Senior First Line Risk Specialist – Technology
Indexed description
Overview:
Leads risk assessments and control evaluations for complex Technology initiatives, influencing the organization's risk framework and providing advanced guidance to leadership for informed decision-making aligned with business objectives and regulatory expectations. Serves as a trusted risk and audit partner, helping ensure effective governance, controls, compliance, and resiliency across Technology functions.
Primary Responsibilities:
- Develop and implement strategic approaches for evaluating technology and cybersecurity risks, control effectiveness, and audit readiness across critical technology capabilities.
- Lead complex risk assessments, control reviews, risk and control self-assessments (RCSAs), audit support activities, and process evaluations to identify, assess, and communicate risks and control gaps.
- Develop and execute risk management frameworks and programs that align technology practices with business objectives, internal control standards, and regulatory requirements.
- Partner with Technology, Cybersecurity, Risk Management, Internal Audit, and business stakeholders to assess control environments, evaluate risk exposure, and support remediation of identified issues.
- Drive adherence to risk management, governance, and control frameworks while providing expert guidance on regulatory expectations, audit requirements, and industry best practices.
- Lead and independently manage complex bodies of work, including risk reviews, control assessments, audit engagement support, regulatory preparedness activities, and cross-functional initiatives with limited oversight.
- Coordinate preparation for regulatory examinations, internal audits, and external reviews, including reviewing responses for accuracy, managing documentation requests, organizing exam materials, and tracking follow-up actions.
- Collaborate with senior leaders across Technology, Cybersecurity, Risk, Internal Audit, and Regulatory Affairs to support effective risk governance and regulatory compliance.
- Identify opportunities to enhance risk management and control evaluation methodologies and recommend improvements that strengthen the organization's overall risk posture.
- Provide guidance and mentorship to analysts and risk professionals, sharing expertise in risk management, audit practices, controls, and regulatory expectations.
- Contribute to the design and delivery of training programs that strengthen knowledge of technology risk, cybersecurity risk, governance, controls, and audit readiness.
- Understand and adhere to the Company's risk and regulatory standards, policies, and controls in accordance with the Company's Risk Appetite. Identify risk-related issues requiring escalation.
- Promote an environment that supports belonging and reflects the M&T Bank brand.
- Maintain M&T internal control standards, including timely implementation of audit recommendations, regulatory actions, and remediation activities.
- Complete other related duties as assigned.
- This role primarily interacts with senior people leaders within the Technology and Cybersecurity teams, senior people leaders of Technology and Cybersecurity Risk, and internal partners such as the Risk Division, Internal Audit, and Regulatory Affairs.
- Work is accomplished with periodic direction. The position exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results. It exerts significant latitude in determining objective of assignment and takes calculated risks with consultation from expert.
- This role may present to Regulators under direction of senior Technology and Cybersecurity Risk leaders.
- Bachelor's degree and a minimum of 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 11 years’ higher education and/or work experience
- Demonstrated expert knowledge of Technology, Cybersecurity, Audit and/or risk principles
- Minimum of 6 years' relevant work experience in or with the specific Technology, Audit, Cybersecurity risk area and/or business unit
- Master's degree in Information Technology, Computer Science, Cybersecurity, Business Administration, Accounting, Finance, Law, or a related field.
- Experience working within banking, financial services, fintech, money movement, or other highly regulated industries.
- Professional certifications such as:
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Strong understanding of audit practices, internal controls, risk assessment methodologies, and regulatory expectations
- Demonstrated ability to independently structure and lead complex workstreams in ambiguous environments.
- Excellent communication, stakeholder management, and executive presentation skills.
- Experience partnering with senior leadership to develop solutions aligned with business objectives and regulatory requirements.
- Proven ability to influence stakeholders, build consensus, and drive outcomes across cross-functional teams.
- Ability to mentor and coach peers while serving as a trusted advisor on risk, controls, and audit-related matters.
M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $123,600.00 - $206,000.00 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.
Location
Buffalo, New York, United States of America
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search