Career Search

Controls Assessment & Validation Specialist - 3DKYP in Amherst, NY at M&T Bank

Date Posted: 9/24/2018

Job Snapshot

Job Description

M&T Bank
Controls Assessment & Testing Specialist
Amherst, NY
Under limited guidance, review and participate in security assessments and/or conduct vendor onsite audits of third-party relationships.  Prepare reports, which will be used to evaluate the risks and controls of internal or third-party relationships and track potential findings to remediation.  Provide Third-Party Risk Management support related to third-party on-boarding and due diligence. 
Position Responsibilities
Under limited guidance of senior staff members, maintain a comprehensive understanding the internal or third party security architecture to identify security gaps or concerns.
Under limited guidance of senior staff members, review and identify issues with internal or third party security environments to ensure M&T confidential customer and/or corporate information protect its confidentiality, integrity, and availability through documented compliance with Cybersecurity policies, standards and best practices. 
Review the effectiveness of security controls on an ongoing basis to determine whether the risk remains acceptable.
Under limited guidance of senior staff members, obtain an understanding and assist in preparing and completing required Cybersecurity security documentation, within established SLA's, ensuring alignment with all applicable laws, regulations,  Bank policies and standards, as well as industry best practices in accordance with the Bank's risk appetite. As necessary, present to Management risk-related issues requiring escalation to management.
Assist in conducting and documenting results of internal or third party on-site reviews of the information security environment. 
Present technical information to technical and non-technical audiences to ensure the business lines understand the testing of the security control results.  Assist in creating and presenting recommendations to various levels within the organization, up to an including senior management.
When necessary, accompany senior staff members on internal and/or Senior Leadership on third party onsite visits, documenting the results, and attending presentations of findings to risk committees upon request.
Engage with Technology teams to identify security risks of proposed third party environments and recommend potential system/application modifications.
Remains current with industry trends and security threats to advise management on how to mitigate and contain risks to the business.
Partners with lines of business line to ensure cybersecurity documentation is completed and ongoing monitoring requirements are fulfilled.
With guidance, mentor junior personnel on Cybersecurity principles and application, in relation to Bank Policies and Standards.
Adapts quickly to new challenges and an ever changing environment with attention to detail.
Able to assert ideas and participate in team work.
Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite.  Identify risk-related issues needing escalation to management.
Promote an environment that supports diversity and reflects the M&T Bank brand.
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
Complete other related duties as assigned.
Up to 50% annual travel commitment
Minimum Qualifications Required
Minimum: 2 years higher education and three (3) years relevant work experience, or in lieu of education requirement, five (5) years of relevant work experience.
Knowledge of NIST or Cybersecurity Frameworks with a focus on NIST 800-53
Demonstrated knowledge of cybersecurity principles and industry best practices, relevant to Confidentiality, Integrity, and Availability.
Knowledge of security controls and their application.
Experience with managing projects and assisting junior team members as needed.
Preferred Qualifications
Bachelor's Degree.
Security certification or Cybersecurity domain-related industry-recognized certification.
Knowledge of organizational security policies, standards and procedures.
Knowledge of organization's risk tolerance and/or risk management approach. 
Knowledge of project management methodology.
Basic knowledge of security technologies and architecture, including encryption, cloud network security design, Role Based Access Control, perimeter security and application security.
Knowledge of Cybersecurity threats.
M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer. M&T Bank Corporation does not sponsor individuals for the purpose of obtaining H-1 Visas. M&T Bank Corporation has policies and procedures in place to promote a drug free workplace.