Overview:Uses defensive measures and information collected from various sources to identify, analyze and report events occurring within the network to protect information, information systems and networks from threats. Recognizes corollary or potentially-related events to identify trends and impacts to the organization's security posture and proactively mitigates associated risks. Provides detailed reports, Standard Operating Procedures (SOPs) and documentation related to identified events and/or new process. Conducts trend and vulnerability analysis to categorize, interpret and provide recommendations for operational security changes or design to provide adequacy and efficiency of security defense. Coordinates with Cybersecurity teams, stakeholders and leadership to provide framework, design, threat and posture analysis and reporting. Provides advice and input for Disaster Recovery, Contingency and Continuity of Operations Plans. Provides mentorship of Operations team and participates and assists leadership with development and support of Cybersecurity Operations activities. Coordinates with individuals, teams and/or Subject Matter Expert (SME) with responsibilities including execution of Cybersecurity Operations strategies, Cybersecurity controls testing, review of Cybersecurity policies and standards and execution of enterprise Cybersecurity awareness and training programs.Primary Responsibilities:
-Characterize and analyze network traffic to identify anomalous activity and potential threats. Develop proactive solutions to enhance the organization's security posture.-Analyze, document, and monitor compliance with cybersecurity policies, procedures, and best practices. Create and update governance frameworks and processes to ensure organizational resiliency.-Participate in the development, review, and update of strategies, policies, and procedures. Research industry best practices and regulatory requirements to recommend policy enhancements.-Lead and coordinate technical assistance on digital evidence matters and manage the response to suspected cyber incidents, including notification of relevant stakeholders.-Conduct independent analysis of log files, evidence, and other information to develop reports, identify perpetrators, and recommend remediation efforts.-Oversee the development of technical documents, incident reports, and use cases. Maintain thorough digital logs and reports of events and incidents.-Collaborate with teams to create process documentation, reporting, and performance metrics. Develop and validate Standard Operating Procedures (SOPs).-Build relationships with stakeholders to ensure successful process implementation. Partner with cybersecurity, technology, and risk teams to mitigate risk through robust policies and procedures.-Coordinate remediation activities, including tracking progress and drafting key actions, timelines, and communication plans.-Align operational priorities within the Department's security strategy and represent the team on various committees. Communicate cybersecurity threats, risks, and mitigation strategies.-Provide timely notice of imminent threats and lead high-severity or emergency response events.-Adhere to risk and regulatory standards and ensure timely implementation of audit points and regulatory issues. Promote diversity and maintain internal control standards.-Conduct malware, threat, and log analysis and implement remediation efforts. Complete regular reports on Key Risk Indicators (KRI) and Key Performance Indicators (KPI) for network security events.-Complete other related duties as assigned.
Education and Experience Required:Associates degree in an applicable discipline and a minimum of 5 years’ relevant work experience in two (2) or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security Operations, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience, including a minimum of 5 years’ relevant experience in two (2) or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security OperationsUnderstanding of System Development Life Cycle (SDLC)Experience researching and recommending application development support software and hardware platforms through an understanding of client area function and deliverable requirements for current and future-state planningDetailed technical experience with mainframe, virtual and/or distributed computing environmentsPrior experience and demonstrated aptitude for quickly learning multiple new technical skills and supporting multiple systems, tools and processes across multiple disciplines and/or multiple teamsExperience actively leading complex problem and technical analysis walkthroughsExperience completing complex problem analysis and resolutionExperience completing multiple shift schedules to support 24x7 teamExperience acting as a surrogate team leader to assign, review, evaluate and prioritize team effortsEducation and Experience Preferred:Bachelor’s degree in an applicable discipline and 4 years’ relevant work experienceMinimum of 8 years’ relevant work experience in two (2) or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security OperationsExperience with the Bank’s application development support software and hardware platformsExperience introducing application development alternatives through an understanding of client area function and deliverable requirements for current and future-state planningExtensive technical experience with mainframe, virtual and/or distributed computing environmentsCISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified Risk and Information Systems Control) certification and one or more applicable Cybersecurity domain-related industry-recognized certification or concentration specialtiesExperience with one or more programming languages, with a focus on scripting-oriented languages (e.g., Python, PowerShell, etc.)Experience supporting multiple systems, tools and processesExperience as a surrogate team leader to assign, review, evaluate, and prioritize team effortsM&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $82,783.41 - $137,972.36 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation. The range listed above corresponds to our national pay range for this role. The specific pay range applicable to you may vary based on your location.LocationClanton, Alabama, United States of AmericaM&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer, including disabilities and veterans.
Full-time