Did you know that M&T Bank made Forbes Magazine’s “400 Best Big Companies” list for the 10th time this year, that we’ve been in business for over 150 years and are one of the nation’s top 20 bank holding companies with close to $66 billion in assets? M&T Bank is a great place to be because we’re established, strong, and even in these turbulent financial times, we remain stable and profitable. We value work-life balance and carry out our mission of making M&T Bank the best place our employees have ever worked. Due to our consistent growth and prosperity, we are looking to fill a key Vendor Management Risk Analyst role within the Technology Division of M&T Bank. RESPONSIBILITIES: Gathers and analyzes information for defining requirements, specifications and issues to support the development of new policies, standards and procedures or update existing ones. Designs and conducts assessments and surveys to track status and issues. Develops metrics to measure the internal performance of the Information Security Department Will work in conjunction with deployment of new Vendor Risk Management Initiative from the Information Security perspective in establishing/controlling new and existing vendors in the IS enterprise risk management framework Performs and oversees basic to complex security analysis, standards design, and security gap analysis Leads and/or provides significant contribution to complex projects. Clearly understands the function and content of Information Security policies, standards and procedures as well as the threats, risks and vulnerabilities at a functional level Analyzes non-compliance allegations by auditors, security personnel, managers etc Works with Policy and Risk Management Manager to develop plans of action and responses to valid allegations Develops and improves programs and metrics for Information Security self-assessment and efficiency measurements. Provides input to Documentation Specialist for inclusion in periodic reporting. Develops Information Security policies, standards, procedures and programs Designs and prepares presentations and material relating to security awareness. Participates in training and presenting materials Works with Information Security Team Leaders to ensure that effective countermeasures are selected and implemented Provides support in reviewing and enhancing information security controls and practices contributing directly to the safety and soundness of the bank BASIC QUALIFICATIONS: Bachelor’s degree in Information Technology, Mathematics or related discipline or five (5) years experience in related professional environment Six (6) years experience in systems analysis, information technology auditing or information security Experience in report writing and preparing presentations Knowledge of information security standards and practices Understanding of systems development life-cycle Understanding of accepted information technology auditing approach Excellent verbal and written communication skills to be able to present to a target audienceDetail orientated/articulate with solid time management skills Statistical and data reporting skillsIDEAL QUALIFICATIONS: Basic knowledge of the function and internal structure of banks and how information technology systems support those functions Experience in working on multiple, simultaneous projects with high level of complexity
Apply to this job
Tuesday, December 08, 2009