Principal Specialist - Technology and Cybersecurity Risk

Overview:     

Leads risk analysis for the most complex initiatives, influencing and designing overarching risk framework and providing expert guidance to senior leadership for informed decision-making aligned with organizational imperatives.

Primary Responsibilities:

• Develop and implement strategic risk framework ensuring comprehensive coverage of all technology capabilities.
• Lead execution of strategic risk management framework and program that aligns practices with business objectives and regulatory requirements, including (but not limited to) developing complex process maps, responses to regulatory bodies and audit, and summary of complex findings.
• Optimize and implement frameworks, providing expert guidance and leading transformative efforts to achieve industry-leading technology risk compliance.
• Spearhead collaboration among cross-functional teams across the Bank and executive leadership to align technology practices with overarching business goals and regulatory requirements; maintain productive relationships with external stakeholders and/or with third-party engagements to ensure resiliency of Technology, Cybersecurity, and the overall Bank.
• Oversee preparation and response to regulatory engagements; may act as subject matter expert in regulatory meetings.
• Lead integration of advanced or complex risk management methodologies to drive innovation and to address evolving threats.
• Mentor and coach team members within department, fostering their professional growth and ensuring a high standard for all risk analysts within the team.
• Influence design and delivery of training programs to strengthen the Technology and Cybersecurity Risk function and enhance the ability to effectively manage technology and cybersecurity risk.
• Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite.  Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities:

• This position primarily interacts with senior people leaders within the Technology and Cybersecurity teams, senior people leaders of Technology and Cybersecurity Risk, and across the bank, and internal partners such as Enterprise and Operational Risk, Internal Audit, Regulatory Affairs. 
• Work is accomplished with periodic direction.  The position exercises judgement in the majority of aspects of their role. It exerts significant latitude in determining strategy of approach and takes calculated risks with consultation from expert.
• This role may present to Regulators under the direction of senior Technology and Cybersecurity Risk leaders.

Supervisory/Managerial Responsibilities:

No supervisory responsibilities.

Education and Experience Required:

• Bachelor's degree and a minimum of 9 years’ relevant work experience, or in lieu of a degree, a combined minimum of 13 years’ higher education and/or work experience
• Demonstrated expert knowledge of Technology and Cybersecurity risk principles
• Minimum of 8 years' relevant work experience in and/or with the specific risk area and/or business unit

Education and Experience Preferred:

• Master's degree in Information Technology, Computer Science, Cybersecurity, Law, Business Administration, or related field
• Applicable certification align to function or domain such as Certified in Risk and Information Systems Control (CRISC®), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP)
• Demonstrated ability to indirectly lead strategic direction of team
• Excellent communication and interpersonal skills; proven ability to effectively convey message to technical and business leaders
• Experience partnering with leadership to design solutions aligned with business needs
• Excellent ability to strategically seek critical information, and apply across a broad array of processes
• Prior experience prioritizing across competing priorities and quickly changing landscape, and execute outcomes aligned with priorities
• Experience effectively influencing senior leaders
• Excellent mentoring and leadership capabilities

Physical Requirements:

Location