Michigan IT Jobs

Mobile michigan-jobbank Logo

Job Information

Comerica Management Co Inc. Chief Information Security Officer, Senior Vice P in Auburn Hills, Michigan

divSenior Vice President, Chief Information Security Officer (CISO)/divdivThe Chief Information Security Officer (CISO) is responsible for the enterprise-wide information security policy, strategy, architecture, operations, and capability enhancements of the bank. The position works directly for the EVP Technology Operations, and with the CIO and Technology Leadership team, the Chief Risk Officer and Chief Technology Risk Officer as well as the rest of the senior leadership team on security strategy, capability enhancements, budget requirements, selection, retention and development of information security personnel and development of enterprise security awareness and accountability.The CISO oversees the creation, implementation and maintenance of information security strategy and policy, incident evaluation and response, corporate information security risk and regulatory status reporting efforts, and is responsible for the creation and roll-out of security awareness and training programs company-wide. The CISO advises and collaborates with a large variety of roles throughout the bank, ensures the bank's cybersecurity posture and response are maintained at a high standard, and is responsible for overall bank compliance with information security policies and standards.The CISO has overall responsibility for building an accountable, information security-conscious culture and a system security infrastructure built on high quality standards backed-up by effective operational procedures and overseen by a security governance program.Leadership and Strategyullispanspan /span/spanspanDevelop, implement, and monitor a strategic, comprehensive organization-wide information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the bank, leveraging the appropriate information security management framework (for example, ITIL, COBIT and/or NIST CSF)/span/lilispanspan /span/spanspanWork directly with business unit/functional leaders and appropriate staff throughout the organization to facilitate:/spanullispanEducation on and business unit compliance with security policies./span/lilispanSecurity risk assessment and risk management processes, and working to make risk-based decisions consistent with identified acceptable levels of residual risk./span/li/ul/liliProvide strategic security risk guidance for IT projects, including the evaluation and recommendation of technical and procedural controls and solutions./liliProvide regular consistent reporting on the current status of the information security program to senior business leaders and the board of directors, as requested./li/uldivand#160;/divdivPolicy, Compliance and Enforcement/divdivullispanspan /span/spanspanEnsure that the information security practices of the bank are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings./span/lilispanspan /span/spanspanFacilitate information security governance through implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board./span/lilispanspan /span/spanDevelop, disseminate, monitor and maintain up-to-date security policies, standards, and practices./lilispanspan /span/spanspanCreate, implement and communicate a risk-based process for vendor risk evaluation and management./spanl