Lead Incident Response Analyst

This role offers a hybrid work schedule at our Wilmington, DE Tech Hub Why Join M&T Bank? At M&T Bank, cybersecurity isn’t just a function—it’s a mission-critical pillar of trust and resilience. As a Lead Cyber Incident Response Analyst, you’ll be at the forefront of defending a top 20 U.S. bank’s digital infrastructure, working with a team that values precision, collaboration, and innovation. What You’ll Do: • Lead the response to complex cyber incidents, coordinating across threat intelligence, detection, and engineering teams - establishing relationships with business and technology leaders throughout the enterprise. • Develop and refine incident response playbooks and automation strategies. • Mentor junior analysts and contribute to the continuous improvement of detection and response capabilities. • Collaborate with cross-functional teams to ensure alignment with enterprise risk and compliance frameworks. • Consult on various aspects and impacts of technical threats to risk and business partners. What You’ll Gain: • Career Growth: M&T is deeply committed to internal mobility and professional development, offering access to leadership training, certifications, and mentorship programs. • Impactful Work: Your contributions will directly influence the bank’s ability to protect millions of customers and maintain regulatory excellence. Primary Responsibilities: • Determine root cause, scope of impact, and identify novel indicators of compromise or attack patterns of cybersecurity incidents through in-depth analysis and forensic investigation of incidents. • Contribute to refining and updating incident response plans based on lessons learned from previous incidents and industry best practices, ensuring they align with regulatory requirements. • Identify and recommend proactive measures to prevent future incidents, such as implementing security controls, making recommendations to technical security training, and assessing risk based on technical controls and potential impact. • Suggest avenues to advance investigation steps during an incident, contributing to effective and swift resolution of incident. • Partner with appropriate stakeholders to implement effective measures to contain and neutralize threats during incidents. • Lead interdepartmental teams to apply lessons learned to proactively implement measures that prevent future incidents. • Maintain detailed incident logs, including analysis and response activities, to support post-incident reviews, compliance requirements, and continuous improvement efforts and provide a reference for the future. • Provide clear and concise updates to stakeholders and management teams, including executive summaries, impact assessments, and recommendations for ongoing improvements to the incident response process. • Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite. Identify risk-related issues needing escalation to management. • Promote an environment that supports belonging and reflects the M&T Bank brand. • Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable. • Complete other related duties as assigned. Scope of Responsibilities: • The position exercises judgement in selecting methods, techniques, and evaluation criteria in obtaining results and exerts significant latitude in determining objective of assignment. Work is accomplished with limited direction • Primarily partners with individual contributors and people leaders from all business lines, up to directors and EVPs in business lines • Subject matter expert on multiple Cybersecurity platforms, applications, and tools within team • Leads documentation and execution of intermediate remediation plans that typically last between 1-2 months. • Leads large scale investigations and engagements across all business lines of the Bank. Supervisory/Managerial Responsibilities: No supervisory responsibilities. Education and Experience Required: • Bachelor's degree and a minimum of 5 years’ relevant work experience, inclusive of 2 years' Cybersecurity incidence response work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience, including a minimum of 5 years' relevant work experience, inclusive of a minimum of 2 years' Cybersecurity incident response work experience • Advanced understanding of multiple Cybersecurity platforms, applications, and tools within team • Prior experience remaining composed and solving problems in high stress situations Education and Experience Preferred: • Excellent verbal and written communication skills • Excellent interpersonal skills • Experience partnering with leaders to design solutions to business needs • Ability to influence incident response efforts inside and outside of Technology by leveraging project management principles, setting clear expectations, and escalating when appropriate • Ability to gain buy-in, related to incident response, of teams across the Bank through communicating priorities and risk • Prior experience prioritizing and delivering results across changing priorities and quickly changing landscape based on business and technology needs #LI-JB3 #Hybrid M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $121,698.75 - $202,831.26 (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation. LocationWilmington, Delaware, United States of America