Technology and Cybersecurity Risk Program Specialist

About The Position

Requirements

• Bachelor's degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience
• Demonstrated advanced knowledge of Technology and Cybersecurity risk principles
• Demonstrated advanced knowledge of three lines of defense model and first line of defense responsibilities
• Experience conducting risk control self-assessments and developing risks and controls
• Minimum of 4 years' relevant work experience in or with the specific Technology and/ or Cybersecurity risk area and/or audit and/or Risk Management

Nice To Haves

• Applicable certification align to function or domain such as Certified in Risk and Information Systems Control (CRISC®), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP)
• Proficient level of critical thinking and able to lead problem solving
• Excellent communication and interpersonal skills
• Experience partnering with leadership to design solutions
• Excellent ability to strategically seek critical information, and apply to specific processes
• Prior experience prioritizing across competing priorities and quickly changing landscape, and deliver results aligned with priorities
• Proficient persuasive communication skills to gain buy-in of others

Responsibilities

• Lead comprehensive and complex risk assessments, ensuring the identification, analysis, and mitigation of potential control gaps and corresponding remediation plans.
• Develop and maintain program governance through writing and updating department frameworks, procedures, and job aids.
• Maintain updated risk, control, and metric records in the enterprise eGRC system (Archer) based upon results from risk assessments and initiatives
• Partner strategically with cross-functional teams and senior leadership to ensure swift and effective action when events occur which are beyond or potentially beyond the Bank's risk appetite.
• Formulate and implement risk management plans, inclusive of reporting and documentation, reviewing non-compliance to standards, creating targeted risk assessments, or reporting on findings, or leading risk controls self-assessments.
• Lead compliance efforts for respective function, ensuring adherence to industry regulations and standards through internal standards.
• Assess implications of new methodologies and recommend ways for Technology and Cybersecurity Risk leadership to innovate the risk management strategy and their integration while maintaining a proactive stance against potential risks.
• Mentor newer analysts, fostering their professional growth and ensuring a high standard for all risk analysts within the team.
• Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite.
• Identify risk-related issues needing escalation to management.
• Promote an environment that supports belonging and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.