Overview:

Provides strategic and tactical direction for the Insider Threat program in the Cybersecurity Department. Manages multiple teams and Subject Matter Experts (SMEs) with diverse responsibilities including, but not limited to, the development and execution of technology solutions, processes, and procedures involving data identification and labeling, data loss prevention, behavioral analytics used to detect and mitigate insider threats, and similar capabilities. Identifies and communicates Cybersecurity risks, emerging threats, and mitigation strategies in alignment with the organization's risk appetite. Represents Cybersecurity on various committees. Recommends and reports on Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) for areas of responsibility. Promotes awareness of Cybersecurity policy, standards, and governance among management and throughout the enterprise and ensures sound principles are reflected in the organization’s mission, vision, and goals.

Primary Responsibilities:

• Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel to support cybersecurity goals and objectives related to the Insider Threat program and reduce overall organizational risk.

• Lead multiple diverse stakeholders and manage multiple projects and initiatives concurrently to establish and maintain enterprise continuity of operations program, strategy, and mission assurance.

• Lead, manage, and oversee diverse security improvement actions across multiple teams to evaluate, validate, and implement solutions as required in support of the Insider Threat program.

• Lead, align, and manage cybersecurity priorities within the Department's overall security strategy and in coordination with closely related departments and within Cybersecurity.

• Actively manage, report, and lead efforts to define and improve the effectiveness of the enterprise's cybersecurity safeguards to ensure they provide the intended level of protection.

• Lead and oversee the preparation, creation, distribution, and maintenance of plans, instructions, guidance, and Standard Operating Procedures (SOPs) concerning the Insider Threat program within Cybersecurity Operations.

• Lead and oversee that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities within multiple teams or within the Division.

• Fully manage the protective or corrective measures when a cybersecurity incident or vulnerability is discovered from identification through resolution.

• Exercise usual authority of a manager concerning staffing, performance appraisals, promotions, salary recommendations, performance management, and terminations.

• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.

• Promote an environment that supports diversity and reflects the M&T Bank brand.

• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.

• Complete other related duties as assigned.

Scope of Responsibilities:

Manage with autonomy all facets of the Cybersecurity Insider Threat program. Responsible for developing effective technologies, processes, and procedures to properly detect and mitigate insider threats, and report related metrics to Cybersecurity management and various risk committees. Responsible for the development and generation of insider threat Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) along with the communication and escalation of identified threats to management and other teams within Cybersecurity Operations. Manages the planning, documenting, testing, implementation, and budgeting of all Cybersecurity-related work completed by the Insider Threat team. Responsible for forecasting service demands, staff performance, and requirements. Develop analytics to evaluate and enhance the effectiveness of the Insider Threat program including, tools, technologies, and policies.

Education and Experience Required:

Associate degree in an applicable discipline and a minimum of 9 years’ relevant work experience, or in lieu of a degree, a combined minimum of 11 years’ higher education and/or work experience, including a minimum of 9 years’ relevant work experience

Minimum of 2 years’ managerial experience

Relevant work and leadership experience in two or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing, and Security Operations

Demonstrated detailed knowledge and understanding of Cybersecurity operational processes

Demonstrated detailed knowledge of Cybersecurity threats, vulnerabilities, emerging trends, and regulatory and operational impacts, especially in Insider Threat domain

Demonstrated ability to utilize feedback to drive process and service improvement

Proven experience managing multiple stakeholder relationships, including determining needs, requirements, and resources, and managing stakeholder expectations while committing to delivering quality results

Proven experience communicating complex information, concepts, or ideas in a confident, accurate, and well-organized manner through verbal, written, and/or visual media

Proven experience adjusting and operating in a diverse, challenging, and unpredictable fast-paced work environment

Proven experience coordinating, collaborating, and disseminating information to multiple subordinate, peer, and leadership teams, departments, and organizations

Prior experience advising and providing assistance to operations and intelligence decision makers in response to dynamic situations

Education and Experience Preferred:

Bachelor degree in an applicable discipline

Minimum of 5 years’ managerial experience

Minimum of 9 years’ demonstrated job progression and relevant work experience in two or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing, and Security Operations

Prior experience managing and leading a Cybersecurity team of analysts and engineers, ideally in the area of Insider Threat, including training and development of staff

Prior experience forming, developing, and maturing an Insider Threat program

Prior experience serving as an escalation point for Cybersecurity incidents, vulnerabilities, and events

Detailed technical experience and understanding of testing and maintaining network infrastructure requirements, including hardware and software systems

Prior experience translating functional organizational and department requirements into logical and technical Cybersecurity solutions

Prior experience with managing operations following state, Federal, and organizationally specific guidelines and documents

Prior experience with reviewing, verifying, and revising Cybersecurity and operational documentation reflecting the application or system security design features

Prior experience with developing multiple Cybersecurity strategies and plans

About M&T

M&T Bank is a Top 20 US bank holding company and one of the best performing and financial stable regional banks in the country, we offer our technology employees a wide range of performance-based career development opportunities. We have a strong commitment to our customers and the communities we serve, and we continue to grow with a focus on the future. So, when looking to advance your career, look to M&T. Grow with us.

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $130,795.52 - $217,992.53 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

Location:

Buffalo, New York, United States of America

M&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer, including disabilities and veterans.