Internal IT Audit: Cloud Risk Specialization

About The Position

Requirements

• Must have senior level or above Internal Audit IT Experience.
• Bachelor’s degree, preferably in Computer Science, MIS, Technology, Cybersecurity or other related technical field and 7 years of relevant experience, inclusive of 2 years of work leadership experience.
• In lieu of degree, a combined minimum of 11 years higher education and/or work experience including 7 years of relevant work experience and 2 years of work leadership experience.
• Detailed knowledge of audit theory
• Detailed knowledge and experience in conducting audits of controls in cloud-based environments (notably Microsoft Azure) or assessing cloud architecture.
• Detailed understanding of industry frameworks guiding management of cloud computing risks
• Relevant professional certification, or actively pursuing professional certification.
• Demonstrates strong judgment, political astuteness, and sensitivity to cultural diversity.
• Possesses strong project management and interpersonal skills, makes sound decisions, exhibiting initiative and critical thinking.
• Effective negotiation skills, a proactive and 'no surprises' approach in communicating issues and strength in sustaining independent views.
• This individual must be an articulate and effective communicator, both orally and in writing, with an energetic, charismatic and approachable style.

Nice To Haves

• MBA or Master’s degree in an appropriate field preferred.
• Working knowledge and experience in auditing compute, database, network and storage infrastructure risks, technology governance and risk management concepts, modern software engineering practices, mainframe technology, and IT service management disciplines.
• Cloud risk or cloud audit-oriented certification is a definite asset (e.g. CCSK or CCAK), as are certifications such as CISSP.
• Understanding of regulatory requirements/expectations as they relate to technology and cybersecurity risks in the financial services industry;
• Excellent verbal and written communication skills.
• Ability to convey complex conceptual information/ideas on issues requiring extensive interpretation and opinion.
• Experience in applying appropriate discretion when dealing with sensitive issues and conveying technical concepts in an easy to understand manner;
• Proven ability in managing multiple bodies of work simultaneously under tight deadlines;
• Proven leadership skills, with the ability to develop and motivate; and
• Strong organizational and resource management skills.
• Financial Services Industry experience preferred

Responsibilities

• Providing senior level expertise and contributing to delivery of assurance services specific to the Bank’s Cloud and Colo Data Center Migration.
• Providing subject matter expertise and leading the execution of audit procedures over cloud-based infrastructure and cybersecurity capabilities, all while ensuring high quality deliverables in accordance with division and professional standards.
• Owning the delivery of assurance services across other areas of the Technology and Cybersecurity domains, as needed. This could include leading other audit engagements in these domains, completing issue validation procedures, executing continuous auditing activities, etc.
• Plan, coordinate and maintain full ownership over execution of assurance work specific to core technology infrastructure and cybersecurity audits, with a particular focus on assessing cloud risk management practices at the Bank.
• Assist the Audit Division in execution of its strategy specific to the holistic coverage of cloud risks across the Audit Plan and in development of cloud specific audit programs.
• Stay abreast of best practices, industry developments, and changing or emerging technology and cloud risks, consult with Audit teams to ensure their coverage is appropriate in applicable audits given this information, and ensure senior management in Audit is kept apprised of impacts to the Division’s assurance work.
• Responsible for becoming intimately familiar with the organizational structure for the Bank’s Technology Division and developing relationships with key members of management.
• Organize and complete work within established budgets and time frames with minimal direction from audit management.
• Incorporate the use of data analytics/AI throughout all phases of the audit process.
• Maintain ongoing communication with the 1st and 2nd line Risk Management/Oversight organizations to align assurance activities, share risk information, etc.
• Supervise other Audit staff as needed, based on the body of work being completed.
• Coach and mentor junior audit team members through knowledge sharing, tailoring the approach based upon their skills and experience.
• Adhere to applicable compliance/operational risk controls in accordance with Company or regulatory standards and policies.
• Promote an environment that supports belonging and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators, as applicable.
• Complete other related duties as assigned.

Benefits

• M&T Bank is committed to fair, competitive, and market-informed pay for our employees.
• As an employer of choice, we are proud to offer competitive benefits ranging from medical and retirement to forty hours of paid volunteer time each year.