This role offers a hybrid work schedule providing the opportunity for in-person collaboration at our Wilmington, DE Tech Hub.
Manages the activities of a cybersecurity team with a specialized focus on Active Directory (AD) engineering and identity management. Responsible for financial and human capital planning to ensure short- and long-term priorities support and protect the Bank from internal and external cybersecurity threats, particularly those related to authentication, access control, and directory infrastructure.
Develop and implement comprehensive plans, policies, and procedures for Active Directory architecture, identity governance, and access management.
Lead the design, deployment, and lifecycle management of AD infrastructure, including domain controllers, forests, trusts, and group policy objects (GPOs).
Create and implement security controls related to AD function(s) of oversight to mitigate risk and secure the bank.
Oversee initiatives assessing the security implications of new/updated AD methodologies, including hybrid identity models and cloud integrations (e.g., Azure AD).
Partner with incident response teams to ensure AD-related response plans are regularly reviewed, updated, and tested against emerging threats such as credential theft and privilege escalation.
Evaluate and recommend tools and technologies for AD monitoring, auditing, and automation (e.g., PowerShell scripting, identity lifecycle tools).
Partner with more senior Cybersecurity leaders to establish and maintain appropriate cyber controls, policies, and procedures.
Develop and execute workforce plan, including recruiting and developing team members to align with their career goals and support the broader cyber team's needs.
Contribute to the delivery of the Bankwide information security training and awareness program.
Build strong partnerships with stakeholders to ensure immediate function(s) of oversight meets the Cybersecurity objectives.
Exercise usual authority of a manager concerning staffing, performance appraisals, promotions, salary recommendations, performance management and terminations.
Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
Promote an environment that supports belonging and reflects the M&T Bank brand.
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
Complete other related duties as assigned.
Primary partners: Cybersecurity Senior Managers and Managers.
Stakeholders: Technology team and the Bank.
Work is accomplished with limited direction; translates Cybersecurity imperatives to objectives within team.
Oversees Active Directory engineering
Typically leads a team of 5-10 FTEs (entry to mid-level individual contributors).
Provides input for budget as it pertains to specific team needs, and accountable for meeting budget.
This role manages one or more functions/teams/departments within Cybersecurity:
Security Engineering – design, implementation, and management of robust security measures and systems to protect digital assets, data, and networks from cybersecurity threats and unauthorized access. It encompasses various disciplines such as network security, access controls, and threat protection and detection, with the overarching goal of ensuring the confidentiality, integrity, and availability of information in the face of evolving cybersecurity risks
Typically leads a team of 5-10 FTEs (entry to mid-level individual contributors)
Bachelor's degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience
Demonstrated advanced knowledge of Cybersecurity principles.
Minimum 4 years’ work experience in/with the specific cybersecurity function.
Minimum 1 year’s managerial experience.
Minimum of 2 years’ managerial experience.
Proven ability to train and mentor cybersecurity individual contributors.
Excellent communication skills
Excellent interpersonal skills.
Proficient persuasive communication skills to gain buy-in of others.
Experience prioritizing across competing priorities and quickly changing landscape.
Experience in a highly regulated industry environment.
Understanding of financial services regulations, compliance requirements, and risk management practices.
#LI-JB3 #Hybrid
M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $128,100.00 - $213,500.00 (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.