Overview:

Provides designs, information systems solutions and highly technical direction in development of new or existing programs to solve basic to complex problems or enhancements.  Serves as principal application designer for major modifications effectively using analytical skills, technical skills, available technology and tools in evaluation of client requirements and processes.  Provides solutions that are technologically sound.  May complete daily support activities and special projects.  Often directs and monitors activities of less experienced staff.  Coordinates with Cybersecurity teams, stakeholders and leadership to provide framework, design, threat, posture analysis and reporting.   Provides advice and input for Disaster Recovery, Contingency and Continuity of Operations Plans.

Primary Responsibilities:

• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources and develop proactive solutions to maintain or improve security posture.
• Support development, implementation and execution of various operational risk and compliance-related initiatives, systems and processes.
• Assist in providing centralized governance, compliance and risk management expertise to business lines, support functions and managers concerning information security and privacy regulatory compliance and/or risk management and Information Technology and Bank Operations on applicable information security and privacy regulations concerning financial institutions.
• With collaboration from senior team members, provide guidance, testing plans and/or survey documents used by business units ensuring conformance to established compliance, regulatory, best practice and risk management programs.
• Identify potential conformance issues, review with supervisor or senior professionals and provide to functional areas requiring improvements.
• Responsible for extensive contact with Operations, Technology and business unit personnel in a training and auditing capacity.
• Support functions, systems and processes critical to meet regulatory, legal and risk mitigation requirements and reduce risk of fines and penalties resulting from non-compliance impacting profitability.
• Interact with various internal and external audit and regulatory examination personnel.
• May assist with replies to questionnaires sent to the Bank and follow-up on questions or comments to external agencies when required.
• Provide guidance and mentoring to less experienced team members up to and including development and training efforts.
• Responsible for regular interaction with middle management, supervisors, associated staff, Internal Audit, Compliance, Risk Management, the Corporate Information Security Officer (CISO), Chief Counsel's Office (CCO), and/or other technology personnel, clients and vendors.
• May interact, coordinate and lead initiatives with internal and outside teams and external professional organizations supporting areas of expertise.
• Oversee documentation and communication efforts through proposed new approaches, methods, technologies or breakthroughs in area of expertise and coordinate efforts with less experienced team members to ensure accuracy and timeliness.
• May conduct, oversee and lead governance, compliance and risk management functions, ad-hoc projects as a technical representative and subject matter expert (SME) on information security as assigned.
• Oversee, coordinate and leads activities of other Cybersecurity Network Defense team members on projects ranging in scope from small to large, with prior project lead activities.
• Monitor staff performance on assigned projects with regard to overall abilities and effectiveness in completing projects within schedules and provides oversight and guidance to ensure timely and accurate project completion.
• Provide backup to higher management, and may act on behalf or as a surrogate leader as required.
• Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite.  Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities:

Supervisor/Managerial Responsibilities:

Education and Experience Required:

Associates’ degree in an applicable discipline and a minimum of 6 years’ relevant work experience in two (2) or more of the following Cybersecurity domains:  Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security Operations, or in lieu of a degree, a combined minimum of 8 years’ higher education and/or work experience, including a minimum of 6 years’ relevant experience in two (2) or more of the following Cybersecurity domains:  Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security Operations

Understanding of the System Development Life Cycle (SDLC), networking concepts and protocols, and network security methodologies

Experience researching and recommending application development support software and hardware platforms through an understanding of client area function and deliverable requirements for current and future-state planning

Detailed technical experience with mainframe, distributed computing environments and network security architecture concepts including topology, protocols, components and principles

Prior experience and demonstrated aptitude for quickly learning multiple new technical skills and supporting multiple systems, tools and processes

Experience actively leading complex problem and technical analysis walkthroughs

Detailed technical experience with Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), attack methodologies and traffic flows for threats and vulnerabilities

Detailed technical knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

Experience acting as a surrogate team leader to assign, review, evaluate and prioritize team efforts

Education and Experience Preferred:

Bachelor’s degree in an applicable discipline

Experience with the Bank's application development support software and hardware platforms

Experience introducing application development alternatives through an understanding of client area function and deliverable requirements for current and future-state planning

Extensive technical experience with mainframe, virtual, and/or distributed computing environments

CISSP (Certified Information Systems Security Professional), CISM(Certified Information Security Manager), or CRISC(Certified Risk and Information Systems Control) certification and one or more Cybersecurity domain-related industry-recognized certification or concentration specialties

Experience supporting multiple systems, tools and processes

Physical Requirements:

Location

Buffalo, New York, United States of America