Cybersecurity Risk Process Specialist
Millsboro, DE or Buffalo, NY
Uses professional knowledge, skills, and experience to lead a security practice focused on the design of cybersecurity controls assessments and testing requirements to validate the effectiveness of security controls.
Use professional knowledge, skills and experience to design and develop cybersecurity controls assessments and testing requirements to assess the effectiveness of the cybersecurity program.
Types of assessments and testing include:
Application/System Security Assessments, Vulnerability Testing, Penetration Testing, Static Code Analysis and Social Engineering.
Effectively communicate requirements to the Cybersecurity Testing and Validation Team for execution.
Advise Cybersecurity management on risk levels and security posture of the application, system or network component under review, focusing on those risks outside the Bank’s appetite.
Understand and adhere to the Bank’s standards, policies and procedures in accordance with the Enterprise Risk Appetite
Provide guidance and mentoring on matters of expertise to other departments, teams, projects and committees as needed.
Promote an environment that supports diversity and reflects the M&T Bank brand.
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
Complete other related duties as assigned.
NATURE AND SCOPE:
The Cybersecurity Department develops, maintains and administers a comprehensive program to address the confidentiality, integrity and availability of the Bank’s information assets.This position is responsible for designing controls assessments and testing requirements to validate the effectiveness of security controls. In carrying out the responsibilities, this position works under limited supervision and is required to exercise independent judgment and discretion. The position has regular interaction with non-management, middle management, certain senior management and business units and partners, as well as with the Chief Information Security Officer.
Minimum Qualifications Required:Bachelor’s Degree or equivalent work experience. Education and experience in information security, information technology, mathematics, engineering, or a related discipline preferred.
7+ years professional / management experience in a regulated industry.
2+ years in cybersecurity
Knowledge of the risk assessments and cntrols testing and cyber threats & vulnerabilities.
Skill in designing security controls and valid and reliable assessments
Ability to function effectively in a dynamic, fast-paced environment.
Knowledge of emerging security issues, risks, and vulnerabilities.
Skill in utilizing feedback in order to improve processes, products, and services.