IT Lead Auditor

The IT Auditor will conduct audit reviews in specialized areas, such as cybersecurity, IT risk management, enterprise architecture, applications, infrastructure, and vendor management, requiring specific knowledge pertaining to the areas, policies or regulations being audited.

From initial scope to final report, you will assist in coordinating audits of IT General Controls, IT Infrastructure, and IT Integrated audits that ensure M&T Banks control environment supports sustainable compliance with policies, procedures, and laws. This will include control evaluations relating to networks, databases, systems, applications and other technology components. You will collaborate with colleagues across the Internal Audit (IA) Department and the wider organization to learn key business processes, test and document results, and communicate with your stakeholders.

***Domain Portfolio will be Money Movement and Retail Banking.

Primary Responsibilities:

• Participates in audits by executing assigned tasks in accordance with the Division’s methodology and professional standards. Completes work within the established timeframes with guidance by a Lead Auditor or Manager.
• As part of audit execution, conducts effective walkthroughs, accurately identifies risks and controls within the process, designs and executes effective testing approach with guidance by a Lead Auditor or Manager.
• Conducts effective root cause analysis of identified findings with guidance by a Lead Auditor or Manager.
• Actively participates in meetings with business management and provides updates on their respective areas of testing.
• Participates in other assurance activities (including continuous auditing, product delivery assessments, validation procedures, investigations, and retrospective reviews) under the supervision of a Lead Auditor or Manager, utilizing modernized assurance methodologies, tools and approaches and in accordance with the Division’s methodology.
• Documents their work, including findings, in clear and concise fashion in accordance with the Division’s methodology.
• Embraces innovative change.
• Understand how to effectively incorporate data analytics.
• Actively seeks out knowledge in the areas of assigned audit activities.
• Embraces the culture of diversity, inclusion, equity and belonging.

• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite.  Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities:

This position leads and executes assurance activities, maintains relationships, and communicates with Bank Management, and oversees Auditors.  They ensure activities are in conformance with professional auditing standards.  They report to an Audit (Senior) Manager.

Education and Experience Required:

• Bachelor’s Degree and 5 years of relevant work experience, and 1 year of leadership experience
• Experience with internal audit methodology
• Solid understanding of internal control concepts with the ability to evaluate adequacy of the controls
• Strong leadership skills and ability to coach and develop others
• Proven analytical and critical thinking skills
• Excellent written and verbal communication skills with the ability to present sensitive and complex findings to business management and influence change
• Proven ability to handle multiple projects at the same time

Education and Experience Preferred:

• Bachelor's degree in a related field, such as Computer Science, Management Information Systems, Information Systems Audit, Cyber Security, or Business.
• Professional certification (CISA, CISSP, CRISC, CISM, CGEIT, etc.) or progress toward/eligibility for certification preferred.
• Internal IT Audit, IT Risk Management, Cybersecurity, Technology Operations, or Security Operations experience within a banking environment.
• Knowledge of core banking processes, banking regulations, and information technology governance and risk frameworks (such as COSO’s Internal Control – Integrated Framework, CIS Critical Security Controls, COBIT, ISO 27001, NIST, PCI-DSS, etc.)
• Experience working with a variety of operating systems, databases, platforms, network hardware and software, security tools, cloud services, and common software/applications.
• Conflict management experience.