IT Audit Team Lead- Institutional Client Services (ICS) Technology

Manufacturers and Traders Trust Co
Wilmington, Delaware, United States
Competitive salary
16 Sep 2020
17 Sep 2020
Job role
This individual contributor position is responsible for providing senior level expertise in the provisioning of assurance and advisory services specific to the technologies enabling the Institutional Client Services (ICS) businesses of M&T Bank Corporation. ICS provides trust and agency services and solutions to corporate clients in both the US and Europe (inclusive of capital markets agency services, institutional custody and administrative services, retirement plan services, and institutional investment management, (as examples)). This position focuses on assessment of the overall management of IT risks associated with the delivery of these services to clients, targeting both technology and security risks across the diverse set of systems enabling the business. This includes assessment of digital and other emerging technologies, cloud based and internal systems, and modern solutions supporting the agile approach being taken by ICS leadership to iterate delivery of products to clients.

  • Plan, coordinate and maintain full ownership over execution of audit examinations and validation procedures specific to the technologies supporting the Institutional Client Services (ICS) businesses. These audits will be conducted for the most part in collaboration with the Financial/Operational audit team in an "integrated" fashion, however there may be reviews conducted independently that target specific technology infrastructure, platforms or solutions in the environment;
  • Participate in an advisory or assurance capacity on certain programs/projects established by management to iterate on delivery of solutions to the client base. This "project audit" work assesses whether management is designing appropriate controls within the solutions being developed while considering all potential IT risks the solutions expose the business to;
  • Execute risk analysis over emerging technologies being considered or used by management in support of the business;
  • Responsible for becoming intimately familiar with the organizational structure in place that supports both strategic and tactical management of the technology environment supporting the ICS businesses. Responsible for understanding the IT risks impacting this environment, and keeping up to speed on emerging tech impacting the environment;
  • Responsible for actively working with the Enterprise Security Audit team to ensure appropriate cybersecurity risks are accounted for within the scope of the audits performed;
  • Responsible for establishing relationships with the Enterprise Architecture Solution Architect and Technology Support Lead responsible for the technology supporting the ICS businesses to assist in maintaining an understanding of ongoing tech initiatives and strategic direction of the technology supporting the business;
  • Independently document and communicate recommendations to Bank Management in order to improve internal controls and reduce risk to the organization;
  • Supervise other IT Audit staff as needed, per audit engagement; and
  • Maintain ongoing communication with the 1st and 2nd line Technology Risk Management/Oversight organizations to align assurance activities, share risk information, and establish ongoing reliance approaches (as applicable).

Minimum Qualifications:
Bachelor's degree, preferably in Accounting, Business, Finance, Technology, Cybersecurity, Mathematics, Statistics or other related technical field

5 years of relevant work experience, inclusive of 1 year work leadership experience

In lieu of degree, a combined minimum of 9 years higher education and/or work experience including 5 years of relevant work experience and 1 year work leadership experience

Strong leadership skills and ability to develop and coach others

Strong analytical and organizational skills

Ideal Qualifications:
  • Strong experience in application auditing (preferably in the banking/financial services sector, inclusive of being able to assess the end to end technology architecture supporting a given business)
  • A proven aptitude to understand the business being enabled by the technologies under audit
  • Working knowledge of the control environment specific to trust and agency services
  • Working knowledge of technologies supporting digital business capabilities
  • Working knowledge of cloud computing risks and related controls frameworks
  • Understanding of cybersecurity concepts and an ability to assess the inherent cybersecurity risks of technologies supporting the business
  • Working knowledge of modern delivery practices and supporting tech (agile, DevOps tools, container platforms, etc.)
  • Certification such as CISSP, CCSP, CISA as well as other technical vendor certifications is a definite asset;
  • Understanding of regulatory requirements as they relate to technology and security in the financial services industry;
  • Excellent verbal and written communication skills. Ability to convey complex conceptual information/ideas on issues requiring extensive interpretation and opinion. Experience in applying appropriate discretion when dealing with sensitive issues and conveying technical concepts in an easy to understand manner;
  • Proven ability in managing multiple bodies of work simultaneously under tight deadlines;
  • Proven leadership skills, with the ability to develop and motivate;
  • Strong organizational and resource management skills

Wilmington, Delaware, United States of America