Overview:
Supports Cybersecurity and Technology Risk Management and governance with a focus on the development and maintenance of Cybersecurity policies and standards and the evaluation of Cybersecurity legal and regulatory requirements.

Primary Responsibilities:

Research, recommend, and develop new Cybersecurity and Technology policies and standards content based on legal and regulatory requirements and industry best practices. Update and enhance existing Cybersecurity policies and standards as neededEnforce Cybersecurity policies, standards and other governance; Promote awareness through daily activities and participation in governance committees.Maintain current knowledge of the Bank's Cybersecurity and Technology policies, standards and procedures as well as industry best practices and proposed new guidelines and regulations.Identify and evaluate Cybersecurity risk to the business; Develop risk mitigation strategies, as appropriate.Execute Cybersecurity Risk Management Program in accordance with Bank policies and procedures. Analyze results and prepare recommendations to address identified risk and/or enhance the overall program. Represent Cybersecurity in risk management discussions and consultations across the Bank.Provide current data for performance metrics and reporting.Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.Promote an environment that supports diversity and reflects the M&T Bank brand.Complete other related duties as assigned.

Scope of Responsibilities:
This position requires regular interaction with non-management, middle management, senior management, and business units and partners, as well as occasional interaction with the Chief Information Security Officer.
 

Education and Experience Required:
Bachelor’s degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience, including a minimum of 5 year relevant work experience
Strong knowledge of Cybersecurity principles, frameworks (e.g., NIST CSF, CRI Profile), and regulations (23 NYCRR 500, GLBA/Interagency Guidelines, FFIEC)
Experience conducting research and evaluating information for reliability, validity, objectivity and relevance
Strong ability communicating complex information, concepts or ideas in a confident and well-organized manner through verbal, written and/or visual means
Strong knowledge of established risk management processes (e.g., methods for assessing and mitigating risk) and the ability to apply the concepts

#policy, #standards, #writing, #governance, #IT, #cyb

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $82,783.41 - $137,972.36 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America