The Bank sponsors individuals for TN and H-1B transfers on a case by case basis. Please note that this position is not open to anyone on an F-1 student visa including those eligible for CPT/OPT or the Stem OPT extension.This role offers a hybrid work schedule; offering the flexibility to work remotely two days a week, while providing the opportunity for in-person collaboration at our Buffalo, NY Tech Hub.Overview:We are seeking a skilled and proactive Cybersecurity Insider Threat Analyst to join our team. In this role, you will focus on detecting, analyzing, and mitigating risks posed by insider threats, whether malicious or accidental, to safeguard the organization’s sensitive information and systems. You will work closely with various departments, including IT, HR, legal, and compliance, to monitor user behavior, identify potential insider threats, and respond to incidents swiftly and effectively.The ideal candidate has experience in cybersecurity, strong communication skills, experience with threat detection tools, the ability to analyze behavioral data to identify anomalous activities and is comfortable facilitating investigations across key stakeholders.Primary Responsibilities:
Continuously monitor user behavior across networks, systems, and applications using User and Entity Behavior Analytics (UEBA) and Security Information and Event Management (SIEM) tools to identify suspicious activities.
Develop and refine use cases and rules for detecting potential insider threats based on patterns of behavior, unusual access, and data exfiltration.
Analyze logs, alerts, and security data to detect insider threats in real-time and escalate as necessary.
Perform detailed investigations into potential insider threats, including the collection and analysis of security logs, employee actions, and access controls.
Collaborate with Employee Relations, Legal, Digital Forensics, Incident Response, Data Loss Prevention, and other key partners to support insider threat investigations, providing detailed findings and recommendations for remediation.
Analyze the root cause of insider threat incidents and develop strategies to prevent future occurrences.
Conduct forensic analysis on systems and data to investigate incidents and build reports on malicious, accidental, or negligent insider activities.
Participate in risk assessments to identify and prioritize insider threat risks within the organization, developing strategies to mitigate those risks.
Assist in the development of insider threat risk profiles for employees, contractors, and third-party vendors based on access levels and risk factors.
Recommend improvements to policies and procedures to reduce the likelihood of insider threats, such as privileged access management and stricter controls on sensitive data access.
Respond to insider threat incidents by working with cross-functional teams to contain the threat, mitigate damage, and execute recovery efforts.
Maintain thorough documentation of incident investigations, findings, and remediation actions for future reference and regulatory compliance.
Provide regular reports to senior management and the Insider Threat Program Manager, outlining trends, threat metrics, and the overall risk posture of the organization.
Collaborate with other security analysts and engineers to align insider threat monitoring with broader cybersecurity efforts and ensure a holistic security approach.
Communicate potential insider threat risks and incidents to leadership, ensuring transparency and timely action.
Help develop and deliver security awareness training focused on insider threats, ensuring employees understand the risks and their role in preventing insider attacks.
Promote a security-first culture by raising awareness of insider threat behaviors and best practices for data and system security across the organization.
Stay updated on the latest trends, techniques, and tools related to insider threats and cybersecurity.
Continuously refine and improve insider threat detection methodologies and tools to enhance the organization's ability to detect, respond to, and prevent threats.
Conduct post-incident reviews to assess the effectiveness of detection and response processes, recommending improvements for future incidents.
Understand and adhere to the Company’s risk and regulatory standards, policies and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management.
Promote an environment that supports diversity and reflects the M&T Bank brand.
Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
Complete other related duties as assigned.
Education and Experience Required:Associates degree in an applicable discipline and a minimum of 5 years’ relevant work experience in two (2) or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security Operations, or in lieu of a degree, a combined minimum of 7 years’ higher education and/or work experience, including a minimum of 5 years’ relevant experience in two (2) or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security OperationsUnderstanding of System Development Life Cycle (SDLC)Experience researching and recommending application development support software and hardware platforms through an understanding of client area function and deliverable requirements for current and future-state planningDetailed technical experience with mainframe, virtual and/or distributed computing environmentsPrior experience and demonstrated aptitude for quickly learning multiple new technical skills and supporting multiple systems, tools and processes across multiple disciplines and/or multiple teamsExperience actively leading complex problem and technical analysis walkthroughsExperience completing complex problem analysis and resolutionExperience completing multiple shift schedules to support 24x7 teamExperience acting as a surrogate team leader to assign, review, evaluate and prioritize team effortsEducation and Experience Preferred:Bachelor’s degree in an applicable discipline and 4 years’ relevant work experienceMinimum of 8 years’ relevant work experience in two (2) or more of the following Cybersecurity domains: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Testing and Security OperationsExperience with the Bank’s application development support software and hardware platformsExperience introducing application development alternatives through an understanding of client area function and deliverable requirements for current and future-state planningExtensive technical experience with mainframe, virtual and/or distributed computing environmentsCISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified Risk and Information Systems Control) certification and one or more applicable Cybersecurity domain-related industry-recognized certification or concentration specialtiesExperience with one or more programming languages, with a focus on scripting-oriented languages (e.g., Python, PowerShell, etc.)Experience supporting multiple systems, tools and processesExperience as a surrogate team leader to assign, review, evaluate, and prioritize team effortsM&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $82,783.41 - $137,972.36 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.LocationBuffalo, New York, United States of AmericaM&T Bank Corporation is an Equal Opportunity/Affirmative Action Employer, including disabilities and veterans.