Michigan IT Jobs

Mobile michigan-jobbank Logo

Job Information

Comerica Chief Information Security Officer, Senior Vice President (CISO) in Auburn Hills, Michigan

Senior Vice President, Chief Information Security Officer (CISO) The Chief Information Security Officer (CISO) is responsible for the enterprise-wide information security policy, strategy, architecture, operations, and capability enhancements of the bank. The position works directly for the EVP Technology & Operations, and with the CIO and Technology Leadership team, the Chief Risk Officer and Chief Technology Risk Officer as well as the rest of the senior leadership team on security strategy, capability enhancements, budget requirements, selection, retention and development of information security personnel and development of enterprise security awareness and accountability. The CISO oversees the creation, implementation and maintenance of information security strategy and policy, incident evaluation and response, corporate information security risk and regulatory status reporting efforts, and is responsible for the creation and roll-out of security awareness and training programs company-wide. The CISO advises and collaborates with a large variety of roles throughout the bank, ensures the bank's cybersecurity posture and response are maintained at a high standard, and is responsible for overall bank compliance with information security policies and standards. The CISO has overall responsibility for building an accountable, information security-conscious culture and a system security infrastructure built on high quality standards backed-up by effective operational procedures and overseen by a security governance program. Leadership and Strategy * Develop, implement, and monitor a strategic, comprehensive organization-wide information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the bank, leveraging the appropriate information security management framework (for example, ITIL, COBIT and/or NIST CSF) * Work directly with business unit/functional leaders and appropriate staff throughout the organization to facilitate: * Education on and business unit compliance with security policies. * Security risk assessment and risk management processes, and working to make risk-based decisions consistent with identified acceptable levels of residual risk. * Provide strategic security risk guidance for IT projects, including the evaluation and recommendation of technical and procedural controls and solutions. * Provide regular consistent reporting on the current status of the information security program to senior business leaders and the board of directors, as requested. Policy, Compliance and Enforcement * Ensure that the information security practices of the bank are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings. * Facilitate information security governance through implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board. * Develop, disseminate, monitor and maintain up-to-date security policies, standards, and practices. * Create, implement and communicate a risk-based process for vendor risk evaluation and management. * Create metrics and reporting framework to measure the efficiency and effectivenessof the security program, facilitate appropriate resource allocation and increase the maturity of the program. Risk Assessment and Incident Protection * Identify, respond to and manage security incidents to protect bank assets, including intellectual property, regulated and/or proprietary data, and the bank's valuation and reputation. * Consults with senior Technology and business leaders regarding their information security risks and responsibility in minimizing those risks. Lead team to develop, maintain, monitor and measure information security capabilities in support of the objectives above, including: * Proactive Network Remediation for Security Threats * Implement and Manage IDS / IPS solution, Penetration Testing * Log and Patch Management * Digital Forensics and eDiscovery * Compliance Management * Cyber Security Incident Response and Investigation * Security Operations Center and Security Incident and Event Management * Firewall Management * Identity and Access Management * Cybersecurity threat analysis, intelligence and reportin * Third-Party Security Assessments and Management * Enterprise Access Management, Active Directory, SSO Directory Federation * Antivirus Management (Rules, Whitelisting, etc.) * Network Device Security Hardening and Management * Compliance Management and Testing for regulatory banking and privacy (fraud prevention, AML/SOX/PCI/PII) * Security Assessments/Reviews * Research/Implement new security technologies * Management/Review of Physical Security * Network Security Architecture analysis, design, and integration * Endpoint Protection and Encryption * Internal and external vulnerability scanning * High-level project leadership related to security technology implementations * Corporate Incident Response Plans and Procedures - Bachelor's Degree in Computer Science or Information management OR 15 years of related experience in the Information Security Field up to a Chief Information Security level - 10 years of progressive experience in computing and information Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled