Cybersecurity Governance Specialist

Overview

Responsible for providing input, support, and analysis to general cybersecurity business processes. Assists in the creation of new or updating of existing processes and policies that ensure resiliency and security of the organization.

Primary Responsibilities

• Build out job aids and process documentation to ensure consistent framework across all teams and shifts.
• Participate in the review and update of policies and procedures pertaining to various governance areas.
• Conduct and document research on industry best practices and regulatory requirements to inform policy development.
• Maintain systems and processes for monitoring compliance with established policies and procedures.
• Analyze and report on compliance data to provide insights and recommendations to Cybersecurity leadership.
• Collaborate with Cybersecurity, Technology, and First Line Risk teams and, at times, business lines to proactively mitigate risk through existing policies and procedures.
• Gather and share data to peers and leadership for internal audit and regulatory requests, ensuring highest degree of accuracy.
• Assists various aspects of remediation activities by drafting key actions, timeline, and communication plan.
• Effectively communicate governance activities and updates to stakeholders across Cybersecurity teams.
• Proactively respond to ad-hoc Cybersecurity analysis requests, questions, and issues.
• Maintain vendor relationships for specific security products or solutions, including communication around maintenance, issue resolution, and troubleshooting.
• Strategize with leadership to manage vendor relationships by informing budget for future tools and needs.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
• Promote an environment that supports belonging and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities

• Partners with peers, manager, Cybersecurity team, First Line Risk team.
• Leverages established directions, policies, and guidelines to accomplish work.
• Work is reviewed for accuracy and overall quality.
• Working knowledge of 1-2 cybersecurity platforms and applications within function.

Manager Responsibilities

No supervisory responsibilities.

Education and Experience Required

• Bachelor's degree and a minimum of 2 years’ relevant work experience, or in lieu of a degree, a combined minimum of 6 years’ higher education and/or work experience inclusive of a minimum 1 year work experience in Cybersecurity, Technology, or Risk/Audit.
• Demonstrated working knowledge of cybersecurity principles and compliance requirements.

Education and Experience Preferred

• Working knowledge of 1-2 cybersecurity platforms and applications within function.
• Proven experience thinking critically and solving problems.
• Strong written and verbal communication skills.
• Ability to collaborate effectively with all levels of personnel and business partners across the organization.
• Demonstrated working knowledge of technology risk principles and compliance requirements.
• Proven experience translating technical requirements into clear policies and procedures.

Key skills/competency

• Cybersecurity
• Governance
• Compliance
• Risk Management
• Policy Development
• Procedure Documentation
• Audit Support
• Regulatory Requirements
• Vendor Management
• Stakeholder Communication