The Bank sponsors individuals for TN and H-1B transfers on a case by case basis. Please note that this position is not open to anyone on an F-1 student visa including those eligible for CPT/OPT or the Stem OPT extension.

This role follows a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for onsite and in person collaboration the other three days.

**This position is available in Buffalo, NY or Wilmington, DE**

About M&T Bank

At M&T Tech, we’re a team of makers, doers, and builders, working to create the most advanced technology solutions in banking. We’re not your stereotypical suit and tie bankers: we’re an innovative team of leading tech experts, pushing boundaries, and taking risks. We’re building an agile team of the most skilled and creative workers to solve complex problems, architect solutions, write high-performance software, and chart our new path, all to make the lives of our customers, and the communities that we serve, better. Join us and be part of something new as we build tomorrow’s bank, today.

Overview:

Leads a security practice focused on specialized assessment of security controls for systems and applications. Leverages a risk-based approach to ensure appropriate security principles and controls are applied during the system development life cycle to meet stakeholder objectives and protect customer and corporate assets in line with enterprise risk appetite.

Primary Responsibilities:

• Understand enterprise architecture to identify security gaps, develop controls and design solutions meeting business objectives while complying with security standards.
• Recommend appropriate security controls to protect confidentiality, integrity and availability of customer and corporate data in line with the enterprise risk appetite.
• Document and verify recommended security controls are aligned with Bank policies and standards as well as industry best practices, ensure proper documentation of exceptions to standards and/or recommend mitigating controls.
• Work with business teams and Cybersecurity leadership to identify and recommend exceptions to standards for projects.
• Participate in development and refinement of standards with Cybersecurity policy team.
• Prepare required systems and applications security documentation, ensuring alignment with applicable laws, regulations, Bank policies and standards, as well as industry best practices.
• Present technical information to technical and non-technical audiences to ensure business understanding of security controls and recommendations. Present recommendations to various levels within the organization including senior management.
• Communicate required systems and applications security controls to owners or technical leads, ensuring alignment with applicable laws, regulations, Bank policies and standards, as well as industry best practices.
• Engage with Technology teams and management to identify security risks of proposed projects and recommend system and application modifications.
• Remain current with industry trends and security threats to advise management on how to mitigate and contain risks to the business. Prepare and deliver management level presentations to communicate trends and threats.
• Mentor less experienced personnel on Cybersecurity principles and application, in relation to Bank standards.
• Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities:

Education and Experience Required:

Minimum of 2 years’ higher education and 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience, including a minimum of 7 years’ relevant work experience

Strong knowledge of cybersecurity principles and industry best practices, relevant to confidentiality, integrity and availability

Proven knowledge of information technology security principles and implementation methods (e.g., firewalls, demilitarized zones, encryption, Active Directory / LDAP, SAML)

Experience selecting security controls based on confidentiality, integrity and availability requirements of systems

Experience handling multiple projects, meeting strict deadlines and overseeing project tasks for less experienced team members

Education and Experience Preferred:

Bachelor's degree

CISSP (Certified Information Systems Security Professional) or CRISC (Certified Risk and Information Systems Control) certification or Cybersecurity domain-related industry-recognized certification

Knowledge of Risk Management framework

Working knowledge of project management methodology

Knowledge of organizational security policies, standards and procedures

Working knowledge of project management methodology

Knowledge of organization's risk tolerance and/or risk management approach

Strong knowledge of security technologies and architecture, including encryption, cloud network security design, role-based access control, perimeter security and application security

Knowledge of Cybersecurity threats

Knowledge of emerging security issues

Knowledge of risk management framework requirements

Knowledge of security assessment and authorization process

Experience developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists

Experienced in conducting security review of systems

Working knowledge of the current version of the NIST (National Institute of Standards & Technology) SP800-53 Controls, or other recognized control frameworks, such as COBIT (Control Objectives for Information and Related Technology) or ISO

M&T Bank is a Top 11 US bank holding company and one of the best performing and financial stable regional banks in the country, we offer our technology employees a wide range of performance-based career development opportunities. We have a strong commitment to our customers and the communities we serve, and we continue to grow with a focus on the future. So, when looking to advance your career, look to M&T. Grow with us.

Hiring Immediately.

We support our team members with generous benefits.

• Competitive compensation
• Health, welfare, and retirement benefits
• 401(k) match at 5%
• Work-life balance and flexible work arrangements
• Up to 25 days PTO plus 12 paid holidays

#MTBTechCareers, #MTBTechLife & #MTBTechHub #CybersecurityJobs #InfosecJobs #CybersecurityCareer #Hiring #JobOpening#ITJobs #TechJobs #CISSP #Cybersecurity

#cybersecuritysolutions #cybersecurityarchitecture #securitymanagement #informationsecurity #cybersecurityleadership #securitysolutions #cybersecuritystrategy #cybersecuritymanagement #securearchitecture #ITsecuritysolutions #networksecurity #cybersecurityprofessional #securityconsulting #securityassessment #cybersecurityteam #riskmanagement #datasecurity #cloudsecurity #cybersecurityawareness #cybersecurityexpert #solutionsarchitect

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $97,869.52 - $163,115.87 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

Location:

Buffalo, New York, United States of America