Overview:
Supports Cybersecurity and Technology Risk Management and governance with a focus on the development and maintenance of Cybersecurity policies and standards and the evaluation of Cybersecurity legal and regulatory requirements.

Primary Responsibilities:

• Research, recommend, and develop new Cybersecurity and Technology policies and standards content based on legal and regulatory requirements and industry best practices. Update and enhance existing Cybersecurity policies and standards as needed
• Enforce Cybersecurity policies, standards and other governance; Promote awareness through daily activities and participation in governance committees.
• Maintain current knowledge of the Bank's Cybersecurity and Technology policies, standards and procedures as well as industry best practices and proposed new guidelines and regulations.
• Identify and evaluate Cybersecurity risk to the business; Develop risk mitigation strategies, as appropriate.
• Execute Cybersecurity Risk Management Program in accordance with Bank policies and procedures. Analyze results and prepare recommendations to address identified risk and/or enhance the overall program. Represent Cybersecurity in risk management discussions and consultations across the Bank.
• Provide current data for performance metrics and reporting.
• Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Complete other related duties as assigned.

Scope of Responsibilities:
This position requires regular interaction with non-management, middle management, senior management, and business units and partners, as well as occasional interaction with the Chief Information Security Officer.
 

Education and Experience Required:
Bachelor’s degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience, including a minimum of 5 year relevant work experience
Strong knowledge of Cybersecurity principles, frameworks (e.g., NIST CSF, CRI Profile), and regulations (23 NYCRR 500, GLBA/Interagency Guidelines, FFIEC)
Experience conducting research and evaluating information for reliability, validity, objectivity and relevance
Strong ability communicating complex information, concepts or ideas in a confident and well-organized manner through verbal, written and/or visual means
Strong knowledge of established risk management processes (e.g., methods for assessing and mitigating risk) and the ability to apply the concepts

#policy, #standards, #writing, #governance, #IT, #cyb

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $82,783.41 - $137,972.36 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

Location

Buffalo, New York, United States of America