Position Overview
The Strategic Advisor to the CISO is a senior executive leader and trusted partner to the Chief Information Security Officer, helping shape and execute the Bank’s enterprise cybersecurity strategy. With a scope and influence comparable to a Deputy CISO, the position focuses on driving strategic execution, delivering measurable business outcomes, and enhancing the effectiveness of the cybersecurity organization, without direct people management responsibility.
As a visible industry leader, the Strategic Advisor cultivates key external partnerships, influences cybersecurity best practices, and elevates the Bank’s voice within the broader security community.
Key Responsibilities
Strategic Leadership & Cybersecurity Strategy
-
Serve as a trusted advisor to the CISO to on cybersecurity strategy, risk management, and organizational priorities
-
Advise on cybersecurity strategy with Technology, Enterprise Risk, and Compliance frameworks
-
Provide thought leadership on emerging threats, industry trends, and leading practices
-
Advise on emerging technologies, threats, and trends to maintain a leading security posture
-
Serve as acting CISO, as needed, ensuring continuity of leadership and decision-making
Strategic Execution & Organizational Effectiveness
-
Drive execution of high-priority cybersecurity initiatives, ensuring alignment with business and regulatory expectations
-
Translate executive-level strategy into actionable plans across security operations, engineering, and risk teams
-
Drive accountability across initiatives through disciplined tracking of milestones, risks, and outcomes
-
Evaluate current cybersecurity capabilities and recommend improvements to maturity, resilience, and efficiency
-
Act as a force multiplier during incidents, priority projects, or periods of heightened risk, supporting coordination and decision-making
Executive Engagement & Cross-Functional Partnership
-
Partner with senior technology, risk, audit, and business leaders to ensure integrated cybersecurity outcomes
-
Support board-level and executive communications, including preparation of materials, briefings, and messaging
Technology Governance & Risk Management
-
Ensure responsible adoption of AI, including governance, risk mitigation, and secure implementation practices
External Leadership & Industry Influence
-
Maintain strong relationships with regulators, law enforcement, and industry groups
-
Represent the Bank in external forums and contribute to sector-wide cybersecurity initiatives
-
Enhance the Bank’s reputation as a cybersecurity thought leader
Scope of Role
-
Enterprise-wide cybersecurity advisory influence
-
No direct reports; operates through influence and partnership
-
Broad engagement across cyber operations, engineering, governance, and risk functions
-
Direct access to executive leadership and key stakeholders
Success Measures
-
Acceleration of key cybersecurity initiatives
-
Improved operational execution and program maturity
-
Enhanced executive and board-level clarity on cybersecurity posture
-
Tangible risk reduction and resilience improvements
Minimum Experience Required
-
Bachelor’s degree and a minimum of 11 years’ cybersecurity and/or large technical program experience, which includes a minimum of 7 years’ cybersecurity experience, or in lieu of a degree, combined minimum of 15 years’ higher education and/or work experience including a minimum of 11 years’ cybersecurity and/or large technical program experience with a minimum of 7 years cybersecurity experience
-
Minimum of 4 years’ managerial experience
-
US Citizen and eligibility to obtain a US Government Security Clearance (within 12 months of start date)
Advanced knowledge of related cybersecurity functions
-
Ideal Experience
-
Previous CISO or Deputy CISO experience at a large financial institution
-
15+ years of progressive experience in cybersecurity, information security, or technology risk
-
Senior leadership experience within a large, highly regulated financial institution
-
Deep knowledge of cloud, data platforms, and modern engineering practices
-
Proven ability to translate strategy into measurable outcomes at scale
-
Experience leading complex, cross-functional initiatives
-
Strong understanding of regulatory expectations and cyber risk frameworks
-
Experience engaging with regulators, industry bodies, and government partners
M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $201,200.00 - $335,300.00 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.
Buffalo, New York, United States of America