The M&T Bank
Senior Audit Manager (Technology, Cybersecurity, and Digital)
Function: This position is responsible for both strategic and tactical delivery of advisory and assurance services to management in the Technology, Enterprise Security, and Digital Banking portfolios, in line with department and industry standards and expectations. The Senior Audit Manager (SAM) will be responsible for overseeing ongoing risk assessment, establishing internal and external relationships to remain in tune with emerging risks, best practices, and the evolving regulatory landscape, ensuring audit plan execution remains on track, coaching and developing IT Audit Management and staff, and owning the ongoing evolution of the continuous auditing program within the aforementioned audit portfolios. As a member of the Audit Senior Management Team, this leadership role supports continued enhancements to audit methodology, ongoing stakeholder engagement, talent management, and overall promotion of the Audit Department within the organization.
• Manage all phases of audit coverage for the Technology, Enterprise Security, and Digital Banking portfolios;
• Maintain ongoing awareness of current and proposed discretionary initiatives within assigned portfolios to utilize as input to resource allocation and to share with the audit team;
• Support the risk assessment and plan development process to determine audit coverage;
• Assist the IT Assistant General Auditor (AGA) with special projects and department wide initiatives;
• Regularly interact with Senior, Middle, and Line Management in assigned portfolio(s) to remain aware of changing or emerging risks and proactively utilize this information in audit planning, to facilitate changes to the continuous auditing program, and to facilitate discussions with Executive Management when considered warranted;
• Establish and maintain relationships with external peers and members of professional associations to stay in tune with best practices in IT assurance delivery;
• Represent IT Audit on discretionary project committees to provide input on control expectations or advise on best practices;
• Work with management to implement appropriate solutions to audit findings and engage with Senior Management on matters that will have a major impact on the area managed;
• Support and encourage integrated auditing concepts and use of technology to improve the efficiency and effectiveness of audit procedures;
• Apply an in-depth understanding of the inter-relationships of business and support units throughout a financial institution and discuss potential impacts to the overall control environment and impacts to proposed audit approaches;
• Effectively communicate in order to influence a wide range of audiences (including Senior and Executive management within assigned portfolios (e.g. CTO, CISO, CIO));
• Ensure comprehensive continuous auditing and validation procedures are in place on Internal Audit and regulatory issues;
• Provide appropriate level of oversight to IT Audit Management and staff. Provide coaching and developmental feedback and tailor approach based upon staff skills and experience. Actively participate in overall staff development;
• Provide advisory and consulting services to Bank management on risk and control matters;
• Manage multiple tasks concurrently in an efficient and effective manner with minimal oversight;
• Ensure the delivery of clear and concise Audit Reports to management;
• Adhere to applicable compliance/operational risk controls in accordance with Company or regulatory standards and policies;
• Exercise usual authority of a Manager concerning staffing, performance appraisals, promotions, salary recommendations, performance management and terminations;
• Promote an environment that supports diversity and reflects the M&T Bank brand; and
• Complete other related duties as assigned.
Nature and Scope
This role reports to the IT Assistant General Auditor and supports the overall execution of the audit plan via high quality, timely and value-added audit services, which meet the requirements of the Audit Committee and regulatory expectations. This senior role also ensures ongoing conformance with professional auditing standards. This position directly communicates with Middle and Senior Management, External Auditors, and Regulators. Builds strong partnerships with business stakeholders and other Audit team members. Operates independently with minimal AGA oversight to deliver on time, high quality audit reports.
This position will have direct supervisory responsibilities for certain management and staff of the IT Audit team and may also provide coaching opportunities for certain audit professionals on other engagements.
Minimum Qualifications RequiredBachelors’ degree in Technology/Accounting/Finance/Business, or related discipline and a minimum of 9 years’ experience in a related role, inclusive of 3 years in a managerial role, or in lieu of a degree, a combined minimum of 13 years of higher education and/or work experience, including a minimum of 9 years’ experience in a related role, inclusive of 3 years in a managerial role.
Ideal Qualifications Preferred
• Certification such as CISSP, CISA, ITIL, and PMP, as well as other technical vendor certifications is a definite asset;
• MBA or Master’s degree in an appropriate field;
• Big 4 experience providing advisory or assurance services in the Technology Infrastructure, Cybersecurity, and/or Digital Banking spaces (preferably with Financial Services Industry experience);
• Strong experience in cybersecurity and technology infrastructure auditing (preferably in the banking/financial services sector);
• An understanding of digital banking concepts and experience providing advisory and assurance services in the digital banking space;
• Knowledge and experience in auditing the following technologies/services:
o Firewall systems, intrusion detection/prevention systems, data loss prevention (DLP) technology, anti-malware solutions, security information and event management (SIEM) and incident response solutions, threat intelligence platforms, vulnerability management solutions, identity and access management platforms, proxy services solutions, DDoS mitigation services, Active Directory, Windows Server, Unix/Linux Server, virtualization technology, Storage Area Network (SAN) environments, enterprise data backup solutions, Microsoft Exchange email systems, network infrastructure systems (routers, switches, DNS, DHCP, Load Balancing systems, LAN/WAN and Internet circuit infrastructure) phone systems (including VOIP), wireless network infrastructure, network management systems, SQL Server, Oracle, and DB2 database environments, mobile infrastructure systems, middleware technologies, VPN solutions, mainframe systems and related security products, file transmissions solutions, and/or production job scheduling systems.
• Working knowledge of information security/cybersecurity frameworks/standards such as ISO 27001 and NIST standards (inclusive of the CSF);
• Understanding of cybersecurity risk governance and cybersecurity risk management concepts;
• Understanding of supervisory expectations, regulations, and tools specific to cyber risk management practices (e.g. FFIEC IT Handbooks, FFIEC Cyber Assessment Tool, NYSDFS NYCRR 500 – Cybersecurity Requirements for Financial Services Companies, Fed/OCC/FDIC Advanced Notice of Proposed Rulemaking for Enhanced Cyber Risk Management Standards, GLBA 501B Requirements, etc.);
• Working knowledge of cloud computing risks and related controls frameworks;
• Working knowledge of API Management and associated risks;
• In-depth knowledge of ITIL Standards and core IT services such as change, problem, incident, and asset management;
• Excellent verbal and written communication skills. Ability to convey complex conceptual information/ideas on issues requiring extensive interpretation and opinion. Experience in applying appropriate discretion when dealing with sensitive issues and conveying technical concepts in an easy to understand manner;
• Proven ability in managing multiple audits, projects and initiatives simultaneously under tight deadlines;
• Proven leadership skills, with the ability to develop and motivate teams;
• Strong PC skills; and
• Strong organizational and resource management skills
• Demonstrates strong judgment, political astuteness, and sensitivity to cultural diversity.
• Possesses strong project management and interpersonal skills, makes sound decisions, exhibiting initiative and intuitive thinking.
• Effective negotiation skills, a proactive and 'no surprises' approach in communicating issues and strength in sustaining independent views.
• This individual must be an articulate and effective communicator, both orally and in writing, with an energetic, charismatic and approachable style.
• Strong leadership skills and ability to develop and coach others
At M&T, we strive to be the best place our employees ever work, the best bank our customers ever do business with and the best investment our shareholders ever make. So when looking to advance your career, look to M&T. As a top 20 US bank holding company and one of the best performing regional banks in the country, we offer a wide range of performance based career development opportunities for talented professionals. And through our longstanding tradition of careful, conservative and consistent management and a strong commitment to the communities we serve, we continue to grow with a focus on the future.
Job Posting: Oct 16, 2017, 11:00:00 PM
Unposting Date: Ongoing
The M&T Bank
Website : https://www.mtb.com
Times like these call for a financial services partner that has stood the test of time. Established in 1856 as Manufacturers and Traders Bank, today we’re the M&T Bank Corporation, one of the 20 largest US headquartered commercial bank holding companies, with current assets of $97.1 billion (as of June 30, 2015) and more than 650 branches, account access at over 1,500 M&T Bank ATMs and more than 15,000 employees throughout New York, Maryland, Pennsylvania, Washington, D.C., Virginia, West Virginia, New Jersey, Florida, Delaware and Toronto, Canada (Deposits with M&T are not insured by the Canada Deposit Insurance Corporation (CDIC)).