Internal IT Audit: Cloud Risk Specialization

Overview

Senior-level Internal Audit IT professional responsible for delivering assurance services related to the bank’s Cloud and Colo Data Center Migration and other technology and cybersecurity domains. The role facilitates the division’s strategic approach to cloud auditing, assesses the adequacy of governance structures, and leads execution of audit procedures over cloud-based infrastructure.

• Drive the completion and execution of assurance work specific to core technology infrastructure and cybersecurity audits, with focus on cloud risk management.
• Develop and execute cloud-specific audit programs, contributing to the overall audit plan.
• Stay current on best practices, industry developments, and emerging technology risks; advise audit teams and senior management on their impact.
• Build and maintain relationships with key technology management stakeholders.
• Manage work within established budgets and time frames with minimal direction, incorporating data analytics/AI throughout the audit process.
• Supervise and coach other audit staff as needed, providing professional development guidance.
• Maintain ongoing communication with first- and second-line risk management and oversight functions to align assurance activities.
• Ensure compliance with internal controls, regulatory standards, and company policies, and address any audit points or external regulator issues.

The role delivers high-quality, value-added audit reports that meet Audit Committee and regulatory expectations, communicating findings with senior, middle, and line management as well as external auditors.

• Bachelor’s degree in Computer Science, MIS, Technology, Cybersecurity or related technical field, or equivalent 11 years of education/work experience.
• Minimum seven years of relevant experience, including at least two years of work‑leadership experience.
• Detailed knowledge of audit theory and conducting audits of controls in cloud-based environments, especially Microsoft Azure.
• Understanding of industry frameworks guiding cloud computing risk management.
• Professional certification or active pursuit of certification (e.g., CCSP, CCAK, CCSK, CISSP).
• Strong project‑management, interpersonal and communication skills; ability to make independent, sound decisions.

• MBA or Master’s degree in an appropriate field.
• Experience auditing compute, database, network, and storage infrastructure risks, technology governance, risk management, modern software engineering practices, mainframe technology, and IT service management disciplines.
• Cloud‑risk or cloud‑audit‑oriented certification (e.g., CCSK or CCAK) and certifications such as CISSP.
• Knowledge of regulatory requirements/expectations related to technology and cybersecurity risks in the financial services industry.
• Proven ability to manage multiple work streams under tight deadlines and strong organizational resource‑management skills.

Hybrid: 4 days onsite per week; locations include Buffalo, NY;
Bridgeport, CT;
Wilmington, DE; open to candidates in Boston, MA or NYC willing to relocate.

Annual salary range: $ – $ (USD). Compensation is determined by experience and qualifications.

• Medical and retirement plans.
• 40 hours of paid volunteer time per year.
• Other competitive benefits.

M&T Bank is unwavering in providing equal employment opportunities to all employees and applicants without regard to race, color, national origin, religion, ethnicity, sex, gender identity, age, disability, citizenship, pregnancy, veteran status, marital status, sexual orientation, genetic information or any other characteristic protected under applicable federal, state, or local laws.