CGEIT - Certified in the Governance of Enterprise IT
CISM - Certified Information Security Manager
CRISC - Certified in Risk and Information Systems Control
ISACA Implementing the NIST Cybersecurity Framework Using COBIT 2019 Certificate
The Technology and Cyber Risk Manager role has overall responsibility for the development and maintenance of second line of defense technology and information risk management, including oversight of cyber risk. risk assessment methodologies for Comerica’s IT applications and supporting infrastructure, oversight of IT policy/standards development, and evaluation of the suitability of IT risk acceptances in context of risk appetite. Maintenance of the technology and information-related risk management and risk reporting framework, including identification and reporting of key IT risks and Key Risk Indicators (KRIs), risk control self-assessments (RCSAs) for risks related to the achievement of Comerica’s IT objectives, and participation in and management of IT governance committees.
Manage and leading others; coaching and development of reports; results driven; planning and organizing; decisive judgment
Maintain methodology and facilitate execution of inherent and residual IT application risk assessments and other technology risk assessments
Challenge IT policy/standards development to ensure conformity with best practices and regulatory guidelines/requirements ((i.e. FFIEC, AIBE, PCI DSSSOX, GLBA, HIPAA, etc.)
Maintain the technology- and information-related risk management framework/taxonomy, including identification and reporting of IT risks and Key Risk Indicators (KRIs) and ensure integration with Enterprise Risk Management (ERM) framework
Monitor and challenge key cyber security processes, system development, and technology operations processes, including Data Encryption Methods
Monitor, oversee, and track technology/IT policy-related risk acceptances
Participate in and/or manage IT risk oversight committees
Oversee/challenge risk control self-assessments (RCSAs) for risks related to the achievement of Comerica’s IT objectives
Utilize knowledge/experience with industry best practices and standards (i.e.NIST, ISO, COBIT, FAIR, etc.)
Utilize knowledge/experience with cyber security tool applications, Network Security Design, OS background and/or experience with multi-platforms: UNIX, Windows to provide independent challenge
Leverage experience related to CGEIT, CISSP, CRISC, or CISM
Experience Securing Cloud deployments is a plus (i.e. AWS, Azure, GCP, etc.).
Bachelor’s degree in Technology, Computer Science, Business, Finance, or related field from an accredited university
10 years of experience in technology, cyber security, information risk management or related field
2 years of experience leading teams and/or managing personnel
Telecommuting is allowed.
Additional Salary Information: Annual
Internal Number: 215572
BACK TO TOP
ISACA Career Centre is Just One of the Benefits.
Discover what else ISACA has to offer!
The job you are trying to reach from was originally posted at ISACA Career Centre.