Cybersecurity Manager – Offensive Security

Cybersecurity Manager – Offensive Security

Requirements

• Bachelor’s degree and a minimum of 7 years’ relevant work experience, or in lieu of a degree, a combined minimum of 11 years’ higher education and/or work experience
• Demonstrated expert knowledge of Cybersecurity principles
• Minimum 6 years’ work experience in/with the specific cybersecurity function
• Minimum 2 years’ managerial experience

Responsibilities

• Lead and manage the Offensive Security Operations team, including red teamers, penetration testers, and adversary emulation specialists.
• Develop and execute the organization’s offensive security strategy aligned with risk management objectives and threat landscape insights.
• Oversee planning and execution of red team operations, penetration testing campaigns, and purple team exercises across enterprise environments.
• Coordinate cross-functional efforts with threat intelligence, blue team, and incident response teams to identify security gaps and drive remediation.
• Provide technical and operational leadership in the design and execution of complex adversarial simulations, leveraging frameworks such as MITRE ATT&CK and NIST.
• Prioritize work within function(s) of oversight and raise to senior leadership and finance to incorporate into financial plan.
• Manage team performance, mentoring, career development, and resource allocation to support both tactical and strategic initiatives.
• Present operational outcomes, risk findings, and mitigation strategies to senior leadership and stakeholders through well-crafted reports and briefings.
• Manage initiatives to identify and implement new/updated methodologies that ensure a proactive stance against risks.
• Interpret regulatory and compliance requirements, and partner with risk, legal, and engineering teams to ensure necessary controls are implemented.
• May present in regulatory engagements to understand and address cybersecurity-related legal and regulatory requirements.
• Create strong workforce plan to meet business needs, including (but not limited to) mentoring and coaching high potential team members, developing career paths and succession planning for key roles, identifying training needs and gaps, and establishing culture of knowledge sharing and collaboration.
• Contribute to the delivery of the Bank-wide information security training and awareness program.
• Collaborate with technology and business leaders to create program that meets Cybersecurity objectives and organization needs.
• Exercise usual authority of a manager concerning staffing, performance appraisals, promotions, salary recommendations, performance management and terminations.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis. Identify risk-related issues needing escalation to management.
• Promote an environment that supports diversity and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Preferred Qualifications

• Minimum of 6 years’ managerial experience
• Proven ability to mentor and lead cybersecurity individual contributors.
• Excellent communication
• Excellent interpersonal skills
• Ability to effectively articulate message to technical and business teams
• Experience effectively influencing peers and leaders.
• Experience prioritizing across competing priorities and quickly changing landscape.
• Experience in a highly regulated industry environment.
• Proficient understanding of financial services regulations, compliance requirements, and risk management practices.
• Ability to translate business objectives into strategic cyber plans, programs, and initiatives.