Overview:

Leads risk analysis for Artificial Intelligence, influencing overarching risk framework and providing advanced guidance to leadership for informed decision-making aligned with organizational imperatives.

Primary Responsibilities:

• Develop and implement strategic approaches for in-depth risk assessments for comprehensive coverage of artificial intelligence and broader technology capabilities.

• Develop and execute sophisticated risk management framework and programs that inform alignment of practices with business objectives and regulatory requirements, including (but not limited to) developing complex process maps, leading risk controls self-assessments, and summarizing complex findings.

• Influence the design and ongoing evolution of an artificial intelligence governance program. Identify and document AI risks and controls, and assist in the development of metrics to measure and monitor risk.

• Assist in the assessment of artificial intelligence security risks, including lifecycle management, architecture/design, and incident response processes.

• Drive enforcement of frameworks, providing expert guidance and continually assessing regulations and standards to achieve industry-leading technology and AI risk compliance.

• Spearhead collaboration among cross-functional teams and senior or executive leadership to align technology and AI practices with overarching business goals and regulatory requirements; maintain productive relationships with stakeholders and third parties to ensure resiliency across Technology, Cybersecurity, and the Bank.

• Coordinate preparation and response to regulatory engagements, including reviewing responses for accuracy, organizing documentation, and leading exam management activities (e.g., first day letter review, response tracking, document repositories).

• Encourage innovation in risk management strategies through identification of advanced methodologies to address evolving AI and technology risks, and recommend paths for implementation to Technology and Cybersecurity Risk leadership.

• Provide advanced mentorship to mid-level analysts, fostering professional growth and maintaining high standards across the risk team.

• Contribute to the design and delivery of training programs to strengthen organizational understanding of technology and AI risk management and enhance critical skill development.

• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in alignment with the Company’s Risk Appetite; identify and escalate risk-related issues as appropriate.

• Promote an environment that supports belonging and reflects the M&T Bank brand.

• Maintain M&T internal control standards, including timely implementation of audit findings and regulatory issues.

• Complete other related duties as assigned.

Scope of Responsibilities:

• Serve as a primary resource for AI risk governance, contributing to definition and evolution of the AI risk framework and delivering reporting to leadership and risk committees.

• Support execution of key program initiatives, ensuring audit and regulatory readiness through disciplined documentation, evidence management, and remediation tracking.

• Interact regularly with senior leaders across Technology, Cybersecurity, Technology & Cybersecurity Risk, and key internal partners including Risk Division, Internal Audit, Regulatory Affairs, and lines of business.

• Effectively communicate AI and technology risk and control concepts to cross-functional stakeholders, including non-technical partners (e.g., Finance, Credit, Line of Business).

• Work is accomplished with periodic direction; exercises judgment in selecting methods, techniques, and evaluation criteria, and operates with significant autonomy while consulting with subject matter experts as needed.

• May present to regulators under the direction of senior Technology and Cybersecurity Risk leadership.

Supervisory/Managerial Responsibilities:

• No supervisory responsibilities.

Education and Experience Required:

• Bachelor's degree and a minimum of 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 11 years’ higher education and/or work experience
• Demonstrated expert knowledge of Technology and/or Cybersecurity risk principles
• Minimum of 6 years' relevant work experience in or with Technology, Cybersecurity risk, and/or emerging areas such as Artificial Intelligence risk and governance

Education and Experience Preferred:

• Master's degree in Information Technology, Computer Science, Cybersecurity, Law, Business Administration, or related field

• Applicable certifications aligned to function or domain such as:

  • Advanced in AI Audit (AAIA)
  • Advanced in AI Risk (AAIR)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)

• Experience with Artificial Intelligence risk and governance frameworks and audit applications

• Ability to lead critical analysis of complex problems and drive solutions

• Excellent communication and interpersonal skills

• Experience partnering with leadership to design solutions aligned with business needs

• Strong ability to identify and synthesize critical information across a wide range of processes

• Proven ability to prioritize across competing demands in a rapidly changing environment

• Experience effectively influencing peers and senior leaders

• Ability to train, mentor, and develop others