Overview: Supports and assists in providing designs, information systems solutions and technical direction in development of new or existing programs to solve basic to complex problems or enhancements. Acts in coordination with principal application designers for major modifications effectively using analytical skills, technical skills, available technology and tools in the evaluation of client requirements and processes. Provides solutions that are technologically sound. May complete daily support activities and special projects.
Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
Support development, implementation and execution of various operational risk and compliance-related initiatives, systems and processes.
Assist in providing centralized governance, compliance and risk management expertise to business lines, support functions and managers concerning information security and privacy regulatory compliance and/or risk management and Information Technology and Bank Operations on applicable information security and privacy regulations concerning financial institutions.
With collaboration from senior team members, provide guidance, testing plans and/or survey documents used by all business units ensuring conformance to established compliance, regulatory, best practice and risk management programs.
Identify potential conformance issues, review with supervisor or senior professionals, and provide to functional areas requiring improvements.
Responsible for extensive contact with Operations, Technology and business unit personnel in a training and auditing capacity.
Support functions, systems and processes critical to meet regulatory, legal and risk mitigation requirements and reduce risk of fines and penalties resulting from non-compliance impacting profitability.
Interact with various internal and external audit and regulatory examination personnel.
May assist with replies to questionnaires sent to the Bank and follow-up on questions or comments to external agencies when required.
Work under general supervision of more experienced personnel while being afforded opportunity to exercise independent judgment and discretion and assisting less experienced team members.
Responsible for regular interaction with non-management, middle management, certain senior management, business units and partners.
May interact and coordinate initiatives with outside teams and external professional organizations supporting areas of expertise.
Assist with documenting and communicating proposed new approaches, methods, technologies or breakthroughs in area of expertise.
Represent information security governance, compliance and risk management function on committees, ad-hoc projects as assigned.
May work independently on all high-level systems analysis and technical phases of development.
Understand and adhere to the Company's risk and regulatory standards, policies and controls in accordance with the Company's Risk Appetite. Identify risk-related issues needing escalation to management.
Promote an environment that supports diversity and reflects the M&T Bank brand.
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
Complete other related duties as assigned.
Education and Experience Required: Combined minimum of 5 years' higher education and/or work experience, including a minimum of 2 years' relevant work experience in two (2) or more of the following Cybersecurity domains: a. Security and Risk Management; b., Asset Security; c., Security Engineering; d., Communication and Network Security; e., Identity and Access Management; f., Security Testing; and, g. Security Operations
Understanding of System Development Life Cycle (SDLC), networking concepts and protocols and network security methodologies
Detailed knowledge of application development support software and hardware platforms
Detailed technical knowledge of mainframe, distributed computing environments and network security architecture concepts including topology, protocols, components and principles
Experience completing complex problem analysis and problem resolution
Prior experience quickly learning new technical skills and supporting systems, tools, and processes
Detailed technical knowledge of Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), attack methodologies and traffic flows for threats and vulnerabilities
Detailed technical knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
Education and Experience Preferred: Bachelor's degree in an applicable discipline
Minimum of 4 years' relevant work experience in two (2) or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security Operations
Knowledge of the Bank's application development support software and hardware platforms
Experience researching and recommending application development support software and hardware platforms through an understanding of client area function and deliverable requirements for current and future-state planning
Technical experience with mainframe, virtual and/or distributed computing environments
Cybersecurity domain-related industry-recognized certification or platform-specialty certification