Comerica Management Co Inc. Chief Information Security and Operational Risk O in Auburn Hills, Michigan

Internal Ref: 5000384247206Job DescriptionReporting Information/Location:This Chief Information Security Officer position is located at 3551 Hamlin, Auburn Hills, Michigan and reports to the Executive Vice President, Fraud Investigations and Compliance Director. This position has direct reports.Position Responsibilities:Responsible for providing effective challenge to the first line with respect to the cyber security program that includes cybersecurity, information security policies, compliance and governance with the expanded scope to include internal employees, external customers (retail, small business and commercial), financial and regulatory agencies, and supplier partners.* Chair the Information Risk Working Group, including agenda setting and risk exception monitoring.* Provide effective challenge to the corporation's technology investment prioritization as well as technology planning and budgeting process.* Provide an independent assessment of the corporation's cyber security program to the Board of Directors including an assessment of the adequacy of funding at least annually.* Co-develop the Security Awareness program with the first line.* Co-develop the IT Risk section of the Aggregate Risk Report with the first line to report to the Enterprise Risk Committee of the Board of Directors at each meeting.* Interact with both the Federal Reserve Bank and the Texas Department of Banking as it relates to technology and operational risk matters.Operational Risk Management:Oversee the Risk Assessment Processes for most of Operational risks including RCSA, Third Party, New Product and Technology Risks.* Develop the technology capabilities for consistent risk reporting and aggregation across the risk pillars.* Oversee the Risk Assessment Processes for technology risk assessments including the Inherent Information Risk Assessment and the Residual Information Risk Assessment.Corporate Compliance:Responsible for providing strategic management, oversight and supervision of Comerica's Corporate Compliance Department which includes Compliance Risk Management, Compliance Risk Control, the Office of Enterprise-Wide Compliance and the Community Reinvestment Act (CRA) functions.* Act as primary liaison with consumer compliance regulators (CFPB, FRB and TDoB).Enterprise Risk Technology:The position is responsible for leadership of overall Enterprise Risk Technology effectiveness, including:* Analytics technology and its impact on the Company's risk management practices; the oversight of the Enterprise Risk technology portfolio and strategy; corporate-wide risk evaluation associated with technology project portfolio management; and for production and maintenance of certain regulatory reporting.* It is also responsible for oversight and effective challenge of documented processes and control points for CCAR processes covering CCAR and DFAST stress testing, FR Y-14 M, Q, and A schedules.Qualifications* Bachelor's degree from an accredited university* 10 years of experience in the Information Security field* 10 years of progressive experience in technology, computing and information security, including experience with internet technology and security issues within the financial services marketplace* 8 years of experience in developing and administering information security policies, required working knowledge of Sarbanes-Oxley, ISO Certifications and Data Privacy laws and regulations.* 8 years of experience consulting corporate executives in Information Security initiatives* 8 years of experience in banking compliance and/or risk management experience, including overall operational risk managementWork Schedule8:00am - 5:00pm Mond