Position Overview
The Strategic Advisor to the CISO is a senior executive leader and trusted partner to the Chief Information Security Officer, helping shape and execute the Bank’s enterprise cybersecurity strategy. With a scope and influence comparable to a Deputy CISO, the position focuses on driving strategic execution, delivering measurable business outcomes, and enhancing the effectiveness of the cybersecurity organization, without direct people management responsibility.
As a visible industry leader, the Strategic Advisor cultivates key external partnerships, influences cybersecurity best practices, and elevates the Bank’s voice within the broader security community.
Key Responsibilities
Strategic Leadership & Cybersecurity Strategy
- Serve as a trusted advisor to the CISO to on cybersecurity strategy, risk management, and organizational priorities
- Advise on cybersecurity strategy with Technology, Enterprise Risk, and Compliance frameworks
- Provide thought leadership on emerging threats, industry trends, and leading practices
- Advise on emerging technologies, threats, and trends to maintain a leading security posture
- Serve as acting CISO, as needed, ensuring continuity of leadership and decision-making
Strategic Execution & Organizational Effectiveness
- Drive execution of high-priority cybersecurity initiatives, ensuring alignment with business and regulatory expectations
- Translate executive-level strategy into actionable plans across security operations, engineering, and risk teams
- Drive accountability across initiatives through disciplined tracking of milestones, risks, and outcomes
- Evaluate current cybersecurity capabilities and recommend improvements to maturity, resilience, and efficiency
- Act as a force multiplier during incidents, priority projects, or periods of heightened risk, supporting coordination and decision-making
Executive Engagement & Cross-Functional Partnership
- Partner with senior technology, risk, audit, and business leaders to ensure integrated cybersecurity outcomes
- Support board-level and executive communications, including preparation of materials, briefings, and messaging
Technology Governance & Risk Management
- Ensure responsible adoption of AI, including governance, risk mitigation, and secure implementation practices
External Leadership & Industry Influence
- Maintain strong relationships with regulators, law enforcement, and industry groups
- Represent the Bank in external forums and contribute to sector-wide cybersecurity initiatives
- Enhance the Bank’s reputation as a cybersecurity thought leader
Scope of Role
- Enterprise-wide cybersecurity advisory influence
- No direct reports; operates through influence and partnership
- Broad engagement across cyber operations, engineering, governance, and risk functions
- Direct access to executive leadership and key stakeholders
Success Measures
- Acceleration of key cybersecurity initiatives
- Improved operational execution and program maturity
- Enhanced executive and board-level clarity on cybersecurity posture
- Tangible risk reduction and resilience improvements
Minimum Experience Required
- Bachelor’s degree and a minimum of 11 years’ cybersecurity and/or large technical program experience, which includes a minimum of 7 years’ cybersecurity experience, or in lieu of a degree, combined minimum of 15 years’ higher education and/or work experience including a minimum of 11 years’ cybersecurity and/or large technical program experience with a minimum of 7 years cybersecurity experience
- Minimum of 4 years’ managerial experience
- US Citizen and eligibility to obtain a US Government Security Clearance (within 12 months of start date)
- Advanced knowledge of related cybersecurity functions
Ideal Experience
- Previous CISO or Deputy CISO experience at a large financial institution
- 15+ years of progressive experience in cybersecurity, information security, or technology risk
- Senior leadership experience within a large, highly regulated financial institution
- Deep knowledge of cloud, data platforms, and modern engineering practices
- Proven ability to translate strategy into measurable outcomes at scale
- Experience leading complex, cross-functional initiatives
- Strong understanding of regulatory expectations and cyber risk frameworks
- Experience engaging with regulators, industry bodies, and government partners
M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $201,200.00 - $335,300.00 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.
Location
Buffalo, New York, United States of America