Senior Specialist - Technology and Cybersecurity Risk

About The Position

Requirements

• Bachelor's degree and a minimum of 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 11 years’ higher education and/or work experience
• Demonstrated expert knowledge of Technology, Cybersecurity, Audit and/or risk principles
• Minimum of 6 years' relevant work experience in or with the specific Technology, Audit, Cybersecurity risk area and/or business unit

Nice To Haves

• Master's degree in Information Technology, Computer Science, Cybersecurity, Law, Business Administration, or related field
• Applicable certification align to function or domain such as Certified in Risk and Information Systems Control (CRISC®), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP)
• Ability to lead critical analysis of work and problem solve
• Excellent communication and interpersonal skills
• Experience partnering with leadership to design solutions aligned with business needs
• Excellent ability to strategically seek critical information, and apply across a broad array of processes
• Prior experience prioritizing across competing priorities and quickly changing landscape, and execute outcomes aligned with priorities
• Experience effectively influencing peers and leaders
• Ability to train and mentor peers

Responsibilities

• Develop and implement strategic approaches for in-depth risk assessments for comprehensive coverage of all technology capabilities.
• Develop and execute sophisticated risk management framework and programs that inform how to align practices with business objectives and regulatory requirements, including (but not limited to) developing complex process maps, leading risk controls self-assessments, and summary of complex findings.
• Drive enforcement of frameworks, providing expert guidance and continually assessing regulation and standards to achieve industry-leading technology risk compliance.
• Spearhead collaboration among cross-functional teams and senior or executive leadership to align technology practices with overarching business goals and regulatory requirements; maintain productive relationships with stakeholders and/or with third-party engagements to ensure resiliency of Technology, Cybersecurity, and the overall Bank.
• Coordinate preparation and response to regulatory engagements, including reviewing responses for accuracy and meeting regulatory requests, organizing documents and packets, and leading exam management (i.e., template folders, review of first day letter and follow-up requests).
• Encourage innovation in risk management strategies through identification of advanced methodologies to address evolving threats and the recommendation of paths for implementation to Technology and Cybersecurity Risk leadership.
• Provide advanced mentorship to mid-level analysts, fostering their professional growth and ensuring a high standard for all risk analysts within the team.
• Contribute to the design and delivery of training programs to ensure comprehensive knowledge of technology and cybersecurity risk management and growing critical skills to enhance team's outcomes.
• Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite.
• Identify risk-related issues needing escalation to management.
• Promote an environment that supports belonging and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Benefits

• medical
• retirement
• forty hours of paid volunteer time