Career Search

Cybersecurity Risk Analyst II - 3DJOP in Buffalo, NY at M&T Bank

Date Posted: 7/12/2018

Job Snapshot

  • Employee Type:
  • Location:
    Buffalo, NY
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
  • Job ID:

Job Description

M&T Bank

Cybersecurity Risk Analyst II

Buffalo, NY


Uses professional knowledge, skills, and experience to support a Cybersecurity risk management and governance practice focused on Cybersecurity Risk Assessments, First Line of Defense Test Strategy development and maintenance of Cybersecurity Policies and Standards evaluation of Cybersecurity legal and regulatory requirements and/or development and execution of the Cybersecurity awareness program.
Under limited guidance of senor staff members and in accordance with established procedures and workflows, execute Cybersecurity risk assessments and summarize results.
Participate in the research, evaluation, development, documentation and maintenance of the Bank's Cybersecurity controls testing program and plan. Learn basics of program alignment with Cybersecurity policies, Risk Management policies and regulatory requirements.
In collaboration with organizational stakeholders and area subject matter experts and in accordance with established procedures and workflows, recommend and develop new Cybersecurity Policies and Standards and Awareness Training content. Update and enhance existing Cybersecurity Policy, Standards and Awareness Training. Ensure compliance with legal and regulatory requirements and industry best practices.
In accordance with established procedures and workflows, review assigned regulatory notifications to identify impact to the organization. Discuss results with stakeholders and develop recommendations as to how to address gaps. Summarize results and recommendations and present to management.
Maintain current knowledge and assist in enforcement of Cybersecurity policies, standards and other governance. Assist senior analysts in development and enforcement of Cybersecurity policies, standards and other governance. Promote and enforce Cybersecurity policies, standards and other governance.
Maintain current knowledge of M&T Bank's Cybersecurity and Risk management policies, standards and procedures as well as industry best practices.
Support senior analysts in identifying and evaluating Cybersecurity risk to the business. Assist in developing risk mitigation strategies.
Provide current data for KRIs (Key Risk Indicators) and KPIs (Key Performance Indicators). Review current KRIs and KPIs, recommend enhancements to management.
Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.
Promote an environment that supports diversity and reflects the M&T Bank brand.
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
Complete other related duties as assigned.
Required Qualifications:
Associate’s degree and a minimum of 3 years’ relevant work experience, or in lieu of a degree, a combined minimum of 5 years’ higher education, including 3 years’ relevant work experience
Proven knowledge of Cybersecurity principles (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
Proven experience facilitating small group discussions
Proven skill in conducting research and evaluating information for reliability, validity, objectivity and relevance
Proven experience communicating complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
Proven skill in conducting information searches
Proven experience discerning protection needs (i.e., security controls) of information systems and networks
Demonstrated knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
Preferred Qualifications:
Bachelor's Degree
CISSP (Certified Information Systems Security Professional) or CRISC (Certified in Risk and Information Systems Control) certification or Cybersecurity domain-related industry-recognized certification
Knowledge of organization's risk tolerance and/or risk management approach
Knowledge of organizational security policies
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)



We encourage candidates with relevant military experience to apply.

About M&T

At M&T, we strive to be the best place our employees ever work, the best bank our customers ever do business with and the best investment our shareholders ever make. So when looking to advance your career, look to M&T.  As a top 20 US bank holding company and one of the best performing regional banks in the country, we offer a wide range of performance based career development opportunities for talented professionals. And through our longstanding tradition of careful, conservative and consistent management and a strong commitment to the communities we serve, we continue to grow with a focus on the future.

M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer.
M&T Bank Corporation does not sponsor individuals for the purpose of obtaining H-1 Visas.
M&T Bank Corporation has policies and procedures in place to promote a drug free workplace.