Role: TPRM Manager
Location: Hybrid (Hybrid (Manhattan, New York, Cherry Hill, New Jersey) - 2days a week
Job Description
· Manage TPRM Cyber team and own Cybersecurity portion of the TPRM program
· Experience Managing a team of third-party risk assessors around 5 or more assessors.
· In depth experience developing and building a risk based TPRM process,
· Creating and enhancing a cybersecurity vendor risk management program, including the identification, evaluation and mitigation of risks across the organization
· Conducting Third Party controls evaluation to determine risk;
· Proactively identifying areas of improvement within the Cyber GRC, and leading efforts to address and remediate areas of improvement;
· Working across organizations to help align organizations with shared compliance goals and objectives; Coordinating with IT and business units to implement effective cybersecurity measures and integrate security practices into business processes;
· Collaborate with cross-functional teams, including procurement, legal, and IT, to ensure comprehensive vendor risk management;
· Communicate the delivery roadmap to our technology teams by inspiring the team through the vision.
· Be responsible for one or more key security systems or processes, working directly with stakeholders and vendors to ensure seamless integration and operation.
· Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support cybersecurity goals and objectives and reduce overall organizational risk.
· Lead multiple diverse stakeholders and manage multiple projects and initiatives concurrently to establish and maintain enterprise continuity of operations program, strategy, and mission assurance.
· Lead, manage, and oversee diverse security improvement actions across multiple teams to evaluate, validate, and implement solutions as required.
· Lead, align, and manage cybersecurity priorities within the Department's overall security strategy and in coordination with closely-related departments and within Cybersecurity.
· Actively manage, report, and lead efforts to define and improve the effectiveness of the enterprise's cybersecurity safeguards to ensure they provide the intended level of protection.
· Lead and oversee the preparation, creation, distribution, and maintenance of plans, instructions, guidance, and Standard Operating Procedures (SOPs) concerning the security of Cybersecurity Operations for the team, multiple teams, or within Cybersecurity.
· Fully manage from identification until completion the protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
· Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
· Promote an environment that supports diversity and reflects the M&T Bank brand.
· Maintain internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
What You’ll Need:
At least 10+ years job-related experience,
Demonstrated experience in conducting vendor risk assessments, managing vendor relationships, and implementing risk mitigation strategies, including working with a GRC tool implementation (ServiceNow).
Practical experience with policy and regulatory mandates such as COBIT, SOC1/SOC2, CSA-CCM, ISO27001/27002/27031, GDPR, CCPA, PCI-DSS and NIST Risk Management Framework and associated standards such as sp800-34, sp800-53, FedRAMP, CMMC, etc.;
Prove experience leading TPRM team
Ability to build rapport and maintain relationships across a multitude of functions within the company, with external vendors, and with governmental teams;
Advanced technical understanding of key technologies such as operating systems, networks, application development, databases, virtualization, and cloud infrastructures;
Program and project management experience in scoping, work break-down, critical path analysis, resourcing, managing time and cost estimates, project risks, and quality.
Ability to think strategically about risks and tie those risks to tactical organizational activities.
Bonus Points:
Practical experience in performing integration risk assessments and threat modeling third party software components.
Experience in working with leading GRC products