Controls Assessment & Testing Senior Specialist - Technology and Cybersecurity Risk

Remote in Bridgeport, CT, US • Posted 60+ days ago • Updated 13 hours ago

Full Time

On-site

USD $150,800.00 - 251,300.00 per year

Fitment

Dice Job Match Score™

🛠️ Calibrating flux capacitors...

Job Details

Skills

SAP BASIS
Risk Analysis
Decision-making
Risk Assessment
Risk Management Framework
IT Risk Management
IT Risk
Regulatory Compliance
Collaboration
Organizational Skills
Innovation
Leadership
Mentorship
Training
Internal Control
Internal Auditing
Regulatory Affairs
Evaluation
Supervision
Higher Education
FOCUS
NIST 800-53
IT Security
Firewall
Active Directory
LDAP
SAML
Management
Test Plans
Embedded Systems
Multitasking
Auditing
Information Technology
Computer Science
Law
Business Administration
CISA
Authorization
CISSP
CISM
Information Security
ISACA
Information Systems
NIST SP 800 Series
COBIT
ISO 9000
Risk Management
Project Management
Encryption
Cloud Computing
Network Security
Access Control
Software Security
Cyber Security
Security Controls
Testing
IT Audit

Summary

The Bank sponsors individuals for TN and H-1B transfers on a case by case basis. Please note that this position is not open to anyone on a H-1B or F-1 student visa including those eligible for CPT/OPT or the Stem OPT extension.

Overview:

Leads risk analysis for complex initiatives, influencing overarching risk framework and providing advanced guidance to leadership for informed decision-making aligned with organizational imperatives.

Primary Responsibilities:

Develop and implement strategic approaches for in-depth risk assessments for comprehensive coverage of all technology capabilities.
Develop and execute sophisticated risk management framework and programs that informs how to align practices with business objectives and regulatory requirements, including (but not limited to) developing complex process maps, leading risk controls self-assessments, and summary of complex findings.
Drive enforcement of frameworks, providing expert guidance and continually assessing regulation and standards to achieve industry-leading technology risk compliance.
Spearhead collaboration among cross-functional teams and senior or executive leadership to align technology practices with overarching business goals and regulatory requirements; maintain productive relationships with stakeholders and/or with third-party engagements to ensure resiliency of Technology, Cybersecurity, and the overall Bank.
Coordinate preparation and response to regulatory engagements, including reviewing responses for accuracy and meeting regulatory request, organizing documents and packets, and leading exam management (i.e., template folders, review of first day letter and follow-up requests).
Encourage innovation in risk management strategies through identification of advanced methodologies to address evolving threats and the recommendation of path for implementation to Technology and Cybersecurity Risk leadership.
Provide advanced mentorship to mid-level analysts, fostering their professional growth and ensuring a high standard for all risk analysts within the team.
Contribute to design and delivery of training programs to ensure comprehensive knowledge of technology and cybersecurity risk management and growing critical skills to enhance team's outcomes.
Understand and adhere to the Company's risk and regulatory standards, policies and controls in accordance with the Company's Risk Appetite. Identify risk-related issues needing escalation to management.
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
Complete other related duties as assigned.

Scope of Responsibilities:

This role primarily interacts with senior people leaders within the Technology and Cybersecurity teams, senior people leaders of Technology and Cybersecurity Risk, and internal partners such as the Risk Division, Internal Audit, and Regulatory Affairs.
Work is accomplished with periodic direction. The position exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results. It exerts significant latitude in determining objective of assignment and takes calculated risks with consultation from expert.
This role may present to Regulators under direction of senior Technology and Cybersecurity Risk leaders.

Supervisory/Managerial Responsibilities:

No supervisory responsibilities.

Education and Experience Required:

Bachelor's degree and a minimum of 7 years' relevant work experience, or in lieu of a degree, a combined minimum of 11 years' higher education and/or work experience
Demonstrated expert knowledge of Technology and/or Cybersecurity risk principles
Minimum of 6 years' relevant work experience in or with the specific Technology, Cybersecurity risk area and/or business unit
Previous experience of NIST (National Institute of Standards and Technology) or Cybersecurity frameworks, with a strong focus NIST 800-53 and 800-53a
Strong knowledge of cybersecurity principles and industry best practices (relevant to confidentiality, integrity, availability)
Proven knowledge of information technology security principles and implementation methods (e.g., firewalls, demilitarized zones, encryption, Active Directory / LDAP, SAML)
Skilled in evaluating security controls based on confidentiality, integrity and availability requirements of systems

This role requires understanding the risk, independently challenging the controls, defining the test steps / approach, and then executing the testing to conclude on effectiveness and residual risk.

Extensive experience managing and completing actual testing as listed below.

Meeting with stakeholders to understand the control and perform detailed walkthroughs
Documenting / defining test plans and test steps to effectively assess the design and operation of controls
Opining on controls that have been defined to confirm it has been designed effectively and it truly mitigates the associated risk
Documenting / defining test plans and test steps to effectively assess the design and operation of controls
Requesting and reviewing evidence to gain assurance that controls are effectively embedded and operating
Executing and documenting test papers and conclusion of controls
Defining remediation plans for ineffective controls and following up to validate the remediation plans have been effectively implemented / actioned to address the risk
Delivering within defined timelines in a fast-paced environment.
Multi-tasking / working across different activities simultaneously.
Able to provide examples of non-IT(IT General Control) audits/reviews/testing that they have recently conducted

Education and Experience Preferred:

Master's degree in Information Technology, Computer Science, Cybersecurity, Law, Business Administration, or related field
Active CISA (Certified Information Systems Auditor), CAP (Certified Authorization Professional), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) certification or Cybersecurity domain-related industry-recognized certification
Working knowledge of the current version of the NIST SP800-53 and 800-53a Controls, or other recognized control frameworks, such as COBIT (Control Objectives for Information and Related Technology) or ISO
Knowledge of organization's risk tolerance and/or risk management approach
Working knowledge of project management methodology
Strong and proven knowledge of security technologies and architecture, including encryption, cloud network security design, role-based access control, perimeter security and application security
Knowledge of Cybersecurity threats and emerging security issues
Experienced in conducting security control testing of systems
IT Audit experience

#LI-JB3

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $150,800.00 - $251,300.00 Annual (USD). The successful candidate's particular combination of knowledge, skills, and experience will inform their specific compensation.

Location
Bridgeport, Connecticut, United States of America

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Dice Id: 80180520
Position Id: 39024a9d4e0a5dd964f92c98247b9fdf
Posted 30+ days ago

Create job alert

Never miss an opportunity! Create an alert based on the job you applied for.

Remote or Stratford, Connecticut

•

Today

Job Description What We're Doing At Lockheed Martin - Rotary Mission Systems, we are leading the development of state-of-the-art technologies that are integral to national security and defense. As part of our ongoing commitment to advancing mission-critical solutions, we are focused on integrating cutting-edge cybersecurity measures to ensure the resilience and security of our systems. By embedding advanced cybersecurity features, we are enhancing the operational effectiveness and safety of ou

Full-time

USD 123,500.00 - 217,695.00 per year

Cybersecurity Risk & Compliance Assessment Lead

Jersey City, New Jersey

•

Today

Job Description Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence, driving innovation in risk management. As a Cybersecurity Risk & Compliance Assessment Lead in Cybersecurity Technology & Controls, you will be responsible for evaluating delivery, quality, and integrity across a range of Global Technology Control Assessments (GTCA), including SOX, SOC, PCI, FedRAMP, and other regulatory frameworks. This function is designed to mitigate risks, dr

Full-time

USD 142,500.00 - 200,000.00 per year

GRC Security Specialist

Remote or New York, New York

•

Yesterday

Who We Are: MetLife Legal Plans is the country's largest provider of legal voluntary benefits. We have more than 40 years of experience in employee legal services and are committed to providing excellent care to our plan members, sponsors and 18,000+ attorneys. We are trusted by nearly 7 million families and more than 200 Fortune 500 companies who offer our service as an employee benefit. It's an exciting time to join our team. We are growing quickly and have a bold vision for our future as we e

Full-time

Senior Analyst, Technology Risk

New York, New York

•

4d ago

Ready to be pushed beyond what you think you're capable of? At Coinbase, our mission is to increase economic freedom in the world. It's a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform - and with it, the future global financial system. To achieve our mission, we're seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the f

Full-time

USD 167,280.00 - 196,800.00 per year

Search all similar jobs

Controls Assessment & Testing Senior Specialist - Technology and Cybersecurity Risk

Dice Job Match Score™

Job Details

Skills

Summary

Similar Jobs