Senior First Line Risk Specialist – Technology
Wilmington, New Castle County, Delaware, 19894, USA
Listed on 2026-07-18
-
IT/Tech
Cybersecurity, Information Security
This role is four days onsite at our Wilmington, DE, location, with the flexibility to work from home one day per week.
OverviewLeads risk assessments and control evaluations for complex Technology initiatives, influencing the organization's risk framework and providing advanced guidance to leadership for informed decision-making aligned with business objectives and regulatory expectations.
Primary Responsibilities- Develop and implement strategic approaches for evaluating technology and cybersecurity risks, control effectiveness, and audit readiness across critical technology capabilities.
- Lead complex risk assessments, control reviews, risk and control self-assessments (RCSAs), audit support activities, and process evaluations to identify, assess, and communicate risks and control gaps.
- Develop and execute risk management frameworks and programs that align technology practices with business objectives, internal control standards, and regulatory requirements.
- Partner with Technology, Cybersecurity, Risk Management, Internal Audit, and business stakeholders to assess control environments, evaluate risk exposure, and support remediation of identified issues.
- Drive adherence to risk management, governance, and control frameworks while providing expert guidance on regulatory expectations, audit requirements, and industry best practices.
- Lead and independently manage complex bodies of work, including risk reviews, control assessments, audit engagement support, regulatory preparedness activities, and cross‑functional initiatives with limited oversight.
- Coordinate preparation for regulatory examinations, internal audits, and external reviews, including reviewing responses for accuracy, managing documentation requests, organizing exam materials, and tracking follow‑up actions.
- Collaborate with senior leaders across Technology, Cybersecurity, Risk, Internal Audit, and Regulatory Affairs to support effective risk governance and regulatory compliance.
- Identify opportunities to enhance risk management and control evaluation methodologies and recommend improvements that strengthen the organization's overall risk posture.
- Provide guidance and mentorship to analysts and risk professionals, sharing expertise in risk management, audit practices, controls, and regulatory expectations.
- Contribute to the design and delivery of training programs that strengthen knowledge of technology risk, cybersecurity risk, governance, controls, and audit readiness.
- Understand and adhere to the Company's risk and regulatory standards, policies, and controls in accordance with the Company's Risk Appetite.
- Identify risk‑related issues requiring escalation.
- Promote an environment that supports belonging and reflects the M&T Bank brand.
- Maintain M&T internal control standards, including timely implementation of audit recommendations, regulatory actions, and remediation activities.
- Complete other related duties as assigned.
This role primarily interacts with senior people leaders within the Technology and Cybersecurity teams, senior people leaders of Technology and Cybersecurity Risk, and internal partners such as the Risk Division, Internal Audit, and Regulatory Affairs. Work is accomplished with periodic direction. The position exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results. It exerts significant latitude in determining objective of assignment and takes calculated risks with consultation from expert.
This role may present to Regulators under direction of senior Technology and Cybersecurity Risk leaders.
- Bachelor's degree and a minimum of 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 11 years’ higher education and/or work experience.
- Demonstrated expert knowledge of Technology, Cybersecurity, Audit and/or risk principles.
- Minimum of 6 years’ relevant work experience in or with the specific Technology, Audit, Cybersecurity risk area and/or business unit.
- Master's degree in Information Technology, Computer Science, Cybersecurity, Business Administration, Accounting, Finance,…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).