Overview:
The Technology & Cybersecurity Risk Specialist will be responsible for monitoring ongoing compliance with risk standards and frameworks and completing targeted risk assessments. This role will also be responsible to support control identification, self-assessments, testing activities, and validation of remediations to close control gaps through collaboration with cross-functional risk, technology and cybersecurity teams.
Primary Responsibilities:
Formulate and implement risk management plans, inclusive of reporting and documentation, such as writing standards, reviewing non-compliance to standards, and completing targeted risk assessments.
Leading risk controls self-assessments, including the design and development of key controls, and execution of testing activities to ensure adherence of control requirements.
Support the remediation verification process, including advising on remediation activities and ensuring appropriate resolution of issues.
Reporting on the outcomes of control testing and identifying risk-related issues needing escalation to management.
Lead compliance efforts across Technology and Cybersecurity teams, ensuring adherence to industry regulations and standards, and internal policies and frameworks.
Partner strategically with cross-functional teams and senior leadership to ensure swift and effective action when events occur which are beyond the Bank's risk appetite.
Assist with preparation and response to regulatory engagements, including preparing materials, coordinating responses from various individuals, aiding in exam management.
Assess implications of new methodologies and recommend ways for Technology and Cybersecurity Risk leadership to innovate the risk management strategy and their integration while maintaining a proactive stance against potential risks.
Mentor newer analysts, fostering their professional growth and ensuring a high standard for all risk analysts within the team.
Recommend enhancements to Technology and Cybersecurity risk management training programs to increase technology's overall awareness and application of best practices.
Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite.
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
Complete other related duties as assigned.
Promote an environment that supports diversity and reflects the M&T Bank brand.
Scope of Responsibilities:
This position will interact primarily with individual contributors and people leaders within the Technology and Cybersecurity teams. It will have occasional to frequent interaction with senior leaders of Technology, Cybersecurity, the Risk Division and Internal Audit.
Effectively communicate applicable requirements to cross-functional partners throughout the organization (i.e., line-of-business, Finance, Credit, etc.).
Work is accomplished with limited direction, and the incumbent exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results. It exerts significant latitude in determining objective of assignment.
This role will prepare materials for Regulators under the direction of senior Technology and Cybersecurity Risk leaders.
Participate in the development of tailored regulatory presentations.
Act in a consultative capacity to review and critique presentation materials and/or talking points of others with respect to bank regulatory matters and implications.
Assist with coordination of correspondence with regulatory agencies, examination management (as applicable) and responding to regulatory requests. Ensure communications and submissions meet applicable requirements. * Establish, enhance, and maintain consistency of regulatory related correspondence and reporting across functional areas.
Education and Experience Required:
- Bachelor's degree and a minimum of 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 11 years’ higher education and/or work experience
- Demonstrated expert knowledge of Technology and/or Cybersecurity risk principles
- Minimum of 6 years' relevant work experience in or with the specific Technology, Cybersecurity risk area and/or business unit
Education and Experience Preferred:
- Master's degree in Information Technology, Computer Science, Cybersecurity, Law, Business Administration, or related field
- Applicable certification align to function or domain such as Certified in Risk and Information Systems Control (CRISC®), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP)
- Ability to lead critical analysis of work and problem solve
- Excellent communication and interpersonal skills
- Experience partnering with leadership to design solutions aligned with business needs
- Excellent ability to strategically seek critical information, and apply across a broad array of processes
- Prior experience prioritizing across competing priorities and quickly changing landscape, and execute outcomes aligned with priorities
- Experience effectively influencing peers and leaders
- Ability to train and mentor peers
M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $115,703.73 - $192,839.55 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.
Location
Buffalo, New York, United States of America