Internal IT Audit: Cloud Risk Specialization

Hybrid Role in Internal Audit IT

This role is hybrid, four days per week onsite, based out of Buffalo, NY; Bridgeport, CT; or Wilmington, DE. Will consider Boston, MA or NYC applicants as well. Candidates must be within a commutable distance or willing to relocate.

Job Description

This individual contributor position will be a part of the Technology Domain Audit Team and will be responsible for the following:

• Providing senior level expertise and contributing to delivery of assurance services specific to the Bank's Cloud and Colo Data Center Migration. This position will play an important role in carrying out the Division's strategic approach to cloud auditing along with assessing the adequacy of the structures and processes put into place by management to govern the organization's migration of systems to both Microsoft Azure public cloud and Colo data center facility destinations.
• Providing subject matter expertise and leading the execution of audit procedures over cloud-based infrastructure and cybersecurity capabilities, all while ensuring high quality deliverables in accordance with division and professional standards.
• Owning the delivery of assurance services across other areas of the Technology and Cybersecurity domains, as needed. This could include leading other audit engagements in these domains, completing issue validation procedures, executing continuous auditing activities, etc.

Primary Responsibilities

• Plan, coordinate and maintain full ownership over execution of assurance work specific to core technology infrastructure and cybersecurity audits, with a particular focus on assessing cloud risk management practices at the Bank. This role is expected to operate with a high level of independence and to deliver high quality deliverables given associated experience.
• Assist the Audit Division in execution of its strategy specific to the holistic coverage of cloud risks across the Audit Plan and in development of cloud specific audit programs.
• Stay abreast of best practices, industry developments, and changing or emerging technology and cloud risks, consult with Audit teams to ensure their coverage is appropriate in applicable audits given this information, and ensure senior management in Audit is kept apprised of impacts to the Division's assurance work.
• Responsible for becoming intimately familiar with the organizational structure for the Bank's Technology Division and developing relationships with key members of management.
• Organize and complete work within established budgets and time frames with minimal direction from audit management.
• Incorporate the use of data analytics/AI throughout all phases of the audit process.
• Make sound decisions independently, exhibiting initiative and intuitive thinking.
• Maintain ongoing communication with the 1st and 2nd line Risk Management/Oversight organizations to align assurance activities, share risk information, etc.
• Supervise other Audit staff as needed, based on the body of work being completed.

Leadership, Decision Making, and Communication

• Possess strong management and interpersonal skills, make sound decisions independently, exhibiting initiative and intuitive thinking.
• Proactively communicate with senior management members of the audit team and line of business senior and executive regarding the status of audits and potential issues identified.
• Build strong partnerships with business stakeholders and audit team members.
• Demonstrates strong judgment, political astuteness, and sensitivity to cultural commitment.

Developing Others

• Coach and mentor junior audit team members through knowledge sharing, tailoring the approach based upon their skills and experience.

Other Responsibilities

• Adhere to applicable compliance/operational risk controls in accordance with Company or regulatory standards and policies.
• Promote an environment that supports belonging and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators, as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities

• This role operates independently within a matrix reporting environment and is responsible for the timely delivery of high quality, value-added audit reports for a variety of business activities (complex in nature), which meet the requirements of the Audit Committee and regulatory expectations. Ensures ongoing conformance with professional auditing standards.
• This position directly communicates with Senior, Middle and Line Management and External Auditors. Builds strong partnerships with business stakeholders and other audit team members.
• This role also requires periodic interaction with external regulatory agencies.

Supervisory/Managerial Responsibilities

• May provide coaching opportunities for certain audit professionals but is not responsible for performance management, compensation planning, or other similar duties.

Education and Experience Required

• Bachelor's degree, preferably in Computer Science, MIS, Technology, Cybersecurity or other related technical field and 7 years of relevant experience, inclusive of 2 years of work leadership experience. In lieu of degree, a combined minimum of 11 years higher education and/or work experience including 7 years of relevant work experience and 2 years of work leadership experience.
• Detailed knowledge of audit theory
• Detailed knowledge and experience in conducting audits of controls in cloud-based environments (notably Microsoft Azure) or assessing cloud architecture.
• Detailed understanding of industry frameworks guiding management of cloud computing risks
• Relevant professional certification, or actively pursuing professional certification.
• Demonstrates strong judgment, political astuteness, and sensitivity to cultural diversity.
• Possesses strong project management and interpersonal skills, makes sound decisions, exhibiting initiative and critical thinking.
• Effective negotiation skills, a proactive and 'no surprises' approach in communicating issues and strength in sustaining independent views.
• This individual must be an articulate and effective communicator, both orally and in writing, with an energetic, charismatic and approachable style.

Education and Experience Preferred

• MBA or Master's degree in an appropriate field preferred.
• Working knowledge and experience in auditing compute, database, network and storage infrastructure risks, technology governance and risk management concepts, modern software engineering practices, mainframe technology, and IT service management disciplines.
• Cloud risk or cloud audit-oriented certification is a definite asset (e.g. CCSK or CCAK), as are certifications such as CISSP.
• Understanding of regulatory requirements/expectations as they relate to technology and cybersecurity risks in the financial services industry;
• Excellent verbal and written communication skills. Ability to convey complex conceptual information/ideas on issues requiring extensive interpretation and opinion. Experience in applying appropriate discretion when dealing with sensitive issues and conveying technical concepts in an easy to understand manner;
• Proven ability in managing multiple bodies of work simultaneously under tight deadlines;
• Proven leadership skills, with the ability to develop and motivate; and
• Strong organizational and resource management skills.
• Financial Services Industry experience preferred

Location: Buffalo, New York, United States of America