Senior Cybersecurity Tech Risk Analyst

M&T Bank

  • Buffalo, NY
  • $97,870-163,116 per year
  • Permanent
  • Full-time
  • 1 month ago
The Bank sponsors individuals for TN and H-1B transfers on a case by case basis. Please note that this position is not open to anyone on an F-1 student visa including those eligible for CPT/OPT or the Stem OPT extension.This role offers a hybrid work schedule; offering the flexibility to work from home two days a week, while providing the opportunity for in-person collaboration.**This position is available in Buffalo, NY**About M&T BankAt M&T Tech, we’re a team of makers, doers, and builders, working to create the most advanced technology solutions in banking. We’re not your stereotypical suit and tie bankers: we’re an innovative team of leading tech experts, pushing boundaries, and taking risks. We’re building an agile team of the most skilled and creative workers to solve complex problems, architect solutions, write high-performance software, and chart our new path, all to make the lives of our customers, and the communities that we serve, better. Join us and be part of something new as we build tomorrow’s bank, today.Overview:Supports a Cybersecurity risk management and governance practice focused on Cybersecurity risk assessments, First Line of Defense and controls testing strategy, development and maintenance of Cybersecurity policies and standards, evaluation of Cybersecurity legal and regulatory requirements, development and execution of the Cybersecurity awareness program, and/or development and execution of the Cybersecurity Risk Management Program.Primary Responsibilities:
  • Knowledge of IAM governance framework that aligns with industry best practices, regulatory requirements, and organizational policies.
  • Working Knowledge of Role-Based Access Control (RBAC) models, mapping roles and responsibilities to access privileges, segregation of duties (SoD) and least privilege principles and enterprise level IDAM methodologies.
  • Maintain current knowledge of the Bank's Cybersecurity and Risk management policies, standards and procedures as well as industry best practices and proposed new guidelines and regulations.
  • Identify and evaluate Cybersecurity risk to the business and drive development of strategies to mitigate identified risks based on diverse factors including the organizations overall risk appetite and tolerance.
  • Provide current data for key risk indicators (KRIs) and key performance indicators (KPIs). Present results to risk committees. Review current KRI's and KPI's, recommend enhancements to management and present recommendations to risk committees.
  • Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.
  • Promote an environment that supports diversity and reflects the M&T Bank brand.
  • Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
  • Complete other related duties as assigned.
Scope of Responsibilities:This position requires regular interaction with non-management, middle management, certain senior management, and business units and partners. This position also requires occasional interaction with the Chief Information Security Officer.This role is used in one or more of the following ways:Risk Assessment - Design and develop Cybersecurity risk assessments based on subject matter expertise and industry best practices. Execute risk assessments, analyze results, recommend and implement remediation plans to address defined risks. Present recommendations to area management and various risk committees. Work with other areas of Cybersecurity to define and document controls associated with identified risks.Controls Testing Design - Develop, document and maintain the Bank's Cybersecurity controls testing program and plan. Confirm the program aligns with Cybersecurity policies and standards, Risk Management policies and regulatory requirements.Policy and Standards - Research, recommend, and develop new Cybersecurity policies and standards based on the Bank’s strategic direction and aligned with legal and regulatory requirements and industry best practices. Present recommendations to area management and various risk committees for approval. Update and enhance existing Cybersecurity policies and standards as needed.Regulatory - Review assigned regulatory notifications to identify impact to organization. Discuss results with stakeholders and develop recommendations along with associated action plans to address gaps. Summarize results, recommendations and action plans and present to management and various risk committees. Lead efforts to address action plans.Risk Management Program – Design and develop the Cybersecurity Risk Management program, ensure proper alignment with bank policies and procedures. Analyze program results, recommend enhancements. Present recommendations to area management and various risk committees. Work with other areas of Cybersecurity to define and document key risks and controls.Education and Experience Required:Associate’s degree and a minimum of 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience, including a minimum of 7 year relevant work experienceExcellent knowledge of Cybersecurity principles relevant to confidentiality, integrity, availability, authentication and non-repudiationProven ability facilitating targeted discussions with peers, line managers and senior management within business unitExperience conducting research and evaluating information for reliability, validity, objectivity and relevanceExcellent ability communicating complex information, concepts or ideas in a confident and well-organized manner through verbal, written and/or visual meansExperience conducting information searchesExcellent ability to discern protection needs (i.e., security controls) of information systems and networksProven ability to design and develop effective risk management processes (e.g., methods for assessing and mitigating risk)Experience recognizing vulnerabilities in security systemsExcellent ability designing valid and reliable assessmentsExperience conducting knowledge mappingExperience anticipating new security threatsEducation and Experience Preferred:Bachelor's degreeCertified Information Systems Security Professional (CISSP) or Certified Risk and Information Systems Control (CRISC) certification or Cybersecurity domain-related industry-recognized certificationKnowledge of organization's risk tolerance and/or risk management approachKnowledge of organizational security policiesM&T Bank is a Top 10 US bank holding company and one of the best performing and financial stable regional banks in the country, we offer our technology employees a wide range of performance-based career development opportunities. We have a strong commitment to our customers and the communities we serve, and we continue to grow with a focus on the future. So, when looking to advance your career, look to M&T. Grow with us.Hiring Immediately.We support our team members with generous benefits.
  • Competitive compensation
  • Health, welfare, and retirement benefits
  • 401(k) match at 5%
  • Work-life balance and flexible work arrangements
  • Up to 25 days PTO plus 12 paid holidays
#MTBTechCareers, #MTBCareers #MTBTechLife & #MTBTechHub #CybersecurityJobs #InfosecJobs #CybersecurityCareer #Hiring #JobOpening #ITJobs #TechJobs #CISSP #Cybersecurity #cybersecuritysolutions #cybersecurityarchitecture #securitymanagement #informationsecurity #cybersecurityleadership #securitysolutions #cybersecuritystrategy #cybersecuritymanagement #securearchitecture #ITsecuritysolutions #networksecurity #cybersecurityprofessional #securityconsulting #securityassessment #cybersecurityteam #riskmanagement #datasecurity #cloudsecurity #cybersecurityawareness #cybersecurityexpertM&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $97,869.52 - $163,115.87 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.Location: Buffalo, New York, United States of America

M&T Bank