M&T Bank - Buffalo, NY
posted 3 months ago
The Cybersecurity Risk Advisor role is situated within the Technology and Cybersecurity Risk Operations (TCRO) organization at M&T Bank. This position operates with a moderate level of autonomy, relying on connections with team peers and support from Risk Specialists and senior members to execute second line risk management functions. The primary focus of this role is proactive risk management for assigned areas within the Technology and Cybersecurity division. This includes providing oversight, effective challenge, assessment, and advisory services. The advisor will engage in direct oversight of Technology and Cybersecurity operations, documenting engagement activities, identifying areas of concern, and measuring potential risks in relation to the organization's risk appetite. Responsibilities may involve issuing reports, reviewing remediation plans, and validating closure evidence. The role requires appropriate management of Technology and Cybersecurity risk activities, including findings, validations, and remediation plans. The advisor will execute independent and annual Targeted Reviews, planning and reporting on detailed fieldwork concerning high and medium-high risk areas within the division. Additionally, the advisor will assist in overseeing Technology and Cybersecurity Risk Control Self Assessments (RCSAs) and other risk management reporting, which includes conducting gap and delta assessments. Engaging with assigned oversight areas is crucial, as the advisor must understand the technology and provide guidance on project and product work prior to implementation, leveraging past experience and expertise in risk management practices. The advisor will also be responsible for identifying and assessing emerging risks associated with new products, services, markets, or changes to existing offerings. Fieldwork responsibilities include analysis, investigations, and monitoring of Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs). Participation in audits and in-depth reviews of Technology and Cybersecurity business line efforts and risk management activities is expected. The advisor must adhere to operational risk controls in accordance with company and regulatory standards, utilizing hands-on experience in Technology and Cybersecurity roles and knowledge of industry frameworks such as NIST, FFIEC AIO, and ITIL to provide guidance and build trusted partnerships with internal staff and third parties. The role also involves developing and analyzing Technology and Cybersecurity metrics specific to the organization.