Internal Audit Consultant - Cybersecurity

This role will be 4 days/week onsite (1 day remote) based out of Buffalo, NY;
Wilmington, DE; and Bridgeport, CT. Must be within a commutable distance or willing to relocate.

This role provides senior level expertise in audit engagements that span multiple portfolios, requiring in-depth business and risk knowledge to properly assess associated risk and controls.

• Successful audit plan completion.
• Stay abreast of best practices, industry developments, and emerging risks; consult with audit teams to ensure appropriate coverage.
• Participate in the execution of complex audit procedures in a risk‑focused manner while maintaining independence and adhering to professional standards.
• Analyze audit findings that require complex judgment or sophisticated analytical thought and propose creative, pragmatic solutions for the final audit report.
• Drive audit teams in planning and executing validation procedures for internal audit and regulatory issues that require subject‑matter expertise.
• Organize and complete work within established budgets and time frames with minimal direction from audit management.
• Incorporate data analytics throughout all phases of the audit process.
• Support the department’s strategic objectives by informing and demonstrating clear alignment.
• Enhance leadership, decision‑making, and communication: possess strong management and interpersonal skills; make sound independent decisions, exhibit initiative and intuitive thinking.
• Proactively communicate audit status and potential issues to senior management, line‑of‑business seniors, and executives.
• Build strong partnerships with business stakeholders and audit team members.
• Demonstrate strong judgment, political astuteness, and cultural sensitivity.
• Coach and mentor junior audit team members through knowledge sharing tailored to their skills and experience.
• Adhere to applicable compliance/operational risk controls in accordance with company or regulatory standards and policies.
• Promote an environment that supports belonging and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points alongside any issues raised by external regulators.
• Complete other related duties as assigned.

This role operates independently within a matrix reporting environment and is responsible for the timely delivery of high‑quality, value‑added audit reports across complex business activities. Reports meet the requirements of the Audit Committee and regulatory expectations, ensuring ongoing compliance with professional auditing standards. The position directly communicates with senior, middle, and line management and external auditors, building strong partnerships with business stakeholders and audit team members.

Periodic interaction with external regulatory agencies is also required.

May provide coaching opportunities for audit professionals but is not responsible for performance management, compensation planning, or related duties.

Bachelor’s degree in Technology, Cybersecurity, Mathematics, Statistics, or a related technical field and a minimum of 7 years of relevant IT audit experience, including 2 years of work leadership experience. Alternatively, a combined minimum of 11 years of higher education and/or work experience (including 7 years of IT audit experience and 2 years of leadership). Must possess strong judgment, political astuteness, sensitivity to cultural commitment, strong project management and interpersonal skills, and effective negotiation skills.

MBA or Master’s degree in an appropriate field (Cybersecurity, Information Management, Information Systems, etc.) preferred. Relevant certifications such as CISA or CISSP are advantageous. Financial services industry experience is preferred.

Pay range: $ – $ Annual (USD).

Buffalo, New York, United States of America.

M&T Bank is unwavering when it comes to providing equal employment opportunities to all employees and applicants without regard to race, color, national origin, religion, ethnicity, sex, gender identity, age, disability, citizenship, pregnancy, veteran status, military status, marital status, sexual orientation, genetic information, or any other characteristic protected under applicable federal, state or local laws.

M&T Bank Corporation has policies and procedures in place to promote a drug‑free workplace.