Senior Enterprise Security Vendor Specialist The Senior Enterprise Security Vendor Specialist is responsible for performing comprehensive enterprise security risk assessments for entities that provide IT services external to Comerica Bank. This includes utilizing technical skills and strong familiarity with relevant security frameworks and applicable laws such as, but not limited to ISO, SOC 2, NIST, SOX, CCPA, etc. to ensure that third parties meet the expected residual risk appetite of the bank. The Senior Enterprise Security Vendor Specialist is responsible for reviewing system/policy documentation and performing Enterprise Security risk assessments to ensure controls are effective, validated, and monitored in accordance with internal policies and industry best practices. This role provides extensive analysis and technical oversight for Enterprise Security risk related issues/risk exposures based on current threat landscapes. The Senior Enterprise Security Vendor Specialist is expected to take ownership of core competencies, and to provide expert knowledge and support. Job responsibilities: Enterprise Security Risk Assessments Perform comprehensive enterprise security assessments of third-party service providers pertaining to evaluation of applicable policies procedures and controls. Review third party documentation, security requirements, and perform risk assessments to ensure controls are effective, validated, and monitored in accordance with internal policy and industry best practices. Provide risk analysis and guidance pertaining to emerging threats that may impact Comerica. Ensures compliance and control activities support technology and enterprise business objectives and are aligned with enterprise risk appetite. Identify risk related issues and recommend remediation approach. Perform vendor on-site assessments and evaluations. Keep up to date on emerging trends and security industry changes. Delivery Planning and Execution Participate in projects related to third party vendors. Assist Lead in scheduling vendor on-site assessments. Conduct third party supplier contract reviews as it relates to Enterprise Security requirements. Evaluate effectiveness of practices, procedures, and security controls applicable to Comerica Bank. Identify opportunities for process improvements for continued operation efficiency/monitoring. Other duties as assigned. Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled