-
Business Information Security Specialist The Business Information Security Specialist assumes a multifaceted role, not only leading action-driven discussions on risk-related matters but also providing governance support and offering business consulting expertise across diverse lines of business. Armed with profound technical acumen in cybersecurity and bolstered by refined sales and presentation skills, the Specialist adeptly conveys the intricacies of risk implications, compelling decisive action within both business and technology & operations domains. Serving as the central point of contact for engaging lines of business on Enterprise Security initiatives, the incumbent effectively communicates the risk dashboard and collaborates closely with risk leaders to optimize risk management strategies. Moreover, the Specialist plays a pivotal role in aligning business objectives with risk mitigation efforts, ensuring a harmonious integration that fosters a secure business environment safeguarding sensitive information. In addition to their pivotal role in risk management, the Specialist also extends their expertise to provide governance support by developing and maintaining information security policies, standards, and procedures. They oversee compliance efforts, conduct risk assessments, and lead incident response efforts. Furthermore, they offer business consulting responsibilities by advising stakeholders on security best practices, assisting in strategic planning, and ensuring that security measures align with overall business goals and regulatory requirements. Through their comprehensive approach, the Business Information Security Specialist ensures that the organization remains resilient against evolving threats while fostering a culture of security and compliance across all levels of the enterprise. Position Responsibilities: Governance Support Develop, maintain, and champion security governance frameworks involving the business. Lead business security updates for lines of business during committee and organizational meetings. Assist business with regulatory compliance to applicable laws and security regulations. Compare proposed business solutions to applicable policies and procedures during project engagements. Provide expert guidance in support of development, maintenance, and enforcement of information security standards and procedures. Participate in line of business regulatory audits as primary Enterprise Security expert. Provide expert advocacy on compliance with security policies throughout the business units. Present relevant Key Risk Indicators to lines of business. Line of Business Risk Liaison Participate as stakeholders in business initiatives and lead Enterprise Security strategy within those initiatives. Conduct regular risk and metrics updates with senior business leaders. Primary point of contact for Enterprise Security initiatives requiring business engagement. Assist in coordinating responses to security incidents involving the business, ensuring a timely and effective resolution. Enforce Enterprise Risk Management best practices throughout the business lines in relation to security issues. Emphasize the business unit\'s role in identifying, escalating and debating security risks to business unit processes and data. Exhibit relevant data points to business unit leaders which measure security risk. Lead difficult conversions to drive process enhancement and risk reduction within lines of business. Business Consulting Analyze the threat and risk landscape to communicate key risks to lines of business. Provide expert cyber and risk guidance and consultation to business unit leaders. Be an advocate for security, enterprise risk management and regulatory compliance. Align line of business unit and enterprise security strategy to best manage risk. Work closely with technology and business units to integrate security measures into projects and operations. Participate in conducting regular security audits and assessments. Assist business with addressing assessment and incident findings. Marshall line of business resources and support to effect cyber security strategy. Security Awareness Advance culture of security awareness within the broader enterprise. Measure and reduce risk within the line of business through employee awareness training. Identify areas within business lines for risk reduction and champion a culture of improvement. Represent the Enterprise Security team as business-facing risk managers. Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
-
Principal Cyber Vulnerability Engineer The Cyber Vulnerability Operations Team consists of both the Application Security (AppSec) teams and the Vulnerability Management Operations (VM Ops) teams. Together, the Vulnerability Operations team collaborates with peers across Comerica to provide visibility into vulnerabilities within applications and infrastructure and ensures they are remediated, as well as facilitates and enforces the use of secure development practices across the bank. The Principal Cyber Vulnerability Operations Engineer role is responsible for vulnerability scanning, prioritizing vulnerabilities, and driving remediations while partnering with the application and infrastructure teams. The ideal candidate for this role will have hands-on expertise working in vulnerability management and operations and will have knowledge of tools and technologies such as Qualys, PowerBI, attack surface management, Cloud, and expertise in at least one programming language. This candidate will be experienced working with cross-functional teams in vulnerability management and prioritization and will have the ability to automate while using a programming language. The ideal candidate with have technical and non-technical risk and vulnerability assessment background in network, infrastructure, and application space, as well as experience with ServiceNow VR module added plus. CISSP/SANS/Cloud Certification desired. Position Responsibilities: Vulnerability Management Operations Perform vulnerability assessments and common baseline control scans across the Comerica environment and report on Key Risks Indicators (KRIs). Lead security vulnerabilities and risk management activities across Comerica, including identifying vulnerabilities and supporting application/system owners to manage risks/remediate vulnerabilities. Establish and mature processes around vulnerability management, remediation, and reporting. Lead key projects such as vulnerability prioritization to remediate critical key vulnerabilities. Participate in vendor evaluations and selection for vulnerability management products, such as external attack surface management. Implement and support those products on a continuous basis. Stay current on vulnerability management best practices across the industry. Administration & Reporting Develop a comprehensive set of metrics to track on enterprise risks and remediation trends and keep Management informed of them through accurate, timely, and appropriate reporting. Support monthly KRI reporting through data collection, working with application and infrastructure teams to remediate vulnerabilities. Create presentations based off KRI materials and keep Management informed of them. Technical Consulting & Communication Drive technical excellence and implementation of vulnerability management best practices in collaboration with technology teams across the enterprise. Provide consultation to and work closely with other functional infrastructure areas/departments on multiple initiatives to meet common organizational/business goals and objectives. Collaborate with business units, application and infrastructure teams, and vendors to identify, review and evaluate solution requirements. Automate existing manual processes in order to create improved processes and create faster delivery. Coach and mentor more junior team members and application teams on vulnerability remediation efforts. Risk Management Identify and communicate gaps in our vulnerability management practices. Participate in Red Team exercises to identify potential vulnerabilities proactively. Partner with application and infrastructure owners to provide consulting on vulnerability remediation to allow them to appropriately remediate large highly complex vulnerabilities within the SLA (service level agreement) and reduce risk for the bank. Develop cyber vulnerability analysis for known vulnerabilities, as well as cyber-related metrics and reporting deliverables. Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
-
Consumer Digital Solution Architect Comerica is excited to be enhancing our architecture team and is looking for a qualified Solution Architect that will focus on developing new digital commercial banking solutions leveraging full stack development, AWS Cloud Native technologies and understanding of micro frontend architecture. Solution architects will need to provide deep expertise of the overall systems architecture across all layers including web, mobile native, application, database, operating system, network, and security. Thorough understanding of the business and application inter-dependencies across the business domains will be key to long term success in the role. Experience in React, React Native, Okta and AWS are highly preferred. Daily you can expect to complete activities such as: Coordinating project technical activities. Translate the technical architecture design into functional deliverables. Oversee and mentor project engineers. Ensure technological risks are accounted for and solutions meet requirements. Code and develop application software to be effectively designed, built, and tested to design specifications. Assisting with the evaluation and recommendation of relevant technology, tools and practices aligned with the business strategy and priorities. Deliverables you will be accountable for include: Owning the low-level technical design document. Owning the system integration design. Assigning team code development tasks. Code reviews for development team. Functional proof of concepts to validate solution as appropriate. Creating reusable patterns from projects for enterprise reuse. Position Responsibilities: Innovation Perform research activities to identify emerging technologies and trends that may affect the enterprise. Maintain awareness of vendor/product industry developments, regulations and trends and identify potential impacts to the enterprise. Assist in vendor/product selection activities including the development of vendor/product evaluation models used in Requests for Proposal (RFP\'s). Design and oversee efforts in building effective bank specific Proof of Concept demonstrations and socialize the results throughout the enterprise and all levels of management. Strategy Lead or support enterprise capability definition aligned with business strategy. Provide technical/business consulting to internal IS organizations and client-sponsored activities outside of IS. Acquire and maintain deep understanding of Comerica\'s business domain specific business processes, supporting applications, integrations & dependencies, security model, technology constraints & limitations. Analyze the business drivers that determine key architecture requirements. Highly engaged and drive strategic domain specific initiatives and programs from a technology perspective. Develops and maintains strong relationships with business domain leadership to keep track of changing business needs and priorities. Enterprise Architecture Governance Perform technical architecture planning activities. Facilitate and develop architectural standards for key technologies. Mentor Agile/DevOps practices and procedures among domain teams. Facilitate the development and evolution of the architecture and global governance processes. Define and facilitate the process for approving architecture principles and standards. Develop, collect and analyze Enterprise Architecture metrics to identify continual improvement opportunities. Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
-
SOC Analyst III The Security Operations Center is responsible for providing 24/7, 365 monitoring, detection, and response capabilities for Comerica. This includes event, cloud security, and DLP monitoring, as well as a role in the incident response process. The Tier 3 SOC Analyst serves as an escalation point for Tier 1 and Tier 2 Analysts within the SOC and provides advanced analytical and investigation support for complex incidents to assist in containment and mitigation of threats. The Tier 3 Security Operation Center (SOC) Analyst is responsible for providing oversight during day-to-day operational tasks for Tier 1 and 2 analysts within the SOC, as well as advanced technical investigation capabilities to respond to security incidents. The analyst will serve as the escalation point for all SOC analysts, and as an interface with the Advanced Threat Hunt and Intelligence team for the SOC. Position Responsibilities Security Operations Center (SOC) Analysis Provides advanced technical investigation and forensics capabilities across malware, phishing, cloud access security brokers (CASB), network, and configuration compliance domains. Responds to and mitigates security incidents based on defined process and procedures to contain and eradicate threats. Resolves or escalates investigations to CSIRT as required, in coordination with the SOC Manager. Interfaces with the threat hunting and threat intelligence teams to build proactive searches / signatures in the SIEM or security application to enhance detection capabilities. Performs sampled reviews of investigated incidents by Tier 1/Tier 2 Analysts to improve ticket quality and provides feedback to coach junior Analysts. Documentation and Support Participates in the development / enhancement of process and technologies impacting the SOC and the broader Cyber Defense Operations function. Collaborates closely with the SOC Manager to develop recommendations and/or technical implementations to improve workflows within the SOC, including the use of automation and optimization of processes. Collaborates with other Engineering and Operations teams within Comerica to troubleshoot, respond, and improve detection capabilities. Handles sensitive information in accordance with the Corporate Information Protection Policy. Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
-
Allied Universal®, North America’s leading security and facility services company, provides rewarding careers that give you a sense of purpose. While working in a dynamic, diverse and inclusive workplace, you will be part of a team that fuels a culture that will reflect in our communities and customers we serve. We offer medical, dental and vision coverage, life insurance, retirement plan, employee assistance programs, company discounts, perks and more for most full-time positions!
-
We would like to introduce to you ContiTech Surface Solutions’ latest innovation, the BAL.ON Smart Kit – a smart insole for golf.
-
We would like to introduce to you ContiTech Surface Solutions’ latest innovation, the BAL.ON Smart Kit – a smart insole for golf.
