Cybersecurity Controls Assessment & Testing Analyst 9/19/2017
M & T Bank
JOB DESCRIPTIONAPPLY M&T BANK
CYBERSECURITY CONTROLS ASSESSMENT & TESTING ANALYST
Uses professional knowledge, skills, and experience to execute assessments on the effectiveness of security control designs.
Use professional knowledge, skills and experience to perform assessments on the effectiveness of the cybersecurity program. Assess organization-wide common controls that are available for inheritance by organizational systems. Types of assessments and testing include: Application/System Security Assessments, Vulnerability Testing, Penetration Testing, Static Code Analysis and Social Engineering. Advise Cybersecurity management on risk levels and security posture of the application, system or network component under review, focusing on those risks outside the Banks appetite. Understand and adhere to the Banks standards, policies and procedures in accordance with the Enterprise Risk Appetite. Conduct initial remediation actions on security controls based on the findings and recommendations of a security assessment report, reassess remediated controls. Review the effectiveness of security controls on an ongoing basis to determine whether the risk remains acceptable.
Report the security status of a system (including the effectiveness of security controls) to an authorizing official on an ongoing basis in accordance with the monitoring strategy.
Provide guidance and mentoring on matters of expertise to other departments, teams, projects and committees as needed.
Promote an environment that supports diversity and reflects the M&T Bank brand.
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
Complete other related duties as assigned.
NATURE AND SCOPE:
The Cybersecurity Department develops, maintains and administers a comprehensive program to address the confidentiality, integrity and availability of the Banks information assets. This position is responsible for assessing and testing security controls to validate the effectiveness. In carrying out the responsibilities, this position works under limited supervision and is required to exercise independent judgment and discretion. The position has regular interaction with non-management, middle management, certain senior management and business units and partners, as well as with the Chief Information Security Officer (CISO).
Bachelors Degree or equivalent work experience and 7 years professional / management experience or in lieu of a degree 11 years of professional experience.
2 years in information security, governance, compliance, risk management, and/or similar discipline.
Knowledge of Risk Assessments and Controls Testing and the Risk Management Framework Assessment Methodology.
Knowledge of cyber threats and vulnerabilities
Excellent written and verbal communication skills.
Ability to communicate with senior management, peers, internal and external auditors and examiners, business partners and other security related agencies as required.
Ability to research and report on governance/compliance related topics using a variety of sources (ex: Internet, affiliate organizations, governmental agencies) and techniques.
CISSP Certification helpful.
PMP Certification helpful.
Knowledge of emerging security issues, risks, and vulnerabilities.
Skill in assessing and testing security controls.
Skill in assessing security controls based on cybersecurity principles and tenets.
Skill in recognizing vulnerabilities in security systems.
Skill in evaluating information for reliability, validity, and relevance.
Skill in utilizing feedback in order to improve processes, products, and services.
Skill to use collaborative tools and environments.
Ability to execute valid and reliable assessments.
M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer. M&T Bank Corporation does not sponsor individuals for the purpose of obtaining H-1 Visas. M&T Bank Corporation has policies and procedures in place to promote a drug free workplace.