Infrastructure Security Scanning Manager

Role Overview:

As the Manager of Infrastructure Security Management at M&T Bank, you will lead the implementation and management of enterprise security controls across M&T’s on-premise environment and cloud environment, providing strategic technical leadership, and fostering a culture of operational excellence among the teams you lead. This role is integral to our technology transformation journey, ensuring the security posture of our bank-wide infrastructure and applications.
 

Key Responsibilities:

• Lead the Cybersecurity Infrastructure Security team to develop a comprehensive strategy and roadmap to improve infrastructure security and securely enable M&T’s cloud journey

• Responsible for leading a multi-disciplinary team focused on designing risk based vulnerability assessments, including but are not limited to, vulnerability testing, configuration management, and database monitoring.

• Collaborate with cross-functional teams to integrate security measures into the infrastructure development, deployment, and monitoring

• Provide guidance and support to infrastructure partners on security best practices and ensuring adherence to M&T’s security posture

• Stay up to date on emerging threats and vulnerabilities, and proactively recommend security enhancements.

• Lead and mentor a team of infrastructure security professionals to ensure a strong security posture across all infrastructure including on-premise and cloud infrastructure components

• Own and manage Infrastructure Testing metric and remediation-related dashboards and reports.

• Own and manage infrastructure security scanning tools and vendor relationships.

• Develop analytics to evaluate and enhance the effectiveness of the vulnerability management program including, tools, technologies, policies.

• Communicate effectively with all levels of organizational leadership, conveying complex technical concepts in a clear and concise manner.

Minimum Required Qualifications:

• Bachelor’s degree and a minimum of 10 years’ of technology and cybersecurity domain experience, or in lieu of a degree, a combined minimum of 13 years’ higher education and/or work experience, including a minimum of 10 years’ of technology and cybersecurity domain experience.

• A minimum of 3+ years of technical supervisory or management experience, demonstrating the ability to lead and inspire cross-functional teams including management experience within vulnerability management

• Relevant work and leadership experience in two or more of the following Cybersecurity domains:  Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security Operations

• Proven experience managing multiple stakeholder relationships, including determining needs, requirements, and resources, and managing stakeholder expectations while committing to delivering quality results

• Proven experience communicating complex information, concepts, or ideas in a confident, accurate, and well-organized manner through verbal, written, and/or visual media

• Proven experience adjusting and operating in a diverse, challenging, and unpredictable fast-paced work environment

• Proven experience coordinating, collaborating, and disseminating information to multiple subordinate, peer, and leadership teams, departments, and organizations

• Prior experience advising and providing assistance to operations and intelligence decision makers in response to dynamic situations

Preferred Qualifications:

• Proven experience in infrastructure security, including vulnerability and configuration management in both on-premise and cloud environments

• Strong understanding of infrastructure and cloud-based infrastructure technologies, and protocols.

• Familiarity with industry standards and frameworks such as CVSS, EPSS, ISO 27001, and NIST.

• Experience with security testing tools and techniques.

• Excellent communication and leadership skills.

• Hands-on experience with infrastructure security tools and technologies.

• Familiarity with cloud security principles and practices.