Buffalo, NY, USA
14 days ago
CITP Investigations / Analyst Lead
Overview:

We are seeking an experienced Cybersecurity Insider Threat Investigative/Analyst Manager to lead our Data Loss Prevention (DLP) and Cybersecurity Insider Threat (CIT) analysts. This role will be responsible for overseeing threat detection and analysis, risk mitigation, and continuous program improvement. The ideal candidate will have a deep understanding of cybersecurity insider threat detection, user behavior analysis, and investigation techniques, combined with leadership and strategic skills to drive the maturation of M&T Bank’s Cybersecurity Insider Threat Program (CITP) program’s objectives.

The manager will collaborate closely with cybersecurity teams including HR, legal, privacy, compliance, digital forensic, fraud, financial crimes and other key departments to ensure timely detection, response, and mitigation of threat activity, while fostering a culture of security awareness

Primary Responsibilities:

Lead the design, development, and implementation of a comprehensive Cybersecurity Insider Threat and Data Loss Prevention Analysis and Investigations team. 

Oversee and mentor a team of both DLP and CIT analysts, providing guidance, mentoring, and strategic direction.

Define objectives, key performance indicators (KPIs), and metrics for the team, ensuring its alignment with organizational goals and regulatory requirements.

Conduct regular program reviews and improvements to adapt to emerging insider threats and trends.

Work with the CITP Engineering team to develop and manage monitoring and detection tools that analyze user and entity behavior to detect suspicious activities, data exfiltration, and policy violations.

Coordinate with the DLP and CIT Engineers to implement and optimize insider threat tools, such as User and Entity Behavior Analytics (UEBA), Data Loss Prevention (DLP) systems, and SIEM tools.

Oversee the creation and refinement of use cases and risk models to detect potential threats early.

Direct and oversee cybersecurity insider threat investigations, ensuring a thorough analysis of incidents to determine intent, impact, and mitigation steps.

Collaborate with IT, security, HR, and legal teams to conduct cross-functional investigations and implement appropriate remediation actions.

Serve as a point of escalation for complex cybersecurity insider threat investigations and lead post-incident reviews to identify process and policy gaps.

Manage incident response actions, ensuring timely and effective containment and remediation of insider threat activities.

Conduct risk assessments to identify high-risk employees, roles, and areas within the organization susceptible to insider threats.

Develop mitigation strategies to reduce the likelihood of insider incidents, including the implementation of technical controls and improved access management.

Ensure proper documentation and reporting of risk analysis and threat mitigation actions, adhering to internal policies and regulatory requirements.

Work closely with executive leadership to communicate insider threat risks, investigative findings, and recommended actions.

Serve as the primary liaison between the insider threat team and departments such as HR, legal, compliance, and IT.

Lead efforts to raise awareness and train staff on insider threats, ensuring a security-conscious culture throughout the organization.

Ensure that M&T Bank’s CITP complies with industry standards and regulations (e.g., NIST, ISO 27001, HIPAA, GDPR).

As needed, prepare and present reports to leadership and audit committees on CIT activities, program effectiveness, and ongoing risks.

Stay abreast of emerging insider threat tactics, technologies, and mitigation strategies, continuously enhancing detection and prevention capabilities.

Drive process improvement initiatives to enhance the efficiency and accuracy of threat detection and investigation workflows.

Perform regular CIT tabletop exercises and simulations to test the organization’s ability to respond to insider threats effectively.

Education and Experience Required:

Associates degree in applicable discipline and a minimum of 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience, including a minimum of 7 years’ relevant work experience

Minimum of 2 years’ work leadership, supervisory and/or managerial experience

Relevant work experience in two or more of the following Cybersecurity domains:  Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security Operations

Knowledge of Cybersecurity operational processes

Knowledge of Cybersecurity threats, vulnerabilities, emerging trends, and regulatory and operational impacts

Experience utilizing feedback to drive process and service improvement

Experience managing stakeholder relationships, including determining needs, requirements, and resources, and managing stakeholder expectations while committing to delivering quality results

Proven ability to communicate complex information, concepts, or ideas in a confident, accurate, and well-organized manner through verbal, written, and/or visual media

Experience adjusting to and operating in a diverse, challenging, and unpredictable fast-paced work environment

Experience coordinating, collaborating, and disseminating information to subordinate, peer, and leadership teams, departments, and organizations

Experience advising and providing assistance to operations and intelligence decision makers in response to dynamic situations

Experience managing and leading a Cybersecurity team of analysts, including training and development of staff

Experience serving as an escalation point for Cybersecurity incidents, vulnerabilities, and events

Technical experience and understanding of testing and maintaining network infrastructure requirements, including hardware and software systems

Prior experience translating functional organizational and department requirements into logical and technical Cybersecurity solutions

Experience with managing operations following organizationally-specific guidelines and documents

Knowledge of state, Federal, and industry-specific guidelines

Experience reviewing, verifying, and revising Cybersecurity and operational documentation reflecting the application or system security design features

Experience developing Cybersecurity strategies and plans

Education and Experience Preferred:

Bachelor degree in an applicable discipline

Minimum of 5 years’ demonstrated job progression and relevant work experience in two or more of the following Cybersecurity domains:  Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security Operations

M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $110,635.01 - $184,391.68 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.

LocationBuffalo, New York, United States of America
Confirm your E-mail: Send Email