IT Lead Auditor - Infrastructure (Hybrid )

Posted:
8/12/2024, 5:00:00 PM

Location(s):
Buffalo, New York, United States ⋅ New York, United States

Experience Level(s):
Senior

Field(s):
IT & Security

Workplace Type:
Hybrid

** Work Arrangement: This is a hybrid position requiring in-office work multiple days every week and will be ideally be based in Buffalo, NY. Additional potential locations include Bridgeport, CT, or Wilmington, DE. Depending upon the location of the final candidate, this might be a remote position.

Overview:

This position is responsible for executing internal audit examinations over the Bank’s Information Technology (IT) Engineering, Operations, Governance, Risk Management, and Architecture functions ensuring the timely and professional execution of the examinations in accordance with professional standards.   

Primary Responsibilities

  • Plan, coordinate and maintain full ownership over execution of IT platform and infrastructure audit examinations and validation procedures in accordance with the Internal Audit Department’s audit methodology and professional standards.  Work with the IT Infrastructure Audit Manager to establish appropriate budgets and timeframes for these examinations;  
  • Independently document and communicate recommendations to Bank Management in order to improve internal controls and reduce risk to the organization;
  • Supervise other IT Audit staff as needed, per audit engagement;
  • Responsible for becoming intimately familiar with the organizational structure for the Bank’s Technology organization.  Also responsible (in collaboration with the IT Infrastructure Audit Manager) for understanding technology risks that may exist across the enterprise and ensuring the Audit Department’s overall Audit Plan effectively accounts for these risks;
  • Responsible for actively working with the Enterprise Security Audit team to ensure cybersecurity risks are accounted for within the scope of infrastructure audits;
  • Function as one of the primary point persons within the IT Audit group responsible for understanding the IT infrastructure, operations, engineering, risk management, architecture and governance functions in the organization.  Expected to work with the IT Infrastructure Audit Manager to develop an effective approach to gaining this knowledge;
  • Working with the Infrastructure Audit Manager, keeping abreast of current developments and emerging issues and risks both within the Technology organization and the information technology industry, and apply gained knowledge to audit practices;
  • Responsible for establishing a relationship with the project portfolio manager for the Technology line of business to fully understand the key projects ongoing in the Technology organization.  Function as a 'go to' person for the IT Audit group in regards to infrastructure projects and participate on these projects, and other investigations and initiatives as necessary;  
  • Directly communicate with Senior, Middle and Line Management within the Technology organization, as well as External Auditors as needed, and maintain and enhance these professional relationships; and
  • Maintain ongoing communication with the 1st and 2nd line Technology Risk Management/Oversight organizations to align assurance activities, share risk information, and establish ongoing reliance approaches (as applicable)

Scope of Responsibilities

This individual leads and executes assurance activities and advisory services, maintains relationships and communicates with Bank Management, and oversees Auditors.  They ensure activities are in conformance with professional auditing standards.  They report to an Audit (Senior) Manager.

Education and Experience Required

  • Bachelor’s Degree, preferably in Accounting, Business, Finance, Technology, Cybersecurity, Mathematics, Statistics or other related technical field and 5 years of relevant work experience, and 1 year of leadership experience
  • Experience with internal audit methodology
  • IT Audit experience
  • Solid understanding of internal control concepts with the ability to evaluate adequacy of the controls
  • Strong leadership skills and ability to coach and develop others
  • Proven analytical and critical thinking skills
  • Excellent written and verbal communication skills with the ability to present sensitive and complex findings to business management and influence change
  • Proven ability to handle multiple projects at the same time

Education and Experience Preferred

  • Strong experience in infrastructure auditing (preferably in the banking/financial services sector);
  • Working knowledge and experience in auditing the following technologies:
    • Windows Server, Unix/Linux Server, server virtualization systems, Network infrastructure, firewalls, VPN, and other types of security appliances, Wireless network infrastructure, Storage Area Network (SAN) environments, Data backup solutions, Microsoft Exchange email systems, Data Loss Prevention Systems, Telephony, SQL Server, Oracle, and DB2 database environments, MDM and MAM systems, middleware technologies, mainframe systems and related security products, file transmissions and job scheduling systems.  Also would be helpful having experience with software defined technologies across infrastructure, emerging database technologies (i.e. NoSQL) and experience auditing enterprise data management technologies such as data warehousing, master data management and data lake tech is a plus.
  • Working knowledge of cloud computing risks and related controls frameworks
  • Working knowledge of modern delivery practices and supporting tech (agile, DevOps tools, etc.)
  • Working knowledge of API Management and associated security risks
  • Certification such as CISA, CISSP, CCSP, as well as other technical vendor certifications is a definite asset;
  • In-depth knowledge of ITIL Standards and core IT services such as change, problem, incident, and asset management;
  • Understanding of regulatory requirements as they relate to technology in the financial services industry;
  • Excellent verbal and written communication skills. Ability to convey complex conceptual information/ideas on issues requiring extensive interpretation and opinion. Experience in applying appropriate discretion when dealing with sensitive issues and conveying technical concepts in an easy to understand manner;
  • Proven ability in managing multiple audits, projects and initiatives simultaneously under tight deadlines;
  • Proven leadership skills, with the ability to develop and motivate teams;
  • Experience with TeamMate+  and TeamMate is a plus.
  • Strong organizational and resource management skills; and
  • Ability to travel when needed.

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $85,104.04 - $141,840.07 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

Location

Buffalo, New York, United States of America