Career Search

CyberSecurity Policies & Standards Analyst - 3DGHK in Amherst, NY at M&T Bank

Date Posted: 6/11/2018

Job Snapshot

  • Employee Type:
  • Location:
    Amherst, NY
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
  • Job ID:

Job Description


M&T Bank

Cybersecurity Policies & Standards

Amherst, NY


Basic Function

Develop Cybersecurity Policy and Standards for the enterprise.  Ensures policies and standards address legal and regulatory requirements.  Provide subject matter expertise to security and technology teams. Provide guidance to peers and information owners on implementing secure information systems and processes.  Provides input into Cybersecurity Risk Assessments based on area of expertise. Provides centralized cybersecurity policy and standards governance expertise to functional areas throughout the organization.  Assists functional areas to make sound business decisions based upon these considerations.


Position Responsibilities

Establish and maintain subject matter expertise on Cybersecurity policy and standards. 

Develops and publishes Cybersecurity policy and standards in accordance with legal and regulatory requirements as well as industry best practices.  Ensure alignment of Cybersecurity policy and standards with the Banks’ risk appetite.

Effectively works with stakeholders to ensure thorough understanding of policy and standard.  Effectively communicates Cybersecurity policy and standards requirements throughout the organization.

Develops and improves policy and standards governance process within assigned area. 

Analyzes exception requests to cybersecurity standards, provides input and recommendations to management to address exceptions and/or design mitigating controls to within the banks risk appetite.

Mentors other staff members on cybersecurity standard governance to help maintain sound operational practices and advise functional areas across the organization of needed controls.

Maintains currency on laws, regulations, and best practices related to cybersecurity policy and standards. 

Analyzes changes for incorporation into Policy and Standards, recommends updates to management to ensure currency.

Ensures production of statistical reports of results and helps select effective and efficient corrective actions.

Helps maintain assigned area adherence with all applicable policies, standards, procedures, and other controls.

Ensures prompt and appropriate resolution to audit and examination recommendations in area of responsibility.

Manages small to complex projects as required.

Provides guidance and mentoring to other departments, teams, projects and committees regarding the cybersecurity aspects of standard governance.

Involves other expert professionals as required.

Ensures appropriate functional area representation on assigned committees and projects.

Performs and oversees basic to complex security analysis, standards design, and security gap analysis.

Clearly understands the function and content of applicable cybersecurity policies, standards, and procedures as well as threats, risks, and vulnerabilities at a functional level.

Demonstrates ability to enlist expert resources when necessary.

Ensures timely completion of other requirements as assigned by management.


Nature and Scope

This position works under limited supervision of Senior Management and is required to exercise independent judgment and discretion.


Responsible for assigned aspects of area's responsibilities, which include problem resolution, policy//procedure development, risk assessments, gap analysis, etc.


Develops reviews and enhances cybersecurity policies and standards.


Proactively works with functional areas throughout the organization to ensure awareness of cybersecurity standards.


Provides expert counsel on matters related to assigned areas of expertise.

Minimum Qualifications
Bachelor’s Degree or equivalent work experience.

Minimum of 5 years of industry experience preferred especially in banking.

Excellent written and verbal communication skills.


Preferred Experiences:

Prior CyberSecurity experience

Prior experience writing policy or standards in any industry, ideally CyberSecurity

Working knowledge of NIST SP800-53r4 preferred.

CISSP or another Security Certificate helpful



M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer.
M&T Bank Corporation does not sponsor individuals for the purpose of obtaining H-1 Visas.
M&T Bank Corporation has policies and procedures in place to promote a drug free workplace.