The Bank sponsors individuals for TN and H-1B transfers on a case by case basis. Please note that this position is not open to anyone on an F-1 student visa including those eligible for CPT/OPT or the Stem OPT extension.
This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub.
Overview:Responsible for ensuring that M&T’s cybersecurity policies, procedures and controls align with its overall business goals, regulatory requirements and risk management framework. As part of M&T’s Cybersecurity Governance organization, you play a pivotal role in assessing and prioritizing information security and cybersecurity risks across the Bank, combining technical, framework and regulatory understanding with the demonstrated ability to manage risks and ensure compliance.
Primary Responsibilities:Governance Oversight & Framework Implementation
Collaborate to develop, review, and update strategies, policies and procedures pertaining to various cybersecurity and technology governance areas.Manage Governance routines & meetings as part of overall Governance frameworkMaintain and implement processes for monitoring compliance to policies and proceduresFoster strong partnerships with stakeholders in Cybersecurity teams to ensure successful creation and implementation of governance processes.Partner across Cybersecurity, Technology, First Line Risk and Business Risk teams to proactively mitigate risk through robust governance practices.Identify and analyze cybersecurity risk and control data to inform insightful recommendations and reporting to the Cybersecurity Senior Leadership Team.Create remediation plans and supports team implementation, providing guidance to teams to ensure comprehensive execution against key actions and milestones.Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.Recommend key actions and milestones in project plan and leads execution of specification project milestones.Audit Support and Compliance
Execute comprehensive Cybersecurity responses to Risk, Audit and Regulatory requests, actively developing and collaborating in documentation reviews to ensure accuracy and consistency.Prepare for and support internal and external audits in collaboration with respective Cybersecurity domain ownerAddress findings and oversee timely closure of identified gapsMaintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.Regulatory and Legal Requirements
Identify industry best practices and regulatory requirements to ensure governance enhancements improves resiliency and security of the Bank.Track upcoming changes in regulations and update policies and controls accordinglyServe as a governance subject matter resource to Cybersecurity teams and managers to educate on requirements and assist with projects.Metrics and Reporting
Partner with Cybersecurity teams and managers to ensure process documentation, reporting, and performance metrics continuously improve with organizational maturity.Promote an environment that supports diversity and reflects the M&T Bank brand.Complete other related duties as assigned.Scope of Responsibilities:
Partners with peers, manager, Cybersecurity team and leadership, First Line Risk, 2nd Line Independent Risk, Internal Audit, Regulators and external engagements
Exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results.
Exerts significant latitude in determining objective of assignment. Work is accomplished with limited direction.
Education and Experience Required:Bachelor's degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience inclusive of a minimum 4 years’ work experience in/with the specific Cybersecurity or Technology area and/or teamDemonstrated advanced knowledge of cybersecurity principles and compliance requirements.Education and Experience Preferred:Self-starter with ability to build partnerships and function effectively with limited directionDemonstrated advanced knowledge of major U.S. banking regulations and frameworks such as FFIEC, GLBA, etc and Federal Reserve, OCC, and FDIC guidelines.Demonstrate advanced knowledge of cybersecurity and technology risk principles and compliance requirementsExperience in conducting and management technology relevant risk and control assessments, audits, and reportingExperience in implementing a risk-based approach to managing and reporting on third party independent oversight reviews and engagementsAbility to understand and effectively communicate technical issues to diverse audiences, both in writing and verballyDemonstrated experience collaborating with leaders to communicate GRC activitiesProficiency in use case development with GRC tools such as Archer, ServiceNow GRC, Fusion, Riskonnect etc.#LI-JB3 #Hybrid
M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $110,635.01 - $184,391.68 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.LocationBuffalo, New York, United States of America