Overview:This role is position is within the Technology and Cybersecurity Risk Operations (TCRO) organization and is focused on Technology Risk Oversight.This role functions with a moderate level of autonomy, leveraging team peer connections, support from Risk Specialists and more senior members in the oversight of the Technology and Cybersecurity division regarding risk management. The functions of this role are primarily focused on a proactive risk management activities for assigned areas within the Technology and Cybersecurity division; serving as subject matter expert in gathering evidence, analyzing information, and documentation while providing oversight, effective challenge, assessment and/or advisory services. This will be accomplished through documenting engagement activities, areas of concern, and measuring the potential risk to the organization as it relates to the organizations risk appetite. This may include issuance of findings, review of remediation plans and validation of closure evidence. In addition, the functions of this role include:Primary Responsibilities:
Appropriate management of the Technology and Cybersecurity risk activities (findings/validations, remediation plans/updates, closure and closure validation).
Execute independent/annual Targeted Review(s); planning, execution and reporting of detailed fieldwork regarding high/medium-high risk areas within the Technology/Cybersecurity division.
Assist with oversight of Technology and Cybersecurity Risk Control Self Assessments (RCSAs) and other risk management reporting; this includes gap and delta assessments.
Engage with assigned oversight areas; understanding the technology, overseeing and advising project/product work prior to implementation leveraging past experience and expertise, risk management practices, existing risk register and validation of controls.
Identify and assess emerging risks and risks associated with new products/ services/ markets/ channels or changes to existing products/ services/ markets/ channels.
Responsible for fieldwork (analysis, investigations, incidents, KRI/KPI metrics breaches, etc.) where some of this may be supported by team Risk Specialists.
Participate in audits and in-depth reviews of Technology/Cybersecurity business line efforts and risk management activities.
Adhere to applicable operational risk controls in accordance with Company or regulatory standards and policies and standards.
Leverage existing hands on experience in Technology and/or Cybersecurity roles and knowledge of industry frameworks utilized by the by the organization such as NIST, FFIEC AIO, and ITIL to provide guidance and build trusted partnerships with internal staff and third parties.
Develop and analyze Technology & Cybersecurity metrics (KRIs, KPIs)
Education and Experience Required:Bachelor’s degree and six years' experience in compliance, legal, audit, risk or other relevant function,OR in lieu of degree,A combined minimum ten years’ higher education and/or work experience including six years’ experience in compliance, legal, audit, risk or other relevant function.Proficient computer skills (including spreadsheet and word processing software), analytical skills, working knowledge of applicable laws, written and verbal communications w/ all levels.Education and Experience Preferred:2-5 years of relevant hands on or risk management work experience in technology and/or cybersecurity fields preferred or 5-10 years of experience in Technology or Cybersecurity.Proven understanding of risk practices related to technology and/or cybersecurity.Technology or Cyber Certifications preferred but not required (Examples such as CISSP, CISA, CSM, ITIL or CRISC)M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $110,635.01 - $184,391.68 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.LocationBuffalo, New York, United States of AmericaM&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer, including disabilities and veterans.
