Controls Assessment & Testing Specialist – Technology and Cybersecurity Risk

Controls Assessment & Testing Specialist – Technology and Cybersecurity Risk

Requirements

• Bachelor’s degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience
• Demonstrated advanced knowledge of Technology and Cybersecurity risk principles
• Minimum of 4 years’ relevant work experience in or with the specific Technology and/or Cybersecurity risk area and/or business unit

Responsibilities

• Lead comprehensive and complex risk assessments, ensuring the identification, analysis, and mitigation of potential control gaps and corresponding remediation plans.
• Formulate and implement risk management plans, inclusive of reporting and documentation, such as writing standards or reviewing non-compliance to standards, creating targeted risk assessments, or reporting on findings, or leading risk controls self-assessments.
• Lead compliance efforts for respective function, ensuring adherence to industry regulations and standards through internal standards.
• Partner strategically with cross-functional teams and senior leadership to ensure swift and effective action when events occur which are beyond or potentially beyond the Bank’s risk appetite.
• Assist with preparation and response to regulatory engagements, including preparing materials, coordinating responses from various individuals, aiding in exam management (template folders, collection of first day letter and follow-up requests).
• Assess implications of new methodologies and recommend ways for Technology and Cybersecurity Risk leadership to innovate the risk management strategy and their integration while maintaining a proactive stance against potential risks.
• Mentor newer analysts, fostering their professional growth and ensuring a high standard for all risk analysts within the team.
• Recommend enhancements to Technology and Cybersecurity risk management training programs to increase technology’s overall awareness and application of best practices.
• Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Preferred Qualifications

• Applicable certification align to function or domain such as Certified in Risk and Information Systems Control (CRISC®), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP)
• Proficient level of critical thinking and able to lead problem solving
• Excellent communication and interpersonal skills
• Experience partnering with leadership to design solutions
• Excellent ability to strategically seek critical information, and apply to specific processes
• Prior experience prioritizing across competing priorities and quickly changing landscape, and deliver results aligned with priorities
• Proficient persuasive communication skills to gain buy-in of others