Business Unit Risk Analyst Lead
The Cybersecurity Policy Analyst role is focused on the development and ongoing maintenance of technology risk and information security policies and standards for protecting information at Comerica, Inc. Evaluate the need to establish new technology/information security standards based on risk evaluations, changes in threats, technology, business objectives, laws, and regulations. Monitor new laws, regulations, and industry standards that may affect how technology and information security is managed at Comerica (e.g., GLBA, FFIEC standards, PCI standards, HIPAA, Privacy laws). Assess gaps with Comerica's existing technology/information security controls, policies, and standards and make recommendations to management as needed for new and updated standards. This role will be responsible for interpreting, analyzing, developing, and writing policies and standards from a business and technical perspective. This includes managing the entire lifecycle of which consists of research, drafting, approval and publication, and communication of the policies and standards. The ideal candidate will hold one of the following Certifications: CISSP, CISM, CISA, CRISC, or other applicable security / technical certification.
- Lead management and oversight of all regulatory and audit inquiries.
- Responsible for the coordination and preparation of audit and exam deliverables.
- Ensure key regulatory and control timelines and required processes and evidence (documents) are tested.
- Ensure compliance and control findings are reported to management of affected areas.
- Perform risk analysis to determine level of risk to the bank and recommend action(s) to mitigate risk.
- Develop and implement new compliance programs to address regulatory changes.
- Monitor and interpret policy and procedures for assigned line of business and update as required.
- Recommend ways to reduce turn times while balancing operational risk.
- Analyze and make recommendations on department policies, processes and procedures.
- Partners with the business unit(s) to ensures all processes and procedures follow policies and federal regulations.
- Participate in Committees and Special Projects as warranted.
- Management of and/or participation in large to complex sized projects related to risk and compliance.
- Work collaboratively with business units and others on the implementation of new regulations.
- Educate and train business unit on risks that affect them.
- Ensure compliance training requirements are properly communicated and completed.
Apply on company website