Director, Cyber Threat Intelligence (CTI)

Director, Cyber Threat Intelligence (CTI)

The Director, Cyber Threat Intelligence (CTI) leads an adversary-focused intelligence capability that enables proactive defense of BNY's global platforms, clients, and critical financial operations. This leader builds an all-source intelligence program that produces timely, decision-grade assessments; sets and manages intelligence requirements; and integrates CTI into detection engineering, incident response, vulnerability management, fraud, and executive risk decisions. The role operates with a high degree of discretion, rigor, and ethical judgment, and partners across internal teams and external intelligence communities.

Mission & outcomes

• Shift security from reactive to anticipatory defense by maintaining an accurate, current picture of the actors targeting BNY, their intent, capabilities, and evolving tactics.
• Improve resilience and risk prioritization by translating technical intelligence into business-relevant insights that influence controls, investment decisions, and operational readiness.
• Integrate intelligence into operational workflows so CTI measurably improves detection coverage, incident outcomes, patch/vulnerability prioritization, and fraud/abuse disruption.
• Provide credible executive and regulatory engagement through clear, defensible assessments and briefings aligned to enterprise risk appetite.

Key responsibilities

• Build and lead the CTI program : define the operating model (strategic, operational, tactical intelligence), establish analytic standards and tradecraft, and develop a high-performing team.
• Intelligence requirements & collection management : set Priority Intelligence Requirements (PIRs) aligned to BNY's highest-risk assets and business services; manage collection plans across internal telemetry and trusted external sources; ensure legal/ethical sourcing and handling.
• All-source analysis and production : produce actor profiles, campaign assessments, early-warning reporting, estimative intelligence, and post-incident intelligence that informs prevention and recovery.
• Operational integration : embed CTI into the SOC, detection engineering, threat hunting, incident response, vulnerability management, identity/access, and fraud teams; drive clear handoffs from intelligence to action.
• Executive communications : brief senior leaders with concise, decision-grade intelligence; communicate uncertainty, confidence levels, and recommended actions; maintain a clear linkage to business impact and operational risk.
• Cross-functional and global coordination : operate effectively across regions, time zones, and lines of business; coordinate in joint, interagency, and multinational-style environments with appropriate discretion.
• External intelligence partnerships : build and maintain trusted relationships with peer institutions, government and law-enforcement partners, and intelligence-sharing communities; represent BNY professionally and responsibly.
• Governance, metrics, and continuous improvement : establish KPIs that demonstrate CTI impact (detection improvements, time-to-triage, disruption outcomes, prioritization effectiveness); run after-action reviews and update requirements based on changing threats.
• Talent development : mentor analysts and leaders; build training paths, rotations, and tradecraft review; foster a culture of integrity, curiosity, and mission focus.

Operating model & key interfaces This role partners closely with the CISO organization, SOC/IR leadership, detection engineering, vulnerability management, fraud/financial crime, technology risk, and business continuity teams. Outputs are designed to be actionable—mapped to controls, detections, mitigations, and executive decisions. The leader is expected to operate with high discretion and strong information-handling discipline.

Qualifications (required)

• 12+ years of progressive experience in cyber threat intelligence, all-source intelligence, counterintelligence, national security, or closely related threat analysis roles, including leadership of analysts and/or intelligence programs.
• Demonstrated ability to define intelligence requirements, manage collection, and produce high-quality assessments that drive operational action (not just reporting).
• Strong analytic tradecraft: structured thinking, bias awareness, evidentiary rigor, and clear communication of confidence/uncertainty.
• Proven track record integrating CTI with security operations (SOC, threat hunting, incident response), detection engineering, and vulnerability management.
• Experience briefing senior executives and influencing risk decisions with concise, business-relevant intelligence.
• High integrity, sound judgment, and consistent discretion in handling sensitive information.

Qualifications (preferred)

• Experience in financial services, critical infrastructure, or other highly regulated environments with high availability and systemic risk considerations.
• Prior work in joint/interagency settings or with intelligence-sharing communities; experience building trusted external partnerships.
• Background spanning cyber and traditional intelligence disciplines (e.g., CI, SIGINT/HUMINT-driven analysis, strategic warning, collection management).
• Familiarity with common CTI frameworks and operationalization practices (e.g., ATT&CK mapping, intelligence requirements/PIRs, estimative language, analytic standards).
• Relevant certifications (examples): GIAC (GCTI, GCIA), CISSP, or equivalent; advanced degree in intelligence studies, cybersecurity, international relations, or related field.
• Ability to obtain and maintain a security clearance, if required for external partnership engagements.

Success profile

• Adversary-centric : thinks in terms of actors, intent, capability, access, and pathways to business impact.
• Action-oriented : turns intelligence into prioritized decisions, measurable control improvements, and operational outcomes.
• Calm under pressure : leads through incidents and ambiguous, fast-moving situations with disciplined judgment.
• Enterprise connector : builds alignment across security, technology, fraud/financial crime, and business stakeholders globally.
• Ethical and trusted : models discretion, integrity, and responsible intelligence handling in every interaction.