Lead Cybersecurity Incident Response Analyst

This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Wilmington, DE Tech Hub

Why Join M&T Bank?

At M&T Bank, cybersecurity isn’t just a function—it’s a mission-critical pillar of trust and resilience. As a Lead Cyber Incident Response Analyst, you’ll be at the forefront of defending a top 20 U.S. bank’s digital infrastructure, working with a team that values precision, collaboration, and innovation.

What You’ll Do:

• Lead the response to complex cyber incidents, coordinating across threat intelligence, detection, and engineering teams - establishing relationships with business and technology leaders throughout the enterprise.
• Develop and refine incident response playbooks and automation strategies.
• Mentor junior analysts and contribute to the continuous improvement of detection and response capabilities.
• Collaborate with cross-functional teams to ensure alignment with enterprise risk and compliance frameworks.
• Consult on various aspects and impacts of technical threats to risk and business partners.

What You’ll Gain:

• Career Growth: M&T is deeply committed to internal mobility and professional development, offering access to leadership training, certifications, and mentorship programs.
• Impactful Work: Your contributions will directly influence the bank’s ability to protect millions of customers and maintain regulatory excellence.

Primary Responsibilities:

• Determine root cause, scope of impact, and identify novel indicators of compromise or attack patterns of cybersecurity incidents through in-depth analysis and forensic investigation of incidents.
• Contribute to refining and updating incident response plans based on lessons learned from previous incidents and industry best practices, ensuring they align with regulatory requirements.
• Identify and recommend proactive measures to prevent future incidents, such as implementing security controls, making recommendations to technical security training, and assessing risk based on technical controls and potential impact.
• Suggest avenues to advance investigation steps during an incident, contributing to effective and swift resolution of incident.
• Partner with appropriate stakeholders to implement effective measures to contain and neutralize threats during incidents.
• Lead interdepartmental teams to apply lessons learned to proactively implement measures that prevent future incidents.
• Maintain detailed incident logs, including analysis and response activities, to support post-incident reviews, compliance requirements, and continuous improvement efforts and provide a reference for the future.
• Provide clear and concise updates to stakeholders and management teams, including executive summaries, impact assessments, and recommendations for ongoing improvements to the incident response process.

• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.
• Promote an environment that supports belonging and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Scope of Responsibilities:

• The position exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results and exerts significant latitude in determining objective of assignment.  Work is accomplished with limited direction
• Primarily partners with individual contributors and people leaders from all business lines, up to directors and EVPs in business lines
• Subject matter expert on multiple Cybersecurity platforms, applications, and tools within team
• Leads documentation and execution of intermediate remediation plans that typically last between 1-2 months.
• Leads large scale investigations and engagements across all business lines of the Bank.

Supervisory/Managerial Responsibilities:

No supervisory responsibilities.

Education and Experience Required:

• Bachelor's degree and a minimum of 5 years’ relevant work experience, inclusive of 2 years' Cybersecurity incidence response work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience, including a minimum of 5 years' relevant work experience, inclusive of a minimum of 2 years' Cybersecurity incident response work experience
• Advanced understanding of multiple Cybersecurity platforms, applications, and tools within team
• Prior experience remaining composed and solving problems in high stress situations

Education and Experience Preferred:

• Excellent verbal and written communication skills
• Excellent interpersonal skills
• Experience partnering with leaders to design solutions to business needs
• Ability to influence incident response efforts inside and outside of Technology by leveraging project management principles, setting clear expectations, and escalating when appropriate
• Ability to gain buy-in, related to incident response, of teams across the Bank through communicating priorities and risk
• Prior experience prioritizing and delivering results across changing priorities and quickly changing landscape based on business and technology needs

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $121,698.75 - $202,831.26 (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationWilmington, Delaware, United States of America