We invite you to explore the award-winning culture, people, rewards and opportunities that make Comerica Bank so special. Make your next career choice a confident one.
Job Description Technology and Cybersecurity Risk Director The Technology & Cyber Risk Director is responsible for providing oversight, guidance, and independent challenge to the first line of defense regarding the management of technology and cyber risks. This position involves developing and implementing risk management frameworks, policies, and procedures, conducting risk assessments, and ensuring compliance with regulatory requirements. The director will collaborate with various stakeholders to enhance the Bank's cybersecurity posture and technology risk management practices.
Position Responsibilities Plan Develop and implement comprehensive technology and cybersecurity risk management frameworks and policies.Ensure alignment with regulatory requirements and industry best practices.Develop and deliver training programs to enhance awareness of technology and cybersecurity risk across the Bank.Provide oversight of the creation and implementation of compliance technology and cybersecurity policies and procedures, technology and tools, and governance processes for technology and cybersecurity.Provide oversight of planning and implementation of technology and cybersecurity programs including their governance, identification of risk and controls.Oversee the implementation of technology and cybersecurity policies and standards.Ensure compliance with relevant regulatory requirements and internal policies.Coordinate with internal and external auditors for technology and cybersecurity risk audits.Implement guidance for overseeing technology and cyber operational risk, aligned with OCC Heightened Standards and other regulations.Assess Responsible for providing effective challenge to the first line with respect to the technology and cyber security program that includes technology and cybersecurity, policies, compliance, and governance.Conduct regular risk assessments and evaluations of technology and cybersecurity risks and provide appropriate challenge.Analyze potential threats and vulnerabilities, and their impact on the organization.Provide independent challenge to risk assessments conducted by the first line of defense/business risk control office.Provide counsel on best practices leveraging expertise and industry insights.Monitor and Report Evaluate the design of controls and communicate the impact of control weaknesses to first line teams.Establish key risk indicators (KRIs) and metrics to monitor technology and cybersecurity risks.Prepare and present risk reports to senior management and the board of directors.Monitor current and emerging risks and changes to laws and regulations.Ensure timely escalation of critical risks and incidents.Oversee the incident response process and ensure effective management of technology and cyber incidents.Conduct post-incident reviews and recommend improvements to prevent future occurrences.Leadership Lead oversight of the Technology Risk Pillar, to support heightened focus on technology risk management enterprise wide.Provide leadership to the second line to influence, advise and challenge operational security capability.Represent in various steering committees and working groups.Present and lead discussions with key regulators, and internal and external auditors.Actively engage in the industry on the latest in technology and cybersecurity risk and emerging operational risks.Promote a risk aware culture through regular communication and education initiatives.Position Qualifications Bachelors degree from an accredited university in information technology, Cybersecurity, or a minimum of four years in working directly in Technology and/or Cybersecurity field.10 or more years of experience in technology and/or cybersecurity risk management.10 or more years managing multiple technology systems and processes, including the analysis of complex system architecture, data warehouses, and third-party applications and applicable controls.8 years of experience in developing and administering information security policies, with required working knowledge of Sarbanes-Oxley, ISO Certifications, and Data Privacy laws and regulations.5 years of experience in developing and implementing risk management frameworks and policy in the technology and/or cybersecurity area of responsibility.5 years effective communication and interpersonal skills, with the ability to influence and collaborate with stakeholders at all levels.5 years leading a team through a fast-paced dynamic environment and shifting priorities.5 years experience in a financial services or other highly regulated industry.Licenses/Certifications Preferred: CISSP (Certified Information Systems Security Professional)Preferred: CISM (Certified Information Security Manager)Work Hours 8:00am - 5:00pm Monday - Friday
WorkBest Job Category Category C - Days in the office will either be designated days or will vary week to week from 2-5 days
Salary Range Work Location(s) About Comerica We know our employees are critical to our overall success and we are dedicated to investing in their future. One of the ways we do this is to offer a comprehensive Total Rewards package designed to recognize and reward individual performance, as well support health, well-being, development and security for our colleagues and their family. Total Rewards consists of cash compensation, development and flexible benefit programs designed to meet individual needs today and in the future. Your salary will be commensurate with your work experience and our programs are reviewed regularly to ensure each remain competitive.
Upon offer, Comerica conducts a comprehensive background and fingerprint check.
NMLS certification requirement: where applicable, a favorable background check screening, credit check, fingerprint check, and NMLS certification is required in accordance with the SAFE Act.
Comerica Incorporated (NYSE: CMA) is a financial services company headquartered in Dallas, Texas, and strategically aligned into three major business segments; the Commercial Bank, the Retail Bank, and Wealth Management. Comerica's colleagues focus on relationships, and helping people and businesses be successful.
#J-18808-Ljbffr