Business Information Security Specialist Dallas or Detroit metro

Description

Business Information Security Specialist

The Business Information Security Specialist assumes a multifaceted role, not only leading action-driven discussions on risk-related matters but also providing governance support and offering business consulting expertise across diverse lines of business. Armed with profound technical acumen in cybersecurity and bolstered by refined sales and presentation skills, the Specialist adeptly conveys the intricacies of risk implications, compelling decisive action within both business and technology & operations domains.

Serving as the central point of contact for engaging lines of business on Enterprise Security initiatives, the incumbent effectively communicates the risk dashboard and collaborates closely with risk leaders to optimize risk management strategies. Moreover, the Specialist plays a pivotal role in aligning business objectives with risk mitigation efforts, ensuring a harmonious integration that fosters a secure business environment safeguarding sensitive information.

In addition to their pivotal role in risk management, the Specialist also extends their expertise to provide governance support by developing and maintaining information security policies, standards, and procedures. They oversee compliance efforts, conduct risk assessments, and lead incident response efforts. Furthermore, they offer business consulting responsibilities by advising stakeholders on security best practices, assisting in strategic planning, and ensuring that security measures align with overall business goals and regulatory requirements. Through their comprehensive approach, the Business Information Security Specialist ensures that the organization remains resilient against evolving threats while fostering a culture of security and compliance across all levels of the enterprise.

Position Responsibilities:

Governance Support

Develop, maintain, and champion security governance frameworks involving the business.
Lead business security updates for lines of business during committee and organizational meetings.
Assist business with regulatory compliance to applicable laws and security regulations.
Compare proposed business solutions to applicable policies and procedures during project engagements.
Provide expert guidance in support of development, maintenance, and enforcement of information security standards and procedures.
Participate in line of business regulatory audits as primary Enterprise Security expert.
Provide expert advocacy on compliance with security policies throughout the business units.
Present relevant Key Risk Indicators to lines of business.

Line of Business Risk Liaison

Participate as stakeholders in business initiatives and lead Enterprise Security strategy within those initiatives.
Conduct regular risk and metrics updates with senior business leaders.
Primary point of contact for Enterprise Security initiatives requiring business engagement.
Assist in coordinating responses to security incidents involving the business, ensuring a timely and effective resolution.
Enforce Enterprise Risk Management best practices throughout the business lines in relation to security issues.
Emphasize the business unit’s role in identifying, escalating and debating security risks to business unit processes and data.
Exhibit relevant data points to business unit leaders which measure security risk.
Lead difficult conversions to drive process enhancement and risk reduction within lines of business.

Business Consulting

Analyze the threat and risk landscape to communicate key risks to lines of business.
Provide expert cyber and risk guidance and consultation to business unit leaders.
Be an advocate for security, enterprise risk management and regulatory compliance.
Align line of business unit and enterprise security strategy to best manage risk.
Work closely with technology and business units to integrate security measures into projects and operations.
Participate in conducting regular security audits and assessments.
Assist business with addressing assessment and incident findings.
Marshall line of business resources and support to effect cyber security strategy.

Security Awareness

Advance culture of security awareness within the broader enterprise.
Measure and reduce risk within the line of business through employee awareness training.
Identify areas within business lines for risk reduction and champion a culture of improvement.
Represent the Enterprise Security team as business-facing risk managers.

Position Qualifications:

Bachelor’s Degree from an accredited university in Computer Science, Engineering, or in a Cybersecurity/Technology related field OR equivalent through a combination of education and/or Cybersecurity/Technology experience OR 12 years of Cybersecurity/Technology experience
8 years of experience within Cybersecurity teams
6 years of experience in risk management
5 years of experience articulating complex topics with executive leaders
5 years of experience with common security and risk frameworks such as ISO 27001, NIST CSF, and COBIT 5
5 years of experience mediating between technology and business teams
5 years of experience in technology within financial services

Licenses/Certifications:

CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
CRISC (Certified Risk and Information Systems Control)

Work Best Category:

Category C – Days in the office will either be designated days or will vary week to week from 2-5 days

Hours:

8:00am – 5:00pm Monday – Friday

Salary:

To Be Determined Based on Individual Experience
About Comerica
We know our employees are critical to our overall success and we are dedicated to investing in their future. One of the ways we do this is to offer a comprehensive Total Rewards package designed to recognize and reward individual performance, as well support health, well-being, development and security for our colleagues and their family. Total Rewards consists of cash compensation, development and flexible benefit programs designed to meet individual needs today and in the future. Your salary will be commensurate with your work experience and our programs are reviewed regularly to ensure each remain competitive. We are proud to offer benefits such as health and welfare programs, strong retirement benefits, and generous paid time off programs. You and your eligible family members, including domestic partners and their children, can participate in medical, dental, and vision benefits, 401(k) and pension, income protection benefits such as life insurance, AD&D, and supplemental health programs to offset unexpected health care expenses. We also have a variety of time off programs for things like vacation, sick time, disability, and parental leave. Eligibility for some programs varies based on employment status and tenure.

Upon offer, Comerica conducts a comprehensive background and fingerprint check.

NMLS certification requirement: where applicable, a favorable background check screening, credit check, fingerprint check, and NMLS certification is required in accordance with the SAFE Act.

Comerica Incorporated (NYSE: CMA) is a financial services company headquartered in Dallas, Texas, and strategically aligned into three major business segments; the Commercial Bank, the Retail Bank, and Wealth Management. Comerica’s colleagues focus on relationships, and helping people and businesses be successful. In addition to Texas, Comerica Bank locations can be found in Arizona, California, Florida and Michigan, with select businesses operating in several other states, as well as in Canada and Mexico.

Comerica is proud to be an Equal Opportunity Employer – veterans/individuals with disabilities, committed to workplace diversity.