Cybersecurity Manager - Offensive Security

This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub.

Overview:   

Manages the activities and strategic priorities of one or multiple cybersecurity teams. Responsible for financial and human capital planning to ensure short- and long-term priorities support and protect the Bank from internal and external cybersecurity threats.

Primary Responsibilities:

• Lead and manage the Offensive Security Operations team, including red teamers, penetration testers, and adversary emulation specialists.
• Develop and execute the organization’s offensive security strategy aligned with risk management objectives and threat landscape insights.
• Oversee planning and execution of red team operations, penetration testing campaigns, and purple team exercises across enterprise environments.
• Coordinate cross-functional efforts with threat intelligence, blue team, and incident response teams to identify security gaps and drive remediation.
• Provide technical and operational leadership in the design and execution of complex adversarial simulations, leveraging frameworks such as MITRE ATT&CK and NIST.
• Prioritize work within function(s) of oversight and raise to senior leadership and finance to incorporate into financial plan.
• Manage team performance, mentoring, career development, and resource allocation to support both tactical and strategic initiatives.
• Present operational outcomes, risk findings, and mitigation strategies to senior leadership and stakeholders through well-crafted reports and briefings.
• Manage initiatives to identify and implement new/updated methodologies that ensure a proactive stance against risks.
• Interpret regulatory and compliance requirements, and partner with risk, legal, and engineering teams to ensure necessary controls are implemented.
• May present in regulatory engagements to understand and address cybersecurity-related legal and regulatory requirements.
• Create strong workforce plan to meet business needs, including (but not limited to) mentoring and coaching high potential team members, developing career paths and succession planning for key roles, identifying training needs and gaps, and establishing culture of knowledge sharing and collaboration.
• Contribute to the delivery of the Bank-wide information security training and awareness program.
• Collaborate with technology and business leaders to create program that meets Cybersecurity objectives and organization needs.
• Exercise usual authority of a manager concerning staffing, performance appraisals, promotions, salary recommendations, performance management and terminations.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities:

• Primary partners: CISO, Cybersecurity Directors and Senior Managers
• Stakeholders: Technology team and the Bank
• Work is accomplished with minimal direction; strategizes team goals based on Cybersecurity imperatives.
• Oversees a minimum of 2 functions/teams within Cybersecurity.
• This role may present to Regulators.
• Accountable for informing and meeting budget for functions/teams they oversee.

Manager Responsibility:

Typically leads a team of 5-10 FTE

Education and Experience Required:

• Bachelor's degree and a minimum of 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 11 years’ higher education and/or work experience
• Demonstrated expert knowledge of Cybersecurity principles.
• Minimum 6 years’ work experience in/with the specific cybersecurity function
• Minimum 2 years’ managerial experience

Education and Experience Preferred:

• Minimum of 6 years’ managerial experience
• Proven ability to mentor and lead cybersecurity individual contributors.
• Excellent communication
• Excellent interpersonal skills
• Ability to effectively articulate message to technical and business teams
• Experience effectively influencing peers and leaders.
• Experience prioritizing across competing priorities and quickly changing landscape.
• Experience in a highly regulated industry environment.
• Proficient understanding of financial services regulations, compliance requirements, and risk management practices.
• Ability to translate business objectives into strategic cyber plans, programs, and initiatives.

 #LI-JB3 #Hybrid

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $130,795.52 - $217,992.53 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America