Overview:

Supports Cybersecurity and Technology Risk Management and governance with a focus on the development and maintenance of Cybersecurity policies and standards and the evaluation of Cybersecurity legal and regulatory requirements.

Primary Responsibilities:

• Research, recommend, and develop new Cybersecurity and Technology policies and standards content based on legal and regulatory requirements and industry best practices. Update and enhance existing Cybersecurity policies and standards as needed

• Enforce Cybersecurity policies, standards and other governance; Promote awareness through daily activities and participation in governance committees.

• Maintain current knowledge of the Bank's Cybersecurity and Technology policies, standards and procedures as well as industry best practices and proposed new guidelines and regulations.

• Identify and evaluate Cybersecurity risk to the business; Develop risk mitigation strategies, as appropriate.

• Execute Cybersecurity Risk Management Program in accordance with Bank policies and procedures. Analyze results and prepare recommendations to address identified risk and/or enhance the overall program. Represent Cybersecurity in risk management discussions and consultations across the Bank.

• Provide current data for performance metrics and reporting.

• Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.

• Promote an environment that supports diversity and reflects the M&T Bank brand.

• Complete other related duties as assigned.

Scope of Responsibilities:

This position requires regular interaction with non-management, middle management, senior management, and business units and partners, as well as occasional interaction with the Chief Information Security Officer.

Education and Experience Required:

Bachelor’s degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience, including a minimum of 5 year relevant work experience

Strong knowledge of Cybersecurity principles, frameworks (e.g., NIST CSF, CRI Profile), and regulations (23 NYCRR 500, GLBA/Interagency Guidelines, FFIEC)

Experience conducting research and evaluating information for reliability, validity, objectivity and relevance

Strong ability communicating complex information, concepts or ideas in a confident and well-organized manner through verbal, written and/or visual means

Strong knowledge of established risk management processes (e.g., methods for assessing and mitigating risk) and the ability to apply the concepts

#policy, #standards, #writing, #governance, #IT, #cyb

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $82,783.41 - $137,972.36 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

Location

Buffalo, New York, United States of America

M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer, including disabilities and veterans.