Controls Assessment & Testing Senior Specialist - Technology and Cybersecurity Risk

About The Position

Requirements

• Bachelor's degree and a minimum of 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 11 years’ higher education and/or work experience.
• Demonstrated expert knowledge of Technology and/or Cybersecurity risk principles.
• Minimum of 6 years' relevant work experience in or with the specific Technology, Cybersecurity risk area and/or business unit.
• Previous experience of NIST (National Institute of Standards and Technology) or Cybersecurity frameworks, with a strong focus NIST 800-53 and 800-53a.
• Strong knowledge of cybersecurity principles and industry best practices.
• Proven knowledge of information technology security principles and implementation methods.
• Skilled in evaluating security controls based on confidentiality, integrity and availability requirements of systems.
• Extensive experience managing and completing actual testing of controls.

Nice To Haves

• Master's degree in Information Technology, Computer Science, Cybersecurity, Law, Business Administration, or related field.
• Active CISA, CAP, CISSP, CISM, or CRISC certification.
• Working knowledge of the current version of the NIST SP800-53 and 800-53a Controls.
• Knowledge of organization's risk tolerance and/or risk management approach.
• Working knowledge of project management methodology.
• Strong and proven knowledge of security technologies and architecture.
• Knowledge of Cybersecurity threats and emerging security issues.

Responsibilities

• Develop and implement strategic approaches for in-depth risk assessments for comprehensive coverage of all technology capabilities.
• Develop and execute sophisticated risk management framework and programs that informs how to align practices with business objectives and regulatory requirements.
• Drive enforcement of frameworks, providing expert guidance and continually assessing regulation and standards to achieve industry-leading technology risk compliance.
• Spearhead collaboration among cross-functional teams and senior or executive leadership to align technology practices with overarching business goals and regulatory requirements.
• Coordinate preparation and response to regulatory engagements, including reviewing responses for accuracy and meeting regulatory requests.
• Encourage innovation in risk management strategies through identification of advanced methodologies to address evolving threats.
• Provide advanced mentorship to mid-level analysts, fostering their professional growth.
• Contribute to design and delivery of training programs to ensure comprehensive knowledge of technology and cybersecurity risk management.
• Understand and adhere to the Company’s risk and regulatory standards, policies and controls.
• Identify risk-related issues needing escalation to management.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points.

Benefits

• Medical and retirement benefits.
• Forty hours of paid volunteer time each year.