Website M&T Bank
Uses professional knowledge, skills, and experience to execute security assessments on the effectiveness of Cybersecurity security control designs, which may include conducting vendor onsite reviews of third parties. Leverages a risk-based approach to ensure appropriate security principles and controls are applied during the system development life cycle and protect customer and corporate assets in line with the Bank’s risk appetite.
- Engage with Technology teams to identify security risks of proposed third party environments and recommend potential system/application modifications.
- Mentor less experienced personnel on Cybersecurity principles and application, in relation to Bank policies and standards and how they relate to security assessments.
- Prepare required systems and applications cybersecurity security documentation within established SLAs (Service Level Agreements), ensuring alignment with all applicable laws, regulations, Bank policies and standards, as well as industry best practices in accordance with the Bank’s risk appetite. Raise risk-related issues to management as required.
- Understand the enterprise and/or third party security architecture to identify security gaps.
- Review effectiveness of security controls on an ongoing basis to determine whether the risk remains acceptable.
- Remain current with industry trends and security threats to advise management on how to mitigate and contain risks to the business. Prepare and deliver management level presentations to communicate trends and threats.
- Understand and adhere to the Bank’s risk and regulatory standards, policies and controls in accordance with the Bank’s risk appetite. Identify and present to Management risk-related issues requiring escalation to management. Prepare and deliver management level presentation to communicate trends and threats.
- Promote an environment that supports diversity and reflects the M&T Bank brand.
- Complete other related duties as assigned.
- Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
- Assess security controls to ensure protection of the confidentiality, integrity and availability of customer and corporate data is in line with the Bank’s enterprise risk appetite. Types of assessments and testing may include: application/system security assessments, vulnerability testing, penetration testing, static code analysis and social engineering.
- Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite.
- Identify risk-related issues needing escalation to management.
- Conduct and document security control assessments and based on the findings (including effectiveness of security controls) and recommendations of a security assessment report; reassess remediated controls, when applicable.
- Active CISA (Certified Information Systems Auditor), CAP (Certified Authorization Professional), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) certification or Cybersecurity domain-related industry-recognized certification
- Proven knowledge of information technology security principles and implementation methods (e.g., firewalls, demilitarized zones, encryption, Active Directory / LDAP, SAML)
- Strong knowledge of cybersecurity principles and industry best practices (relevant to confidentiality, integrity, availability)
- Bachelor’s degree
- Previous experience of NIST (National Institute of Standards and Technology) or Cybersecurity frameworks, with a strong focus NIST 800-53 and 800-53a
- Experience with handling multiple projects
- Experience overseeing project tasks for less experienced team members
- Associates’ degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience, including a minimum of 5 years’ relevant work experience
- Skill in evaluating security controls based on confidentiality, integrity and availability requirements of systems
- Experience meeting strict deadlines
- Working knowledge of the current version of the NIST SP800-53 and 800-53a Controls, or other recognized control frameworks, such as COBIT (Control Objectives for Information and Related Technology) or ISO
Company: M&T Bank
Vacancy Type: Full Time
Job Location: Buffalo, NY, US
Application Deadline: N/A