_This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub._ **Overview:** : Responsible for assisting in creating M&T’s cybersecurity policies, procedures and controls and aligning with its overall business goals, regulatory requirements and risk management framework. As part of M&T’s Cybersecurity Governance organization, you play a key role in combining technical, framework and regulatory understanding to manage cybersecurity risks and ensure compliance. **Primary Responsibilities:** **Cybersecurity Risk Assessment** + Maintain cybersecurity risk assessment methodology and lead annual cybersecurity risk assessment + Collect and distribute inputs for risk cybersecurity risk assessment + Aggregate business unit cybersecurity risk assessment results, document results, and lead assessment of cybersecurity risk with relevant stakeholders + Document and maintain an inventory of cyber related controls + Identify, document, and report top cyber risks **Regulatory and Legal Requirements** + Research and analyze industry best practices and regulatory requirements to ensure governance enhancements improves resiliency and security of the Bank. + Serve as a resource to Cybersecurity teams and managers to educate on requirements and assist with projects. **Metrics and Reporting** + Collaborate with other members of the Governance team and across other Cybersecurity teams to identify, document and report on key risk and performance metrics. + Promote an environment that supports diversity and reflects the M&T Bank brand. + Complete other related duties as assigned. **Scope of Responsibilities:** + Partners with peers, manager, Cybersecurity team and leadership, First Line Risk, 2nd Line Independent Risk, Internal Audit, Regulators and external engagements + Determines and develops approach to solutions. Work is evaluated upon completion to ensure objectives have been met. Work is accomplished with periodic check-ins for alignment and limited direction. **Education and Experience Required:** + Bachelor's degree in relevant field such as Cybersecurity Policy, Risk Management, Public Policy, or related disciplines + Minimum of 3 years’ experience in a GRC, risk management, cybersecurity or a related field, ideally within banking, financial service, or highly regulated industry. + Demonstrated intermediate knowledge of major U.S. banking regulations and frameworks such as FFIEC, GLBA, etc and Federal Reserve, OCC, and FDIC guidelines. + Critical thinking and problem-solving skills. + Excellent written and verbal communication skills **Education and Experience Preferred:** + Self-starter with ability to build partnerships and function effectively with limited direction + Demonstrate intermediate knowledge of cybersecurity and technology risk principles and compliance requirements + Specific experience in leading enterprise-wide, top-down cybersecurity risk assessment to support business line and technology management of cyber risks, identification and alignment of control and related gaps. + Experience in implementing a risk-based approach to managing and reporting on third party independent oversight reviews and engagements + Ability to understand and effectively communicate technical issues to diverse audiences, both in writing and verbally \#LI-JB3 #Hybrid M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $93,581.10 - $155,968.51 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation. **Location** Buffalo, New York, United States of America M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer, including disabilities and veterans.