Director of Cyber Threat Intelligence

Role Overview

The Director of Cyber Threat Intelligence is responsible for leading the development and execution of a financial institution's cyber threat intelligence program. This role involves acting as the key point of contact for cyber intelligence issues, anticipating future security needs, and managing multi-disciplinary teams of technical and contextual analysts to protect the organization, its employees, and its members from cyber threats. This position serves as a cross functional glue that enables security to integrate closely with stakeholders across the business through threat informed decision making based off of intelligence and data driven analyses.This role acts as a crucial, cross-functional link, enabling the security team to seamlessly integrate with business stakeholders. This is achieved through data-driven analyses and intelligence that allow decision making to be threat informed.

Key Responsibilities

Program Leadership & Strategy

• Develop the CTI Program: Lead the creation and maturation of a comprehensive threat intelligence program tailored specifically to the financial services industry, ensuring it aligns with business requirements and regulatory environments.
• Team Management: Oversee, train, and mentor a team of threat intelligence engineers and analysts, fostering a culture of continuous learning. This includes managing personnel actions, budgets, and operational projects.
• Strategic Direction: Clearly define program roadmap through gap analysis, provide thought leadership to improve awareness across the organization, and act as a strategic advisor to management and steering committees.

Intelligence Collection & Analysis

• Threat Intelligence Platform: Deploy and maintain a threat intelligence platform responsible for the intake, structuring, and distribution of threat intelligence to relevant teams.
• Data Ingestion & Aggregation: Manage the engineering processes for ingesting threat intelligence data from commercial, open-source, and internal resources.
• Threat Monitoring & Research: Continuously monitor the threat landscape to identify emerging threats, vulnerabilities, and the macroeconomic interests of attackers.
• Requirements Management: Lead collection strategies focusing on Priority Intelligence Requirements (PIR) and Strategic Intelligence Requirements (SIR), identifying intelligence gaps and developing plans to mitigate risks.
• Data Analysis: Conduct qualitative and quantitative analysis of large datasets and multiple data sources to assess potential risks to the organization's international operations and assets.

Reporting & Dissemination

• Product Review: Draft, review, and edit intelligence products and briefings from multiple sources.
• Stakeholder Communication: Present complex technical data and risk assessments in clear, non-technical terms to diverse audiences, including senior executives and incident response teams.
• Documentation: Write and revise policies, standards, guidelines, and procedures related to cyber risk and intelligence.

Cross-Functional & External Collaboration

• Internal Partnership: Work closely with security operations, IT, Legal, Fraud Risk, and other stakeholders to integrate intelligence into enterprise workflows and address control gaps.
• External Networking: Collaborate with external partners, industry forums, and government agencies to share intelligence and enhance the bank's capabilities.

Required Qualifications and Skills

• 7+ years of experience in cybersecurity, threat intelligence, operations, or risk management.
• Bachelor’s or advanced degree in Cybersecurity, Computer Science, or a related field.
• Demonstrated ability to lead teams effectively within a dynamic operational setting.

• Proven experience in deploying and maintaining Threat Intelligence Platforms (TIP) and open-source intelligence (OSINT) tools.
• Candidates must demonstrate a proven track record in engineering robust and scalable cybersecurity or threat intelligence solutions. This includes developing tools, integrating services, and building platforms specifically for areas such as threat detection, hunting, and vulnerability management, or related disciplines..
• In-depth knowledge of cyber threats, attack methodologies (such as the MITRE ATT&CK framework or the cyber kill chain), and vulnerabilities relevant to financial networks.
• Familiarity with Security Information and Event Management (SIEM), SOAR tools, dissemination of intelligence through automation to security controls.

• Exceptional written and verbal communication and presentation skills, capable of negotiating and influencing stakeholders at a senior level.
• Strong critical reasoning, problem-solving, and project management abilities.
• Ability to remain calm under pressure, handle multiple conflicting tasks, and maintain strict confidentiality regarding sensitive intelligence.
• Experience integrating artificial intelligence or machine learning capabilities into cybersecurity or threat intelligence workflows, such as automation of threat analysis, detection enrichment, or large-scale data analysis.