This site uses cookies. To find out more, see our Cookies Policy

Career Search

Cybersecurity Controls Testing and Validation in Amherst, NY at M&T Bank

Date Posted: 12/3/2018

Job Snapshot

Job Description

M&T Bank

Cybersecurity Control Testing and Validation

Amherst, NY or Millsboro, DE


This position uses professional knowledge, skills, and experience to assist in the development of a comprehensive strategy for the design, maintenance and continuous enhancement of the Bank's first line of defense (FLOD) Cybersecurity controls testing program and annual testing plan.  The Risk Process Program Specialist III will also be responsible for ensuring that the execution of this strategy remains on track through mentoring of other Cybersecurity personnel and monitoring the ongoing evolution of the FLOD testing program.  Finally, this position is responsible for establishing internal and external relationships to remain in tune with emerging risks, best practices, and the evolving regulatory landscape


Assist in research, evaluation, development, documentation and maintenance of the Bank's Cybersecurity controls testing program. Ensure that the program aligns with Cybersecurity policies, Risk Management policies and Regulatory requirements.

Assist in the development and documentation of the annual Cybersecurity controls testing plan.

Provide input for the development and enhancement of Cybersecurity policies and standards first line surrounding the testing program.

Assist in the design and implementation of Key Performance Indicators (KPIs) to measure the effectiveness of the Bank's Cybersecurity controls testing program.

Assist in the development and documentation of first line risk and control definition requirements and key performance indicators (KPIs). Research and suggest potential enhancements to risk assessment and key risk indicator (KRI) measurement processes. Generate risk and control records within the Bank's electronic governance, risk, and control (eGRC) system.

Assist in the development and documentation of first line attribute testing, sampling and evidence retention requirements. Suggest potential enhancements to the manual controls testing process. Research and troubleshoot issues with manual control testing processes and provide support to the Cybersecurity testing and Validation team.

Cultivate relationships with second and third line of defense Cybersecurity testing functions (risk management and internal audit respectively).

Mentor and train junior members of the Risk Process Team.

Stay abreast of industry trends surrounding Cybersecurity controls testing. Share information with management and the Risk Process team.

Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite.  Identify risk-related issues needing escalation to management.

Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.

Minimum Qualifications Required:
Bachelor’s Degree or equivalent work experience. Education and experience in information security, information technology, mathematics, engineering, or a related discipline preferred

7 years professional / management experience in a regulated industry

2 years in cybersecurity

Prior in-depth work experience in risk management and/or audit principles
Working knowledge of standardized control frameworks (NIST, FFIEC, PCI, HIPAA)

Preferred Qualifications:

CISSP Certification

Prior experience with electronic governance, risk and compliance (eGRC) systems

M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer. M&T Bank Corporation does not sponsor individuals for the purpose of obtaining H-1 Visas. M&T Bank Corporation has policies and procedures in place to promote a drug free workplace.