Cybersecurity Team Lead - Firewall Engineering

This role offers a hybrid work schedule; offering the flexibility to work from home two days a week, while providing the opportunity for in-person collaboration. 

At M&T Tech, we’re a team of makers, doers, and builders, working to create the most advanced technology solutions in banking.  We’re not your stereotypical suit and tie bankers: we’re an innovative team of leading tech experts, pushing boundaries, and taking risks.  We’re building an agile team of the most skilled and creative workers to solve complex problems, architect solutions, write high-performance software, and chart our new path, all to make the lives of our customers, and the communities that we serve, better.  Join us and be part of something new as we build tomorrow’s bank, today.

Overview:  

Manages the activities of one or multiple cybersecurity teams. Responsible for financial and human capital planning to ensure short- and long-term priorities support and protect the Bank from internal and external cybersecurity threats.

Primary Responsibilities:

• Develop and implement comprehensive plan, policies, and procedures related to immediate function(s) of oversight.

• Identify priorities within function(s) of oversight and raise to senior leadership to incorporate into financial plan.

• Create and implement security controls related to immediate function(s) of oversight to mitigate risk and secure the bank.

• Coordinate initiatives assessing the security implications of new/updated methodologies to enhance overall cybersecurity controls and processes.

• Partner with incident response teams to ensure that plans are regularly reviewed, updated, and tested to align with emerging threats and best practices.

• Oversee technology and systems, including identifying, evaluating, and recommending systems to use within immediate function of oversight.

• Partner with more senior Cybersecurity leaders to establish and maintain appropriate cyber controls, policies, and procedures.

• Develop and execute workforce plan, including recruiting and developing team members to align with their career goals and support the broader cyber team's needs.

• Contribute to the delivery of the Bank wide information security training and awareness program.

• Build strong partnerships with stakeholders to ensure immediate function(s) of oversight meets the Cybersecurity objectives.

• Exercise usual authority of a manager concerning staffing, performance appraisals, promotions, salary recommendations, performance management and terminations.

• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.

• Promote an environment that supports diversity and reflects the M&T Bank brand.

• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.

• Complete other related duties as assigned.

Scope of Responsibilities:

• Primary partners: Cybersecurity Senior Managers and Managers.

• Stakeholders: Technology team and the Bank.

• Work is accomplished with limited direction; translates Cybersecurity imperatives to objectives within team.

• Oversees 1 or more function(s)/team(s) within Cybersecurity.

• Typically leads a team of 5-10 FTEs (entry to mid-level individual contributors).

• Provides input for budget as it pertains to specific team needs, and accountable for meeting budget.

• This role manages one or more functions/teams/departments within Cybersecurity:

  • Operations and Threat – proactively identify, analyze, and respond to cyber threats, ensuring the Bank's digital assets are secure and resilient against potential risks and attacks. Functions/teams may include security operations center, governance & oversight, insider threat, data loss prevention, threat intel & hunt, incident response, detection & protection engineering

  • Cloud and Architecture – design, implement, and manage secure and resilient cloud-based infrastructure, ensuring the protection of data and applications in the digital environment

  • Security Assessments and Business Information Security Officers (BISO) – evaluate and enhance overall security posture through thorough assessments, aligning cybersecurity measures with business operations to mitigate risks effectively. Functions/teams may include vulnerability management, BISO, penetration testing & attack, third party assessments, static application security testing/dynamic application security testing (SAST/DAST)

  • Identity and Access Management – regulate and secure user access to digital resources, ensuring proper authentication and authorization measures are in place to protect sensitive information and prevent unauthorized access. Functions/teams may include service & delivery, privileged access management, infrastructure & tooling, governance & oversight, monitoring & logging

  • Security Engineering – design, implementation, and management of robust security measures and systems to protect digital assets, data, and networks from cybersecurity threats and unauthorized access. It encompasses various disciplines such as network security, access controls, and threat protection and detection, with the overarching goal of ensuring the confidentiality, integrity, and availability of information in the face of evolving cybersecurity risks

Manager Responsibility:

Typically leads a team of 5-10

Education and Experience Required:

• Bachelor's degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience

• Demonstrated knowledge of enterprise network principles.

• Demonstrated advanced knowledge of Cybersecurity principles.

• Minimum 4 years’ work experience in/with the specific cybersecurity function.

• Minimum 1 year’s managerial experience.

Education and Experience Preferred:

• Minimum of 2 years’ managerial experience.

• Vendor management

• Agile experience

• Proven ability to train and mentor cybersecurity individual contributors.

• Excellent communication skills

• Excellent interpersonal skills.

• Proficient persuasive communication skills to gain buy-in of others.

• Experience prioritizing across competing priorities and quickly changing landscape.

• Experience in a highly regulated industry environment.

• Understanding of financial services regulations, compliance requirements, and risk management practices.

We support our team members with generous benefits. 

• Competitive compensation 

• Health, welfare, and retirement benefits 

• 401(k) match at 5% 

• Work-life balance and flexible work arrangements 

• Banking Officers start with 25 days PTO plus 12 paid holidays  

• 40 hours paid volunteer hours per year 

• Much more. For details, see: M&T Benefits Overview

About M&T

M&T Bank is a Top 20 US bank holding company and one of the best performing and financial stable regional banks in the country, we offer our technology employees a wide range of performance-based career development opportunities. We have a strong commitment to our customers and the communities we serve, and we continue to grow with a focus on the future. So, when looking to advance your career, look to M&T. Grow with us.

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $110,635.01 - $184,391.68 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America