Cybersecurity Senior Manager

Overview:   

Manages the activities and strategic priorities of multiple cybersecurity departments. Responsible for financial and human capital planning to ensure short- and long-term strategic efforts support and protect the Bank from internal and external cybersecurity threats.

Primary Responsibilities:

• Drive the development and execution of comprehensive cybersecurity strategies, ensuring alignment with overall cybersecurity vision and organizational needs.
• Lead the development and implementation of comprehensive cyber threat intelligence strategies, aligning them with the organization's overall cybersecurity objectives.
• Oversee the deployment of advanced threat hunting methodologies to proactively identify and mitigate potential security breaches within the organization's infrastructure.
• Guide the engineering team in developing, maintaining, and enhancing state-of-the-art threat detection tools and systems, ensuring they are robust, scalable, and capable of identifying emerging threats.
• Partner with Cyber senior leadership and Finance to direct business and financial resources effectively based on risk assessments and strategic priorities.
• Monitor and review the effectiveness of risk measurement strategy, update assessments and procedures in partnership with technology risk and enterprise risk teams and communicate risk status to senior management.
• Lead strategic initiatives across Cybersecurity that drive continuous improvement and operational efficiencies, while maintaining or improving overall outcomes.
• Collaborate with engineering and architecture teams to select appropriate security technologies that align with overall technology roadmap and cybersecurity goals.
• Leverage industry knowledge and expertise to inform best practices and policies, ensuring continued compliance with applicable laws and regulations.
• May represent organization in industry forums and regulatory engagements to understand and address cybersecurity-related legal and regulatory requirements.
• Create strong workforce plan to meet business needs, including (but not limited to) mentoring and coaching high potential team members, developing career paths and succession planning for key roles, identifying training needs and gaps, and establishing culture of knowledge sharing and collaboration.
• Guide creation and maintenance of internal Cybersecurity training needs to deliver security awareness and training programs across the Bank.
• Develop Cybersecurity strategy and programs that strategically meets the needs and addresses the challenges of the organization.
• Partner with procurement and vendor management teams to assess vendor security controls, conduct due diligence, and negotiate appropriate security provisions in contracts.
• Exercise usual authority of a manager concerning staffing, performance appraisals, promotions, salary recommendations, performance management and terminations.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities:

• Primary partners: CISO, CIO, Technology Directors
• Stakeholders: Regulators, Technology team, and the Bank
• Work is accomplished with minimal direction; strategizes team imperatives in alignment with Bank imperatives.
• Oversees 2 or more functions/teams or a department within Cybersecurity.
• This role may act as a lead Cybersecurity representative with Regulators.
• Accountable for developing and executing budget for functions/teams they oversee.
• This role manages one or more functions/teams/departments within Cybersecurity:
  • Operations and Threat – proactively identify, analyze, and respond to cyber threats, ensuring the Bank's digital assets are secure and resilient against potential risks and attacks. Functions/teams may include security operations center, governance & oversight, insider threat, data loss prevention, threat intel & hunt, incident response, detection & protection engineering
  • Cloud and Architecture – design, implement, and manage secure and resilient cloud-based infrastructure, ensuring the protection of data and applications in the digital environment
  • Security Assessments and Business Information Security Officers (BISO) – evaluate and enhance overall security posture through thorough assessments, aligning cybersecurity measures with business operations to mitigate risks effectively. Functions/teams may include vulnerability management, BISO, penetration testing & attack, third party assessments, static application security testing/dynamic application security testing (SAST/DAST)
  • Identity and Access Management – regulate and secure user access to digital resources, ensuring proper authentication and authorization measures are in place to protect sensitive information and prevent unauthorized access. Functions/teams may include service & delivery, privileged access management, infrastructure & tooling, governance & oversight, monitoring & logging
  • Security Engineering – design, implementation, and management of robust security measures and systems to protect digital assets, data, and networks from cybersecurity threats and unauthorized access. It encompasses various disciplines such as network security, access controls, and threat protection and detection, with the overarching goal of ensuring the confidentiality, integrity, and availability of information in the face of evolving cybersecurity risks

Manager Responsibility:

Typically leads a team of 25 or more FTEs (directly leading managers, and indirectly individual contributors)

Education and Experience Required:

• Bachelor's degree and a minimum of 9 years’ relevant work experience, or in lieu of a degree, a combined minimum of 13 years’ higher education and/or work experience.
• Demonstrated expert knowledge of Cybersecurity principles.
• Minimum of 8 years’ work experience in/with the specific cybersecurity function.
• Minimum 3 years’ managerial experience

Education and Experience Preferred:

• Eligibility to obtain a Top Secret/Sensitive Compartmented Information (TS/SCI) US Government Security Clearance
• Minimum of 8 years’ managerial experience
• Proven ability to mentor and lead cybersecurity people leaders and teams of people.
• Excellent communication skills.
• Excellent interpersonal skills.
• Proven ability to effectively convey message to technical and business leaders.
• Experience effectively influencing senior leaders.
• Proven experience strategically prioritizing across competing priorities and quickly changing landscape.
• Experience in a highly regulated industry environment, including building and maintaining effective relationships with external stakeholders.
• Advanced understanding of financial services regulations, compliance requirements, and risk management practices.
• Experience translating a strategic business objective into strategic cyber plans, programs, and initiatives.
• Expertise in cybersecurity innovation and emerging technologies.

#LI-JB3

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $154,629.62 - $257,716.03 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation. The range listed above corresponds to our national pay range for this role. The specific pay range applicable to you may vary based on your location.

LocationClanton, Alabama, United States of America