Principal Specialist - Technology and Cybersecurity Risk/Cloud Security

The Bank sponsors individuals for TN and H-1B transfers on a case by case basis. Please note that this position is not open to anyone on a H-1B or F-1 student visa including those eligible for CPT/OPT or the Stem OPT extension.

The person chosen for this role be the go-to expert for implementing and testing cloud security controls. You will lead the team in developing new cloud security risk management processes, while working with technical teams and leadership to figure out the best way to migrate our systems to the cloud safely.

Must have Risk Management Experience Supporting Cloud

Primary Responsibilities:

Develop and implement strategic risk framework ensuring comprehensive coverage of all technology capabilities.

Lead execution of strategic risk management framework and program that aligns practices with business objectives and regulatory requirements, including (but not limited to) developing complex process maps, responses to regulatory bodies and audit, and summary of complex findings.

Optimize and implement frameworks, providing expert guidance and leading transformative efforts to achieve industry-leading technology risk compliance.

Spearhead collaboration among cross-functional teams across the Bank and executive leadership to align technology practices with overarching business goals and regulatory requirements; maintain productive relationships with external stakeholders and/or with third-party engagements to ensure resiliency of Technology, Cybersecurity, and the overall Bank.

Oversee preparation and response to regulatory engagements; may act as subject matter expert in regulatory meetings.

Lead integration of advanced or complex risk management methodologies to drive innovation and to address evolving threats.

Mentor and coach team members within department, fostering their professional growth and ensuring a high standard for all risk analysts within the team.

Influence design and delivery of training programs to strengthen the Technology and Cybersecurity Risk function and enhance the ability to effectively manage technology and cybersecurity risk.

Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.

Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.

Complete other related duties as assigned.

Scope of Responsibilities:

This position primarily interacts with senior people leaders within the Technology and Cybersecurity teams, senior people leaders of Technology and Cybersecurity Risk, and across the bank, and internal partners such as Enterprise and Operational Risk, Internal Audit, Regulatory Affairs.

Work is accomplished with periodic direction. The position exercises judgement in the majority of aspects of their role. It exerts significant latitude in determining strategy of approach and takes calculated risks with consultation from expert.

This role may present to Regulators under the direction of senior Technology and Cybersecurity Risk leaders.

No supervisory responsibilities.

Education and Experience Required:

Bachelor's degree and a minimum of 9 years’ relevant work experience, or in lieu of a degree, a combined minimum of 13 years’ higher education and/or work experience

Must have Risk Management Experience Supporting Cloud

A minimum of five years of hands-on experience with cloud technologies like Azure, AWS, and GCP.

Experience with cloud control frameworks like CSA CCM.

You'll need to have developed control testing of cloud security controls, including manual and automated controls.

Experience communicating with both technical teams and senior leadership.

Education and Experience Preferred:

Master's degree in Information Technology, Computer Science, Cybersecurity, Law, Business Administration, or related field

Applicable certification align to function or domain such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP)

Demonstrated ability to indirectly lead strategic direction of team

Excellent communication and interpersonal skills; proven ability to effectively convey message to technical and business leaders

Experience partnering with leadership to design solutions aligned with business needs

Excellent ability to strategically seek critical information, and apply across a broad array of processes

Prior experience prioritizing across competing priorities and quickly changing landscape, and execute outcomes aligned with priorities

Experience effectively influencing senior leaders

Excellent mentoring and leadership capabilities

The Bank sponsors individuals for TN and H-1B transfers on a case by case basis. Please note that this position is not open to anyone on a H-1B or F-1 student visa including those eligible for CPT/OPT or the Stem OPT extension.

The person chosen for this role be the go-to expert for implementing and testing cloud security controls. You will lead the team in developing new cloud security risk management processes, while working with technical teams and leadership to figure out the best way to migrate our systems to the cloud safely.

Must have Risk Management Experience Supporting Cloud

Primary Responsibilities:

• Develop and implement strategic risk framework ensuring comprehensive coverage of all technology capabilities.

• Lead execution of strategic risk management framework and program that aligns practices with business objectives and regulatory requirements, including (but not limited to) developing complex process maps, responses to regulatory bodies and audit, and summary of complex findings.

• Optimize and implement frameworks, providing expert guidance and leading transformative efforts to achieve industry-leading technology risk compliance.

• Spearhead collaboration among cross-functional teams across the Bank and executive leadership to align technology practices with overarching business goals and regulatory requirements; maintain productive relationships with external stakeholders and/or with third-party engagements to ensure resiliency of Technology, Cybersecurity, and the overall Bank.

• Oversee preparation and response to regulatory engagements; may act as subject matter expert in regulatory meetings.

• Lead integration of advanced or complex risk management methodologies to drive innovation and to address evolving threats.

• Mentor and coach team members within department, fostering their professional growth and ensuring a high standard for all risk analysts within the team.

• Influence design and delivery of training programs to strengthen the Technology and Cybersecurity Risk function and enhance the ability to effectively manage technology and cybersecurity risk.

• Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.

• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.

• Complete other related duties as assigned.

Scope of Responsibilities:

• This position primarily interacts with senior people leaders within the Technology and Cybersecurity teams, senior people leaders of Technology and Cybersecurity Risk, and across the bank, and internal partners such as Enterprise and Operational Risk, Internal Audit, Regulatory Affairs.

• Work is accomplished with periodic direction. The position exercises judgement in the majority of aspects of their role. It exerts significant latitude in determining strategy of approach and takes calculated risks with consultation from expert.

• This role may present to Regulators under the direction of senior Technology and Cybersecurity Risk leaders.

Supervisory/Managerial Responsibilities:

No supervisory responsibilities.

Education and Experience Required:

• Bachelor's degree and a minimum of 9 years’ relevant work experience, or in lieu of a degree, a combined minimum of 13 years’ higher education and/or work experience

• Must have Risk Management Experience Supporting Cloud

• A minimum of five years of hands-on experience with cloud technologies like Azure, AWS, and GCP.

• Experience with cloud control frameworks like CSA CCM.

• You'll need to have developed control testing of cloud security controls, including manual and automated controls.

• Experience communicating with both technical teams and senior leadership.

Education and Experience Preferred:

• Master's degree in Information Technology, Computer Science, Cybersecurity, Law, Business Administration, or related field

• Applicable certification align to function or domain such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP)

• Demonstrated ability to indirectly lead strategic direction of team

• Excellent communication and interpersonal skills; proven ability to effectively convey message to technical and business leaders

• Experience partnering with leadership to design solutions aligned with business needs

• Excellent ability to strategically seek critical information, and apply across a broad array of processes

• Prior experience prioritizing across competing priorities and quickly changing landscape, and execute outcomes aligned with priorities

• Experience effectively influencing senior leaders

• Excellent mentoring and leadership capabilities

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $136,787.30 - $227,978.83 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation. The range listed above corresponds to our national pay range for this role. The specific pay range applicable to you may vary based on your location.Clanton, Alabama, United States of America

M&T Bank Corporation is an American bank holding company headquartered in Buffalo, New York.