Director, Cyber Threat Intelligence (CTI)

About The Position

Requirements

• 12+ years of progressive experience in cyber threat intelligence, all-source intelligence, counterintelligence, national security, or closely related threat analysis roles, including leadership of analysts and/or intelligence programs.
• Demonstrated ability to define intelligence requirements, manage collection, and produce high-quality assessments that drive operational action (not just reporting).
• Strong analytic tradecraft: structured thinking, bias awareness, evidentiary rigor, and clear communication of confidence/uncertainty.
• Proven track record integrating CTI with security operations (SOC, threat hunting, incident response), detection engineering, and vulnerability management.
• Experience briefing senior executives and influencing risk decisions with concise, business-relevant intelligence.
• High integrity, sound judgment, and consistent discretion in handling sensitive information.

Nice To Haves

• Experience in financial services, critical infrastructure, or other highly regulated environments with high availability and systemic risk considerations.
• Prior work in joint/interagency settings or with intelligence-sharing communities; experience building trusted external partnerships.
• Background spanning cyber and traditional intelligence disciplines (e.g., CI, SIGINT/HUMINT-driven analysis, strategic warning, collection management).
• Familiarity with common CTI frameworks and operationalization practices (e.g., ATT&CK mapping, intelligence requirements/PIRs, estimative language, analytic standards).
• Relevant certifications (examples): GIAC (GCTI, GCIA), CISSP, or equivalent; advanced degree in intelligence studies, cybersecurity, international relations, or related field.
• Ability to obtain and maintain a security clearance, if required for external partnership engagements.

Responsibilities

• Build and lead the CTI program: define the operating model (strategic, operational, tactical intelligence), establish analytic standards and tradecraft, and develop a high-performing team.
• Intelligence requirements & collection management: set Priority Intelligence Requirements (PIRs) aligned to BNY’s highest-risk assets and business services; manage collection plans across internal telemetry and trusted external sources; ensure legal/ethical sourcing and handling.
• All-source analysis and production: produce actor profiles, campaign assessments, early-warning reporting, estimative intelligence, and post-incident intelligence that informs prevention and recovery.
• Operational integration: embed CTI into the SOC, detection engineering, threat hunting, incident response, vulnerability management, identity/access, and fraud teams; drive clear handoffs from intelligence to action.
• Executive communications: brief senior leaders with concise, decision-grade intelligence; communicate uncertainty, confidence levels, and recommended actions; maintain a clear linkage to business impact and operational risk.
• Cross-functional and global coordination: operate effectively across regions, time zones, and lines of business; coordinate in joint, interagency, and multinational-style environments with appropriate discretion.
• External intelligence partnerships: build and maintain trusted relationships with peer institutions, government and law-enforcement partners, and intelligence-sharing communities; represent BNY professionally and responsibly.
• Governance, metrics, and continuous improvement: establish KPIs that demonstrate CTI impact (detection improvements, time-to-triage, disruption outcomes, prioritization effectiveness); run after-action reviews and update requirements based on changing threats.
• Talent development: mentor analysts and leaders; build training paths, rotations, and tradecraft review; foster a culture of integrity, curiosity, and mission focus.