Operational Risk Advisor – Cybersecurity

at M&T Bank
Published February 11, 2024
Location Rochester, NY
Category Default  
Job Type Full-time  



This role functions with a moderate level of autonomy, leveraging team peer connections, support from Risk Specialists and more senior members in the oversight of the Technology and Cybersecurity division regarding risk management. The functions of this role are primarily focused on a proactive risk management activity for assigned areas within the Technology and Cybersecurity division, providing oversight, effective challenge, assessment and/or advisory services. This will be accomplished through documenting engagement activities, areas of concern, and measuring the potential risk to the organization as it relates to the organizations risk appetite. This may include issuance of findings, review of remediation plans and validation of closure evidence

Primary Responsibilities:

  • Appropriate management of the Technology and Cybersecurity risk activities (findings/validations, remediation plans/updates, closure and closure validation).

  • Execute independent/annual Targeted Review(s); planning, execution and reporting of detailed fieldwork regarding high/medium-high risk areas within the Technology/Cybersecurity division.

  • Assist with oversight of Technology and Cybersecurity Risk Control Self Assessments (RCSAs) and other risk management reporting; this includes gap and delta assessments.

  • Engage with assigned oversight areas; understanding the technology, overseeing and advising project/product work prior to implementation leveraging past experience and expertise, risk management practices, existing risk register and validation of controls.

  • Identify and assess emerging risks and risks associated with new products/ services/ markets/ channels or changes to existing products/ services/ markets/ channels.

  • Responsible for fieldwork (analysis, investigations, incidents, KRI/KPI metrics breaches, etc.) where some of this may be supported by team Risk Specialists.

  • Participate in audits and in-depth reviews of Technology/Cybersecurity business line efforts and risk management activities.

  • Adhere to applicable operational risk controls in accordance with Company or regulatory standards and policies and standards.

  • Leverage existing hands on experience in Technology and/or Cybersecurity roles and knowledge of industry frameworks utilized by the by the organization such as NIST, FFIEC AIO, and ITIL to provide guidance and build trusted partnerships with internal staff and third parties.

  • Develop and analyze Technology & Cybersecurity metrics (KRIs, KPIs)

Specific to Posting:

  • This role has the potential to work remote work/hybrid work week.

  • Opportunity to utilize your past experience and expertise to influence Technology and Cybersecurity efforts.

  • Leverage risk management practices to identify risks and provide advice on the selection, design, implementation, testing and operation of controls.

Supervisory/Managerial Responsibilities:

No direct management but may provide guidance to analysts and specialists.

Education and Experience Required:

Bachelor's degree and six years' experience in compliance, legal, audit, risk or other relevant function,

OR in lieu of degree,

A combined minimum ten years' higher education and/or work experience including six years' experience in compliance, legal, audit, risk or other relevant function.

Proficient computer skills (including spreadsheet and word processing software), analytical skills, working knowledge of applicable laws, written and verbal communications w/ all levels.

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $110,635.01 - $184,391.68 Annual (USD). The successful candidate's particular combination of knowledge, skills, and experience will inform their specific compensation.


Buffalo, New York, United States of America

M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer, including disabilities and veterans.