About the Role
Overview:Supports a Cybersecurity risk management and governance practice focused on Cybersecurity risk assessments, Cybersecurity First Line of Defense and controls testing strategy, development and maintenance of Cybersecurity policies and standards, evaluation of Cybersecurity legal and regulatory requirements, development and execution of the Cybersecurity awareness program, and/or development and execution of the Cybersecurity Risk Management Program.
Maintain current knowledge of M&T Banks Cybersecurity and Risk management policies, standards and procedures.
Support senior analysts in identifying, evaluating and documenting Cybersecurity risk to the business.
Maintain current knowledge of Cybersecurity policies, standards and other governance. Assist senior analysts with development and enforcement of Cybersecurity policies, standards and other governance. Promote awareness of Cybersecurity policies, standards and other governance through daily interactions with business units and stakeholders.
Ensure compliance with legal and regulatory requirements and industry best practices.
Provide current data for key risk indicators (KRIs) and key performance indicators (KPIs).
Understand and adhere to the Companys risk and regulatory standards, policies and controls in accordance with the Companys Risk Appetite. Identify risk-related issues needing escalation to management.
Promote an environment that supports diversity and reflects the M&T Bank brand.
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
Complete other related duties as assigned.
Scope of Responsibilities:This role is used in one or more of the following ways:
Risk Assessment - Assist senior staff members in the execution of Cybersecurity risk assessments in accordance with established procedures and workflows.
Controls Testing Design - Support senior team members in research, evaluation, development, documentation and maintenance of the Banks Cybersecurity controls testing program and plan.
Policy &Standards - Update and enhance Cybersecurity policy and standards in accordance with established procedures and workflows. Ensure compliance with legal and regulatory requirements and industry best practices.
Awareness and Training ? Update and enhance Cybersecurity awareness training in accordance with established procedures and workflows.
Regulatory - Review assigned regulatory notifications to identify impact to organization. Summarize and present analysis to management.
Risk Management Program ? Support senior team members in the development, execution and maintenance of the Cybersecurity Risk Management Program in accordance with established policies and procedures.c
Supervisory/Managerial Responsibilities:Education and Experience Required:
Associates degree and a minimum of 2 years relevant work experience, or in lieu of a degree, a combined minimum of 4 years higher education and/or work experience, including a minimum of 2 year relevant work experience
Demonstrated knowledge of Cybersecurity principles relevant to confidentiality, integrity, availability, authentication and non-repudiation
Proven ability to collaborate effectively with others
Experience conducting research and evaluating information for reliability, validity, objectivity and relevance
Demonstrated ability to communicating complex information, concepts or ideas in a confident and well-organized manner through verbal, written, and/or visual means