Controls Assessment & Testing Senior Specialist - Technology and Cybersecurity Risk jobs in United States
cer-icon
Apply on Employer Site
company-logo

M&T Bank · 1 day ago

Controls Assessment & Testing Senior Specialist - Technology and Cybersecurity Risk

positionBridgeport, CT
timeFull-time
remoteOnsite
senioritySenior Level
money$151K/yr - $251K/yr
date7+ years exp

M&T Bank is a financial institution committed to providing a range of banking services. They are seeking a Controls Assessment & Testing Senior Specialist to lead risk analysis for complex initiatives, develop risk assessment strategies, and ensure compliance with technology and cybersecurity standards.

Financial Services
check
H1B Sponsorednote
Hiring Manager
Jenna Bissonette
linkedin

Responsibilities

Develop and implement strategic approaches for in-depth risk assessments for comprehensive coverage of all technology capabilities
Develop and execute sophisticated risk management framework and programs that informs how to align practices with business objectives and regulatory requirements, including (but not limited to) developing complex process maps, leading risk controls self-assessments, and summary of complex findings
Drive enforcement of frameworks, providing expert guidance and continually assessing regulation and standards to achieve industry-leading technology risk compliance
Spearhead collaboration among cross-functional teams and senior or executive leadership to align technology practices with overarching business goals and regulatory requirements; maintain productive relationships with stakeholders and/or with third-party engagements to ensure resiliency of Technology, Cybersecurity, and the overall Bank
Coordinate preparation and response to regulatory engagements, including reviewing responses for accuracy and meeting regulatory request, organizing documents and packets, and leading exam management (i.e., template folders, review of first day letter and follow-up requests)
Encourage innovation in risk management strategies through identification of advanced methodologies to address evolving threats and the recommendation of path for implementation to Technology and Cybersecurity Risk leadership
Provide advanced mentorship to mid-level analysts, fostering their professional growth and ensuring a high standard for all risk analysts within the team
Contribute to design and delivery of training programs to ensure comprehensive knowledge of technology and cybersecurity risk management and growing critical skills to enhance team's outcomes
Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable
Complete other related duties as assigned
This role primarily interacts with senior people leaders within the Technology and Cybersecurity teams, senior people leaders of Technology and Cybersecurity Risk, and internal partners such as the Risk Division, Internal Audit, and Regulatory Affairs
Work is accomplished with periodic direction. The position exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results. It exerts significant latitude in determining objective of assignment and takes calculated risks with consultation from expert
This role may present to Regulators under direction of senior Technology and Cybersecurity Risk leaders

Qualification

Cybersecurity risk principlesNIST 800-53Information technology securitySecurity control testingCISA certificationCybersecurity frameworksProject management methodologyStakeholder engagementMulti-taskingMentorshipDocumentation skills

Required

Bachelor's degree and a minimum of 7 years' relevant work experience, or in lieu of a degree, a combined minimum of 11 years' higher education and/or work experience
Demonstrated expert knowledge of Technology and/or Cybersecurity risk principles
Minimum of 6 years' relevant work experience in or with the specific Technology, Cybersecurity risk area and/or business unit
Previous experience of NIST (National Institute of Standards and Technology) or Cybersecurity frameworks, with a strong focus NIST 800-53 and 800-53a
Strong knowledge of cybersecurity principles and industry best practices (relevant to confidentiality, integrity, availability)
Proven knowledge of information technology security principles and implementation methods (e.g., firewalls, demilitarized zones, encryption, Active Directory / LDAP, SAML)
Skilled in evaluating security controls based on confidentiality, integrity and availability requirements of systems
Extensive experience managing and completing actual testing as listed below
Meeting with stakeholders to understand the control and perform detailed walkthroughs
Documenting / defining test plans and test steps to effectively assess the design and operation of controls
Opining on controls that have been defined to confirm it has been designed effectively and it truly mitigates the associated risk
Requesting and reviewing evidence to gain assurance that controls are effectively embedded and operating
Executing and documenting test papers and conclusion of controls
Defining remediation plans for ineffective controls and following up to validate the remediation plans have been effectively implemented / actioned to address the risk
Delivering within defined timelines in a fast-paced environment
Multi-tasking / working across different activities simultaneously
Able to provide examples of non-ITGC (IT General Control) audits/reviews/testing that they have recently conducted

Preferred

Master's degree in Information Technology, Computer Science, Cybersecurity, Law, Business Administration, or related field
Active CISA (Certified Information Systems Auditor), CAP (Certified Authorization Professional), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) certification or Cybersecurity domain-related industry-recognized certification
Working knowledge of the current version of the NIST SP800-53 and 800-53a Controls, or other recognized control frameworks, such as COBIT (Control Objectives for Information and Related Technology) or ISO
Knowledge of organization's risk tolerance and/or risk management approach
Working knowledge of project management methodology
Strong and proven knowledge of security technologies and architecture, including encryption, cloud network security design, role-based access control, perimeter security and application security
Knowledge of Cybersecurity threats and emerging security issues
Experienced in conducting security control testing of systems
IT Audit experience

Company

M&T Bank

twitter
Glassdoor3.6
company-logo
Great companies have an enduring sense of purpose.
dateFounded in 1856
location
Buffalo, New York, US
people-size10001+ employees
web-link
http://www.mtb.com

H1B Sponsorship

M&T Bank has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (116)
2024 (113)
2023 (84)
2022 (103)
2021 (42)

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
René Jones
Chairman & Chief Executive Officer
linkedin
leader-logo
Dan Saper
•Co-Founder/Co-Chairman of Welcome to M&T Bank Affinity Group, Western New York Chapter
linkedin

Recent News

thefly.com
M&T Bank assumed with an Overweight at Piper Sandler
2025-10-07
PR Newswire
M&T Bank Unveils 'Team M&T' to Power Its Sports Marketing Strategy
2025-10-06
vermontbiz.com
Registration now open for the 2026 M&T Bank Vermont City Marathon & Relay and Half Marathon Unplugged
2025-10-03
Company data provided by crunchbase