Overview
On Site
Full Time
Skills
Gramm-Leach-Bliley Act
FFIEC
Payment Card Industry
HIPAA
Writing
Research
Technical Drafting
Clarity
Management
Information Security
Collaboration
Security Policy
Legal
Privacy
Data Security
Artificial Intelligence
Risk Assessment
Project Management
Communication
Training
Instructional Design
Effective Communication
Leadership
Regulatory Compliance
Job Details
The Senior Enterprise Security Policy and Standards Analyst is focused on the development and ongoing maintenance of Technology and Enterprise Security policies and standards for protecting the confidentiality, integrity, and availability of information at Comerica. The incumbent evaluates the need to establish new technology/information security standards based on risk evaluations, changes in threats, technology updates, business objectives, laws, and/or regulations. This will include monitoring new laws, regulations, and industry standards that may affect how technology and information security is managed at Comerica (e.g., GLBA, FFIEC standards, PCI standards, HIPAA, Privacy laws).
The incumbent will assess gaps with Comerica's existing technology/information security controls, policies, and standards and make recommendations to management as needed for new and updated standards. This will require working directly with subject matter experts from Enterprise Security, Technology, Enterprise Risk, Legal and other business units within the bank to further assist in the recommendations and document these requirements.
This role will be responsible for interpreting, analyzing, developing, and writing policies and standards from a business and technical perspective. This includes managing the entire lifecycle of which consists of planning research, drafting, approval and publication, and communication of the policies and standards.
Position Responsibilities:
Policy & Standards Development
Policy Governance and Oversight
Project Management and Communication
Other duties as assigned.
The incumbent will assess gaps with Comerica's existing technology/information security controls, policies, and standards and make recommendations to management as needed for new and updated standards. This will require working directly with subject matter experts from Enterprise Security, Technology, Enterprise Risk, Legal and other business units within the bank to further assist in the recommendations and document these requirements.
This role will be responsible for interpreting, analyzing, developing, and writing policies and standards from a business and technical perspective. This includes managing the entire lifecycle of which consists of planning research, drafting, approval and publication, and communication of the policies and standards.
Position Responsibilities:
Policy & Standards Development
- Lead drafting policy documents (standards, procedures, and reference documents) ensuring clarity, accuracy, and effectiveness of the documented requirements.
- Develop and implement organizational policies to comply with applicable laws, regulations, and industry best practices.
- Coordinate with Technology, Enterprise Security business unit leaders and management to assess policy needs and develop strategies to address organizational challenges or identified requirement gaps.
- In collaboration with Technology and Enterprise Security partners, evaluate complex technologies, systems, processes and controls to identify security risks and compliance gaps.
- Facilitate policy and review meetings with stakeholders to gather feedback, discuss policy implication, and achieve consensus.
Policy Governance and Oversight
- Review new or modified technology and information security policies prior to vetting and publication and making recommendations to the Technology and Enterprise Security leadership teams. Identify, recommend, and facilitate the enhancement or modification of Technology and Enterprise Security policies based on changes in risks, organizational practices, regulations, industry best practices or technical trends.
- In collaboration with our partners, evaluate complex technologies, systems, processes, and controls to identify security risks and compliance gaps.
- Determines review schedule for Technology and Enterprise Security policies. Identifies and develops policy review teams and participate in policy reviews.
- Represents the department at working groups regarding Technology and Enterprise Security policy development and review of new technologies, designs, and remediation planning efforts.
- Investigates potential compliance failures, identifying security needs and recommends plans/resolutions.
- Understand and share the legal and ethical implications of policies, especially in terms of user privacy, data protection, and artificial intelligence.
- Assess the sensitivity of information and perform vulnerability and risk assessments based on information sensitivity and flow.
Project Management and Communication
- Manages and leads medium to large projects related to Technology and Enterprise Security such as development of new policies or complex policy revisions, large technology projects, training course development.
- Contribute to projects driven by groups both internal and external to Enterprise Security.
Ensures effective communication of changes to Technology and Enterprise Security policies to Senior leadership. - Communicate the status, risks, and issues associated with the Policy and Standards compliance program.
- Engages in a consultative role to ensure the enterprise operates securely as they navigate an evolving IT environment.
Other duties as assigned.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.