Company Description
M&T Bank is a multi-state community-focused bank founded in 1856. We provide banking, investment, insurance, and mortgage financial services to over 3.6 million consumer, business, and government clients across several states. M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer, including disabilities and veterans. We are also an Equal Housing Lender. NMLS #381076. © 2024 M&T Bank. Member FDIC.
Role Description
This is a full-time hybrid role as a Technology Risk Advisor at M&T Bank located in Buffalo, NY, with remote work flexibility. The Technology Risk Advisor will be responsible for day-to-day tasks related to technology risk management, ensuring compliance, identifying and mitigating risks, and implementing security measures.
Highlights of this position:
- This role has the potential to work remote work/hybrid work week.
- Opportunity to utilize your past experience and expertise to influence Technology and Cybersecurity efforts.
- Leverage risk management practices to identify risks and provide advice on the selection, design, implementation, testing and operation of controls.
- By nature of this position, there is opportunity for the right individual for career advancement within the division/organization.
Are you a potential candidate?
- Do you have past team lead or manager experience in Technology?
- Is your Technology background considered well-rounded having experience in multiple Technology sub-disciplines?
- Have you lead or supported the design and implementation of Technology tools and related operational processes?
- Do you have experience administering Technology tools?
- Do you have real world experience in SDLC, Agile, DevOps or Scrum development methodologies?
This role functions with a moderate level of autonomy, leveraging team peer connections, support from Risk Specialists and more senior members in the oversight of the Technology division regarding risk management. The functions of this role are primarily focused on a proactive risk management activities for assigned areas within the Technology division; serving as subject matter expert in gathering evidence, analyzing information, and documentation while providing oversight, effective challenge, assessment and/or advisory services. This will be accomplished through documenting engagement activities, areas of concern, and measuring the potential risk to the organization as it relates to the organizations risk appetite. This may include issuance of findings, review of remediation plans and validation of closure evidence. In addition, the functions of this role include:
- Appropriate management of the Technology risk activities (findings/validations, remediation plans/updates, closure and closure validation).
- Execute independent/annual Targeted Review(s); planning, execution and reporting of detailed fieldwork regarding high/medium-high risk areas within the Technology/Cybersecurity division.
- Assist with oversight of Technology Risk Control Self Assessments (RCSAs) and other risk management reporting; this includes gap and delta assessments.
- Engage with assigned oversight areas; understanding the technology, overseeing and advising project/product work prior to implementation leveraging past experience and expertise, risk management practices, existing risk register and validation of controls.
- Identify and assess emerging risks and risks associated with new products/ services/ markets/ channels or changes to existing products/ services/ markets/ channels.
- Responsible for fieldwork (analysis, investigations, incidents, KRI/KPI metrics breaches, etc.) where some of this may be supported by team Risk Specialists.
- Participate in audits and in-depth reviews of Technology business line efforts and risk management activities.
- Adhere to applicable operational risk controls in accordance with Company or regulatory standards and policies and standards.
- Leverage existing hands on experience in Technology roles and knowledge of industry frameworks utilized by the by the organization such as FFIEC AIO, ITIL, and/or SDLC to provide guidance and build trusted partnerships with internal staff and third parties.
- Develop and analyze Technology metrics (KRIs, KPIs)
Relevant experience:
- 2-5 years of relevant hands on or risk management work experience in technology and/or cybersecurity fields preferred or 5-10 years of experience in Technology.
- Proven understanding of risk practices related to technology.
- Technology or Risk Certifications preferred but not required (Examples ITIL or CRISC)
The right person for this job:
- Is considered well-organized
- Has proven ability to sustain managing multiple efforts and priorities
- Is comfortable managing meetings
- Has a level of understanding of how many of the MS Office software products work, has some level of troubleshooting ability (self-sufficient in setting up personal audio and video).
- Can document processes, discussions, etc.
- Has the ability to perform analysis/research, build reports, presentations
- Is comfortable speaking in group settings or working with different levels of management