CITP Investigations / Analyst Lead
: Job Details :

Overview:We are seeking an experienced Cybersecurity Insider Threat Investigative/Analyst Manager to lead our Data Loss Prevention (DLP) and Cybersecurity Insider Threat (CIT) analysts. This role will be responsible for overseeing threat detection and analysis, risk mitigation, and continuous program improvement. The ideal candidate will have a deep understanding of cybersecurity insider threat detection, user behavior analysis, and investigation techniques, combined with leadership and strategic skills to drive the maturation of M&T Bank's Cybersecurity Insider Threat Program (CITP) program's objectives.The manager will collaborate closely with cybersecurity teams including HR, legal, privacy, compliance, digital forensic, fraud, financial crimes and other key departments to ensure timely detection, response, and mitigation of threat activity, while fostering a culture of security awarenessPrimary Responsibilities:* Lead the design, development, and implementation of a comprehensive Cybersecurity Insider Threat and Data Loss Prevention Analysis and Investigations team.* Oversee and mentor a team of both DLP and CIT analysts, providing guidance, mentoring, and strategic direction.* Define objectives, key performance indicators (KPIs), and metrics for the team, ensuring its alignment with organizational goals and regulatory requirements.* Conduct regular program reviews and improvements to adapt to emerging insider threats and trends.* Work with the CITP Engineering team to develop and manage monitoring and detection tools that analyze user and entity behavior to detect suspicious activities, data exfiltration, and policy violations.* Coordinate with the DLP and CIT Engineers to implement and optimize insider threat tools, such as User and Entity Behavior Analytics (UEBA), Data Loss Prevention (DLP) systems, and SIEM tools.* Oversee the creation and refinement of use cases and risk models to detect potential threats early.* Direct and oversee cybersecurity insider threat investigations, ensuring a thorough analysis of incidents to determine intent, impact, and mitigation steps.* Collaborate with IT, security, HR, and legal teams to conduct cross-functional investigations and implement appropriate remediation actions.* Serve as a point of escalation for complex cybersecurity insider threat investigations and lead post-incident reviews to identify process and policy gaps.* Manage incident response actions, ensuring timely and effective containment and remediation of insider threat activities.* Conduct risk assessments to identify high-risk employees, roles, and areas within the organization susceptible to insider threats.* Develop mitigation strategies to reduce the likelihood of insider incidents, including the implementation of technical controls and improved access management.* Ensure proper documentation and reporting of risk analysis and threat mitigation actions, adhering to internal policies and regulatory requirements.* Work closely with executive leadership to communicate insider threat risks, investigative findings, and recommended actions.Serve as the primary liaison between the insider threat team and departments such as HR, legal, compliance, and IT.* Lead efforts to raise awareness and train staff on insider threats, ensuring a security-conscious culture throughout the organization.* Ensure that M&T Bank's CITP complies with industry standards and regulations (e.g., NIST, ISO 27001, HIPAA, GDPR).As needed, prepare and present reports to leadership and audit committees on CIT activities, program effectiveness, and ongoing risks.* Stay abreast of emerging insider threat tactics, technologies, and mitigation strategies, continuously enhancing detection and prevention capabilities.* Drive process improvement initiatives to enhance the efficiency and accuracy of threat detection and investigation workflows.* Perform regular CIT tabletop exercises and simulations to test the organization's ability to respond to insider threats effectively.Education and Experience Required:Associates degree in applicable discipline and a minimum of 7 years' relevant work experience, or in lieu of a degree, a combined minimum of 9 years' higher education and/or work experience, including a minimum of 7 years' relevant work experienceMinimum of 2 years' work leadership, supervisory and/or managerial experienceRelevant work experience in two or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security OperationsKnowledge of Cybersecurity operational processesKnowledge of Cybersecurity threats, vulnerabilities, emerging trends, and regulatory and operational impactsExperience utilizing feedback to drive process and service improvementExperience managing stakeholder relationships, including determining needs, requirements, and resources, and managing stakeholder expectations while committing to delivering quality resultsProven ability to communicate complex information, concepts, or ideas in a confident, accurate, and well-organized manner through verbal, written, and/or visual mediaExperience adjusting to and operating in a diverse, challenging, and unpredictable fast-paced work environmentExperience coordinating, collaborating, and disseminating information to subordinate, peer, and leadership teams, departments, and organizationsExperience advising and providing assistance to operations and intelligence decision makers in response to dynamic situationsExperience managing and leading a Cybersecurity team of analysts, including training and development of staffExperience serving as an escalation point for Cybersecurity incidents, vulnerabilities, and eventsTechnical experience and understanding of testing and maintaining network infrastructure requirements, including hardware and software systemsPrior experience translating functional organizational and department requirements into logical and technical Cybersecurity solutionsExperience with managing operations following organizationally-specific guidelines and documentsKnowledge of state, Federal, and industry-specific guidelinesExperience reviewing, verifying, and revising Cybersecurity and operational documentation reflecting the application or system security design featuresExperience developing Cybersecurity strategies and plansEducation and Experience Preferred:Bachelor degree in an applicable disciplineMinimum of 5 years' demonstrated job progression and relevant work experience in two or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security OperationsM&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $110,635.01 - $184,391.68 Annual (USD). The successful candidate's particular combination of knowledge, skills, and experience will inform their specific compensation.LocationBuffalo, New York, United States of America