delivering materials/presentations to senior managers.
• Participate in various risk committees, and industry peer groups, understand and utilize the Enterprise Risk Framework, implement the practices, processes and tools necessary to effectively perform oversight duties and ensure the Bank's remains within its risk appetite.
• Serve as the primary point of contact to assist others in communicating with the Technology division and Business Units by aiding providing clear message and what is required.
• Direct participation in specific regulatory inquiries, examinations and ongoing periodic status updates.  Serve a departmental representative in discussions with Internal Audit.
• Oversee the design and implementation of departmental procedures and implement the steps necessary to ensure work is performed accurately and timely.
• Report findings on risk exposures to Technology and Cybersecurity Risk Oversight leadership, senior and executive technology and cybersecurity leadership, and to the Management, senior executives, and various Risk Committees, the Risk Committee of the Board and the Board of Directors and implement strategies to manage insurable and/or hazard risks.
• Through research, the manager is expected to maintain an advanced level of understanding of business, technical and risk management practices which is used to influence the organization in risk practices.
• Determine the impact and likelihood of issues and violations of Bank Policy.
• Effectively assess both impact and likelihood using a high level of discretion when determining the appropriate approach to resolving complex issues and matters that require resolution.
• Meet training requirements for self and/or a team assigned by the Bank, Division and Department through self-management of appropriate, applicable, cost-effective training opportunities. Proactively pursue knowledge of new bank initiatives (i.e. Agile project management methodology).  Limited travel may be required for infrequent seminars and conferences.
• Provide guidance and direction to others regarding various matters related to technology and cybersecurity, which may include assisting in solving complex issues. In providing performance feedback, provide guidance and direction with respect to a team member’s career goals.
• Provide critical leadership to the department by serving as a champion of the Bank's goals, Department objectives and risk culture.
• Develop solutions to highly complex issues based upon limited information and direction. The need for and pace of change may be dynamic and frequent.
• Exercise usual authority of a manager concerning staffing, performance appraisals, promotions, salary recommendations, performance management and terminations.

• Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite.  Identify risk-related issues needing escalation to management.
• Promote an environment that supports belonging and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities:

This position is responsible for contributing to long-term technology and enterprise data risk strategies, frameworks, risk oversight program, policies, oversight functions, workforce planning, and challenge activities to achieve adherence with the bank’s risk management framework, risk appetite and business objectives within their functional team.

Incumbent will function as lead for major/highly visible efforts and assist with the development and implementation of changes to the TCRO risk management program.

Will support the evolving landscape of the risk management environment they oversee and through their expert guidance and interactions with peers and senior leaders both within and outside the organization, building relationships and fostering collaboration across departments to positively influence the evolution of such changes.  

Supervisory/Managerial Responsibilities:

Manage a small team of managers and/or a team Analysts, Specialists and/or Advisors and/or management of a major process/concentration area.

Education and Experience Required:

• Bachelor's degree and a minimum of 9 years’ relevant work experience in technology, cybersecurity, risk, audit, compliance, or other relevant function, OR in lieu of a degree, a combined minimum of 13 years’ higher education and/or work experience.
• Minimum of 3 years’ managerial or supervisory experience in a technology or cybersecurity risk function.
• Demonstrated expert knowledge of Technology and/or Cybersecurity risk principles.
• Demonstrated leadership capabilities.
• Highly proficient computer skills (including spreadsheet and word processing software), analytical skills, working knowledge of applicable laws, written and verbal communications w/ all levels.
• One or more certifications (or advanced certification) aligned to a function or domain such as Certified in Risk and Information Systems Control (CRISC®), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or IT Infrastructure Library (ITIL).

Education and Experience Preferred:

• Master's or other advanced degree in Information Technology, Computer Science, Cybersecurity, or related field.
• Advanced and or multiple certifications aligning to function or domain such as Certified in Risk and Information Systems Control (CRISC®), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or IT Infrastructure Library (ITIL).
• Advanced knowledge of risk assessment and identification practices and ability to critically analyze appropriateness of risk mitigation and response measures.
• Demonstrated ability to lead strategic direction of a team.
• Excellent communication and interpersonal skills; proven ability to effectively convey message to technical and business leaders
• Experience partnering with leadership to design solutions to that drive outcomes towards organization strategic imperatives
• Excellent ability to strategically seek critical information, and translate into strategic priorities and capabilities
• Excellent ability to prioritize across competing priorities and quickly changing landscape, and lead team towards execution of outcomes aligned with priorities
• Strong ability to effectively influencing peers and leaders
• Excellent mentoring and leadership capabilities, including strong ability to develop people leaders
• Excellent ability to encourage teamwork and guide a team towards executing upon shared goals

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $136,787.30 - $227,978.83 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America