Career Search

Audit Team Lead - IT Enterprise Security (Cyber, Physical, BCP/DR) in Buffalo, NY at M&T Bank

Date Posted: 11/13/2018

Job Snapshot

Job Description

Audit Team Lead - IT Enterprise Security (Cyber, Physical, BCP/DR)
Buffalo, NY
 
Opportunity:
This position is responsible for leading the execution of internal audit examinations over the Bank’s cybersecurity, physical security, privacy and business continuity management programs ensuring the timely and professional execution of the examinations in accordance with professional standards.   

Responsibilities:
  • Plan, coordinate and maintain full ownership over execution of cybersecurity audit examinations and validation procedures in accordance with the Internal Audit Department’s audit methodology and professional standards.  Work with the Cybersecurity Audit Manager to establish appropriate budgets and timeframes for these examinations;  
  • Independently document and communicate recommendations to Bank Management in order to improve internal controls and reduce risk to the organization;
  • Supervise other IT Audit staff as needed, per audit engagement;
  • Responsible for becoming intimately familiar with the organization’s cybersecurity program and cyber risk management practices.  Also responsible (in collaboration with the Cybersecurity Audit Manager) for understanding cybersecurity risks that may exist across the enterprise and ensuring the Audit Department’s overall Audit Plan effectively accounts for these risks;
  • Working with the Cybersecurity Audit Manager to keep abreast of emerging cyber threats and risks both within and outside of the organization, and apply gained knowledge to audit practices;
  • Responsible for establishing a relationship with the project portfolio manager for the Enterprise Security area to fully understand the key cybersecurity projects ongoing in the Bank.  Function as the 'go to' person for the IT Audit group in regards to cybersecurity projects and participate on these projects and other investigations and initiatives as necessary;  
  • Directly communicate with Middle and Line Management to discuss audit approach, identified risks, and proposed recommendations; and
  • Maintain ongoing communication with the 1st and 2nd line Cybersecurity Risk Management/Oversight organizations to align assurance activities, share risk information, etc.

Minimum Qualifications:
Bachelor’s Degree in a related field, preferably Computer Science or Management Information Systems and 5 years of relevant professional work experience (i.e. auditing/banking/technology), or in lieu of degree 9 years of experience.  
General knowledge of audit theory, banking industry, or related technologies
1 year supervisory experience.
Strong leadership skills and ability to develop and coach others. 
Relevant professional certification, or actively pursuing professional certification. 
 
 
Ideal Qualifications:
  • Experience in cybersecurity auditing (preferably in the banking/financial services sector);
  • Working knowledge and experience in auditing the following security technologies/services:
    • Firewall systems, intrusion detection/prevention systems, data loss prevention (DLP) technology, anti-malware solutions, security information and event management (SIEM) and incident response solutions, threat intelligence platforms, vulnerability management solutions, identity and access management platforms, proxy services solutions, and DDoS mitigation services.  
  • Understanding of security risks specific to cloud computing and digital
  • Working knowledge of information security/cybersecurity frameworks/standards such as ISO 27001 and NIST standards (inclusive of the Cybersecurity Framework);
  • Understanding of cybersecurity risk governance and cybersecurity risk management concepts;
  • Understanding of supervisory expectations, regulations, and tools specific to cyber risk management practices (e.g. FFIEC IT Handbooks, FFIEC Cyber Assessment Tool, NYSDFS NYCRR 500 – Cybersecurity Requirements for Financial Services Companies, GLBA 501B Requirements, etc.)
  • Excellent verbal and written communication skills. Ability to convey complex conceptual information/ideas on issues requiring extensive interpretation and opinion. Experience in applying appropriate discretion when dealing with sensitive issues and conveying technical concepts in an easy to understand manner;
  • Proven ability in managing multiple audits, projects and initiatives simultaneously under tight deadlines;
  • Proven leadership skills, with the ability to develop and motivate teams;
  • Strong PC skills; and
  • Strong organizational and resource management skills

About M&T

At M&T, we strive to be the best place our employees ever work, the best bank our customers ever do business with and the best investment our shareholders ever make. So when looking to advance your career, look to M&T.  As a top 20 US bank holding company and one of the best performing regional banks in the country, we offer a wide range of performance based career development opportunities for talented professionals. And through our longstanding tradition of careful, conservative and consistent management and a strong commitment to the communities we serve, we continue to grow with a focus on the future.


M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer. M&T Bank Corporation does not sponsor individuals for the purpose of obtaining H-1 Visas. M&T Bank Corporation has policies and procedures in place to promote a drug free workplace.