Senior Analyst - Technology and Cybersecurity Risk

$82,783 - $137,972/Yr

M&T Bank - Buffalo, NY

posted 8 days ago

Full-time - Mid Level
Buffalo, NY
Credit Intermediation and Related Activities

About the position

The Senior Analyst - Technology and Cybersecurity Risk role is focused on executing security assessments to evaluate the effectiveness of cybersecurity controls within the organization. This position involves conducting vendor reviews, assessing security gaps, and ensuring compliance with the Bank's risk appetite. The analyst will prepare documentation, present findings to various stakeholders, and mentor less experienced personnel, all while remaining current with industry trends and threats.

Responsibilities

  • Understand the enterprise and/or third party security architecture to identify security gaps.
  • Assess security controls to ensure protection of the confidentiality, integrity and availability of customer and corporate data.
  • Review effectiveness of security controls on an ongoing basis to determine whether the risk remains acceptable.
  • Prepare required systems and applications cybersecurity documentation within established SLAs, ensuring alignment with applicable laws, regulations, and industry best practices.
  • Conduct and document security control assessments and reassess remediated controls when applicable.
  • Present technical information to technical and non-technical audiences to ensure understanding of security control results.
  • Accompany senior leadership on third party onsite visits, documenting results and presenting findings to risk committees.
  • Partner with lines of business to ensure cybersecurity documentation is completed and ongoing monitoring requirements are fulfilled.
  • Engage with Technology teams to identify security risks of proposed third party environments and recommend modifications.
  • Identify and present risk-related issues requiring escalation to management.
  • Prepare and deliver management level presentations to communicate trends and threats.
  • Mentor less experienced personnel on Cybersecurity principles and application.
  • Maintain internal control standards, including timely implementation of audit points.

Requirements

  • Associates' degree and a minimum of 5 years' relevant work experience, or a combined minimum of 7 years' higher education and/or work experience including 5 years' relevant work experience.
  • Previous experience with NIST or Cybersecurity frameworks, particularly NIST 800-53 and 800-53a.
  • Strong knowledge of cybersecurity principles and industry best practices.
  • Proven knowledge of information technology security principles and implementation methods.
  • Skill in evaluating security controls based on confidentiality, integrity and availability requirements of systems.
  • Experience with handling multiple projects and meeting strict deadlines.
  • Experience overseeing project tasks for less experienced team members.

Nice-to-haves

  • Bachelor's degree
  • Active CISA, CAP, CISSP, CISM, or CRISC certification or related industry-recognized certification.
  • Working knowledge of the current version of the NIST SP800-53 and 800-53a Controls, or other recognized control frameworks.
  • Knowledge of organization's risk tolerance and/or risk management approach.
  • Working knowledge of project management methodology.
  • Strong knowledge of security technologies and architecture, including encryption and cloud network security design.
  • Knowledge of Cybersecurity threats and emerging security issues.

Benefits

  • Competitive salary based on experience and skills.
  • Comprehensive health insurance coverage.
  • 401k retirement savings plan with company matching contributions.
  • Paid time off and holidays.
  • Professional development opportunities.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service