Uses professional knowledge, skills, and experience to assist in developing comprehensive strategies for use and continuous enhancement of the Bank's centralized control assessment technologies. Ensures execution of this strategy remains on track through mentoring other Cybersecurity personnel and monitoring on-going evolution of the centralized control testing process. Establishes internal and external relationships to remain current with emerging risks, best practices, and evolving regulatory landscape to support these activities.
- Assist in formulating business requirements that drive implementation or enhancement of technologies to meet centralized control assessment objectives including vulnerability scanning and penetration testing tools, server compliance assessment tools and static code analysis tools.
- Assist in design of processes to utilize centralized control assessment technologies.
- Assist in developing and documenting of operational procedures for use of centralized control assessment technologies.
- Assist in identifying, evaluating and implementing process and reporting enhancements that can be made within centralized control assessment technologies; provide support to the vulnerability assessment team based on developing knowledge.
- Participate in conversations with centralized assessment technology vendors.
- Assist in developing test scripts for implementation or upgrade of centralized assessment technologies and document test results.
- Assist in design and documentation of technical compliance standards for Bank systems and infrastructure.
- Assist in developing escalation procedures to track and remediate centralized control assessment findings.
- Research and train on industry trends surrounding centralized control assessment technologies. Share information with management and the Risk Process team.
- Provide input to management during annual budgeting process as requested.
- Grow relationships with Technology teams that support centralized assessment technologies.
- Mentor and train less experienced team members.
- Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.
- Promote an environment that supports diversity and reflects the M&T Bank brand.
- Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
- Complete other related duties as assigned.
Education and Experience Required:
Associate’s degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience, including a minimum of 5 years’ relevant work experience
Prior experience with vulnerability assessment tools
Strong customer-service orientation
Excellent written and verbal communication skills
Experience working independently and with a team
Experience generating, collecting, storing and retaining audit data
Working knowledge in various scanning solutions and vulnerability risk management platforms
Education and Experience Preferred:
CISSP (Certified Information Systems Security Professional), CRISC (Certified Risk and Information Systems Control) certification and/or Cybersecurity domain-related industry-recognized certification
Excellent technical writing skills
Prior experience with Incident Response
Working knowledge on Vulnerability Risk Management lifecycle solutions
Working knowledge of eGRC