The Bank sponsors individuals for TN and H-1B transfers on a case by case basis. Please note that this position is not open to anyone on an F-1 student visa including those eligible for CPT/OPT or the Stem OPT extension.This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub.Overview:Responsible for providing input, support, and analysis to general cybersecurity business processes. Assists in the creation of new or updating of existing processes and policies that ensure resiliency and security of organization.Primary Responsibilities:
Build out job aids and process documentation to ensure consistent framework across all teams and shifts
Participate in the review and update of policies and procedures pertaining to various governance areas
Conduct and document research on industry best practices and regulatory requirements to inform policy development
Maintain systems and processes for monitoring compliance with established policies and procedures
Analyze and report on compliance data to provide insights and recommendations to Cybersecurity leadership
Collaborate with Cybersecurity, Technology, and First Line Risk teams and, at times, business lines to proactively mitigate risk through existing policies and procedures
Gather and share data to peers and leadership for internal audit and regulatory requests, ensuring highest degree of accuracy
Gather input and feedback from stakeholders across Cybersecurity team(s) to create process flows and maps and ensure they are aligned with team objectives
Assists various aspects of remediation activities by drafting key actions, timeline, and communication plan
Gather input and feedback from stakeholders across Cybersecurity team(s) to create process flows and maps and ensure they are aligned with team objectives
Effectively communicate governance activities and updates to stakeholders across Cybersecurity teams
Proactively respond to ad-hoc Cybersecurity analysis requests, questions, and issues
Assist with documenting and communicating proposed new approaches, methods, technologies, or breakthroughs in area of expertise and coordinates efforts with junior team members to ensure accuracy and timeliness.
Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite.
Identify risk-related issues needing escalation to management.
Promote an environment that supports diversity and reflects the M&T Bank brand
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable
Complete other related duties as assigned.
Education and Experience Required:Associates degree and a minimum of 3 years’ relevant work experience,OR in lieu of a degree,A combined minimum of 5 years’ higher education and or work experience, including a minimum of relevant work experience in two (2) or more of the following Cybersecurity domains: a. Security and Risk Management; b. Asset Security; c. Security Engineering; d. Communication and Network Security; e. Identity and Access Management; f. Security Testing; and, g. Security OperationsUnderstanding of the System Development Life Cycle (SDLC), networking concepts and protocols, and network security methodologiesCapable of researching and recommending application development support software and hardware platforms through an understanding of client area function and deliverable requirements for current and future-state planningTechnical experience with mainframe, distributed computing environments, and network security architecture concepts including topology, protocols, components, and principlesPrior experience in performing complex problem analysis and problem resolution across multiple disciplinesPrior experience with and demonstrable aptitude for quickly learning new technical skills and supporting multiple systems, tools, and processesTechnical experience with Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), attack methodologies and traffic flows for threats and vulnerabilitiesDetailed technical knowledge of Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)Education and Experience Preferred:Bachelor’s degree and a minimum of 2 years’ in Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security Operations, or in lieu of a degree, a combined minimum of 6 years’ higher education and/or work experience, including a minimum of 2 years’ in Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security OperationsExperience with M&T's application development support software and hardware platforms and ability to introduce application development alternatives through an understanding of client area function and deliverable requirements for current and future-state planningDetailed technical experience with mainframe, virtual, and/or distributed computing environmentsCISSP, CISM, or CRISC certification or Cybersecurity domain-related industry-recognized certificationAbility to act as a surrogate team leader to assign, review, evaluate and prioritize team effortsM&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $93,581.10 - $155,968.51 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.Location:Buffalo, New York, United States of AmericaM&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer, including disabilities and veterans.
