Chief Information Security Officer, Senior Vice President (CISO) - Comerica Bank - Auburn Hills, MI

Senior Vice President, Chief Information Security Officer (CISO) The Chief Information Security Officer (CISO) is responsible for the enterprise-wide information security policy, strategy, architecture, operations, and capability enhancements of the bank. The position works directly for the EVP Technology & Operations, and with the CIO and Technology Leadership team, the Chief Risk Officer and Chief Technology Risk Officer as well as the rest of the senior leadership team on security strategy, capability enhancements, budget requirements, selection, retention and development of information security personnel and development of enterprise security awareness and accountability. The CISO oversees the creation, implementation and maintenance of information security strategy and policy, incident evaluation and response, corporate information security risk and regulatory status reporting efforts, and is responsible for the creation and roll-out of security awareness and training programs company-wide. The CISO advises and collaborates with a large variety of roles throughout the bank, ensures the bank's cybersecurity posture and response are maintained at a high standard, and is responsible for overall bank compliance with information security policies and standards. The CISO has overall responsibility for building an accountable, information security-conscious culture and a system security infrastructure built on high quality standards backed-up by effective operational procedures and overseen by a security governance program. Leadership and Strategy Develop, implement, and monitor a strategic, comprehensive organization-wide information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the bank, leveraging the appropriate information security management framework (for example, ITIL, COBIT and/or NIST CSF) Work directly with business unit/functional leaders and appropriate staff throughout the organization to facilitate: Education on and business unit compliance with security policies. Security risk assessment and risk management processes, and working to make risk-based decisions consistent with identified acceptable levels of residual risk. Provide strategic security risk guidance for IT projects, including the evaluation and recommendation of technical and procedural controls and solutions. Provide regular consistent reporting on the current status of the information security program to senior business leaders and the board of directors, as requested. Policy, Compliance and Enforcement Ensure that the information security practices of the bank are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings. Facilitate information security governance through implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board. Develop, disseminate, monitor and maintain up-to-date security policies, standards, and practices. Create, implement and communicate a risk-based process for vendor risk evaluation and management. Create metrics and reporting framework to measure the efficiency and effectivenessof the security program, facilitate appropriate resource allocation and increase the maturity of the program. Risk Assessment and Incident Protection Identify, respond to and manage security incidents to protect bank assets, including intellectual property, regulated and/or proprietary data, and the bank's valuation and reputation. Consults with senior Technology and business leaders regarding their information security risks and responsibility in minimizing those risks. Lead team to develop, maintain, monitor and measure information security capabilities in support of the objectives above, including: Proactive Network Remediation for Security Threats Implement and Manage IDS / IPS solution, Penetration Testing Log and Patch Management Digital Forensics and eDiscovery Compliance Management Cyber Security Incident Response and Investigation Security Operations Center and Security Incident and Event Management Firewall Management Identity and Access Management Cybersecurity threat analysis, intelligence and reportin Third-Party Security Assessments and Management Enterprise Access Management, Active Directory, SSO Directory Federation Antivirus Management (Rules, Whitelisting, etc.) Network Device Security Hardening and Management Compliance Management and Testing for regulatory banking and privacy (fraud prevention, AML/SOX/PCI/PII) Security Assessments/Reviews Research/Implement new security technologies Management/Review of Physical Security Network Security Architecture analysis, design, and integration Endpoint Protection and Encryption Internal and external vulnerability scanning High-level project leadership related to security technology implementations Corporate Incident Response Plans and Procedures

Bachelor's degree in Computer Science, Engineering, Information Systems, Cyber Security, Business or similar academic discipline or 10-15 years of relevant experience required or an equivalent combination of education and experience sufficient to perform the essential functions of the job, as determined by the bank Certification in either CISSP, CISM, CRISC, CISA, CFE (In preference order) Knowledge of regulatory requirements and information security management frameworks, including ISO/IEC 27001, ITIL, SOX, PCI, and NIST CSF Experience with banking sector and regulations Must possess excellent customer service skills and work well under pressure Ability to multitask, meet deadlines, and work in a fast-paced environment Ability develop and manage information security budgets and monitor them for variances Understanding of secure coding practices, SDLC and Agile methodologies Knowledge, Skills and Abilities Excellent, transparent, and persuasive communication and presentation skills with the ability to distill complex information for non-technical audiences Demonstrated ability to communicate and collaborate with corporate executives and board members Collaborative, inspirational, passionate, and driven leader who creates open channels of communications and encourages constructive dialogue Demonstrated ability to build solid working relationships of credibility and trust with teammates, business leaders, and stakeholders with a business focus while exhibiting integrity and genuine care Strategic thinker and innovative problem solver who uses critical thinking approaches to proactively solve a broad range of problems across business processes and related technologies Auburn Hills Operations Center
8:00am - 5:00pm Monday - Friday

Expired, click here to search for relevant jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.