Audit Consultant - Cybersecurity

Overview:

• This role provides senior level expertise in audit engagements that span multiple portfolios which require in-depth business and risk knowledge to properly assess associated risk and controls.

Primary Responsibilities:

Successful Audit Plan Completion

• Stay abreast of best practices, industry developments, and changing or emerging risks and consult with the audit teams to ensure their coverage as appropriate in assigned audits.
• Participate in the execution of audit procedures, particularly those which are highly visible and complex in nature, in a risk-focused manner while maintaining independence and adhering to department and professional industry standards. 
• Analyze audit findings, particularly those that require complex judgment or sophisticated analytical thought, and propose creative and pragmatic solutions to the audit team for consideration in the final audit report.
• Drive audit teams in the planning and execution of validation procedures for Internal Audit and Regulatory issues that require subject matter expertise.
• Organize and complete work within established budgets and time frames with minimal direction from audit management.
• Incorporate the use of data analytics throughout all phases of the audit process.
• Inform and clearly demonstrate support for the department’s strategic objectives.

Leadership, Decision Making, and Communication

• Possess strong management and interpersonal skills, make sound decisions independently, exhibiting initiative and intuitive thinking.
• Proactively communicate with senior management members of the audit team and line of business senior and executive regarding the status of audits and potential issues identified.
• Build strong partnerships with business stakeholders and audit team members.

Developing Others

• Coach and mentor junior audit team members through knowledge sharing, tailoring the approach based upon their skills and experience.

Other Responsibilities

• Adhere to applicable compliance/operational risk controls in accordance with Company or regulatory standards and policies.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators, as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities:

• This role operates independently within a matrix reporting environment and is responsible for the timely delivery of high quality, value-added audit reports for a variety of business activities (complex in nature), which meet the requirements of the Audit Committee and regulatory expectations.  Ensures ongoing conformance with professional auditing standards.
• This position directly communicates with Senior, Middle and Line Management and External Auditors.  Builds strong partnerships with business stakeholders and other audit team members. 
• This role also requires periodic interaction with external regulatory agencies.

Supervisory/ Managerial Responsibilities:

• May provide coaching opportunities for certain audit professionals but is not responsible for performance management, compensation planning, or other similar duties.

Education and Experience Required:

• Bachelor’s degree, preferably in Accounting, Business, Finance, Technology, Cybersecurity, Mathematics, Statistics or other related technical field and 7 years of relevant experience, inclusive of 2 years of work leadership experience. In lieu of degree, a combined minimum of 11 years higher education and/or work experience including 7 years of relevant work experience and 2 years of work leadership experience.
• Possesses strong project management and interpersonal skills, makes sound decisions, exhibiting initiative and critical thinking.
• Strong experience in cybersecurity and technology infrastructure auditing (preferably in the banking/financial services sector);
• Understanding of supervisory expectations, regulations, and tools specific to cyber risk management practices (e.g. FFIEC IT Handbooks, FFIEC Cyber Assessment Tool, NYSDFS NYCRR 500 – Cybersecurity Requirements for Financial Services Companies, Fed/OCC/FDIC Advanced Notice of Proposed Rulemaking for Enhanced Cyber Risk Management Standards, GLBA 501B Requirements, etc.);
• Working knowledge of cloud computing risks and related controls frameworks; information security/cybersecurity frameworks/standards such as ISO 27001 and NIST standards (inclusive of the CSF);
• Knowledge and experience in auditing the following technologies/services: Firewall systems, intrusion detection/prevention systems, data loss prevention (DLP) technology, anti-malware solutions, security information and event management (SIEM) and incident response solutions, threat intelligence platforms, vulnerability management solutions, identity and access management platforms, proxy services solutions, DDoS mitigation services, 

Education and Experience Preferred:

• MBA or Master’s degree in an appropriate field preferred.
• Related certifications (CPA, CIA, CISA, CISSP, or similar).
• Financial Services Industry experience preferred.
• M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $100,611.94 - $167,686.57 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

Location

Buffalo, New York, United States of America

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $100,611.94 - $167,686.57 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation. The range listed above corresponds to our national pay range for this role. The specific pay range applicable to you may vary based on your location.

LocationClanton, Alabama, United States of America