Overview:     

Guide the risk analysis and control development process that supports Commercial Banking technology and Enterprise Architecture.  Provide direction for risk identification and mitigation and serve as a key advisor as the Bank expands into digital asset products, including Wallet‑as‑a‑Service (WaaS), Bitcoin‑related offerings, and blockchain‑enabled capabilities. This role requires deep technical understanding of digital assets to assess emerging risks. The individual must bring strong experience in technology architecture development, process mapping, audit practices, and control design, using these skills to proactively identify risks and implement controls. Collaborates with cross‑functional risk, technology, cybersecurity, and business teams to enhance risk policies and contribute to organizational resilience.

Primary Responsibilities:

• Create, maintain, and analyze detailed process maps to identify points of correction, operational inefficiencies, and potential risks across digital‑asset workflows and Commercial Banking processes; translate findings into actionable controls and enhancements.
• Apply audit‑driven methodologies to evaluate Commercial Banking processes, ensuring adherence to regulatory expectations, internal standards, and industry best practices, especially in the digital‑asset domain.
• Serve as a subject‑matter expert with a Technology and Cybersecurity risk view on digital assets, including blockchain fundamentals, cryptocurrency custody models, wallets‑as‑a‑service, and transaction flows. Provide deep technical insight to guide safe product design and launch.
• Formulate and implement risk management plans, including reporting and documentation such as writing standards, reviewing non‑compliance, creating targeted risk assessments, leading risk and control self‑assessments, and summarizing findings for senior leadership.
• Lead compliance efforts for the Commercial Banking function, ensuring adherence to industry regulations and internal standards, particularly as they relate to digital‑asset products and blockchain‑based services.
• Act as a proactive first‑line risk owner, independently identifying emerging risks, control weaknesses, and areas requiring improvement across associated with Technology and Cybersecurity risk within Commercial Banking Technology’s digital‑asset initiatives and Enterprise Architecture, without waiting for issues to be escalated by second‑ or third‑line functions.
• Partner strategically with cross‑functional teams and senior leadership to ensure swift and effective action when events occur that are beyond or potentially beyond the Bank’s risk appetite, especially in the rapidly evolving digital‑asset landscape.
• Assist with preparation and response to regulatory engagements, including preparing materials, coordinating responses, and supporting exam management (template folders, first‑day letters, follow‑up requests).
• Assess implications of new methodologies and technologies, recommending ways for Technology and Cybersecurity Risk leadership to innovate risk management strategies while maintaining a proactive stance against emerging threats in digital‑asset products.
• Mentor newer analysts, fostering their professional growth and ensuring a high standard for all risk analysts within the team.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Identify risk‑related issues requiring escalation.
• Promote an environment that supports belonging and reflects the M&T Bank brand.
• Maintain internal control standards, including timely remediation of audit points and regulatory issues.
• Complete other related duties as assigned

Scope of Responsibilities:

• This position will interact primarily with individual contributors and people leaders within the Technology and Cybersecurity teams. It will have occasional to frequent interaction with senior leaders of Technology, Cybersecurity, the Risk Division and Internal Audit. 
• Work is accomplished with limited direction, and the incumbent exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results. It exerts significant latitude in determining objective of assignment. 
• This role will prepare materials for Regulators under the direction of senior Technology and Cybersecurity Risk leaders.

Education and Experience Required:

• Bachelor's degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience
• Demonstrated advanced knowledge of Technology and Cybersecurity risk principles
• Minimum of 4 years' relevant work experience in or with the specific Technology and/ or Cybersecurity risk area and/or business unit

Education and Experience Preferred:

• Applicable certification align to function or domain such as Certified in Risk and Information Systems Control (CRISC®), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP)
• Proficient level of critical thinking and able to lead problem solving
• Excellent communication and interpersonal skills
• Experience partnering with leadership to design solutions
• Excellent ability to strategically seek critical information, and apply to specific processes
• Prior experience prioritizing across competing priorities and quickly changing landscape, and deliver results aligned with priorities
• Proficient persuasive communication skills to gain buy-in of others

Location