Data Security Engineer The Data Security Engineer will work across Comerica's technology ecosystem to identify critical data stores and ensure proper data and access controls are applied. You will work on designing, implementing and integrating data security solutions protecting customer and sensitive data. The engineer works closely with business units and stakeholders to help with data access, ownership and enforcement of policies, rules and safeguards. The engineer works closely with IT team members, cybersecurity operations/responders and third parties, and must be technically proficient with data protection technologies, including data loss prevention (DLP), cloud access security broker (CASB), data classification, privacy, behavior analytics, encryption and GRC. Prefer familiarity with regulatory requirements and laws, such as Payment Card Industry (PCI), Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley Act (SOX), HIPAA, GDPR, California Consumer Privacy Act (CCPA) and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in one or more of the following is required: ISO 17799, ITIL, NIST Cybersecurity Framework (CSF).
Design & Methodology
- Work closely with business units, application teams, infrastructure areas and vendors to identity, review and evaluate the solution requirements.
- Investigate and propose strategic fits for virtualization, consolidation and rationalization solution opportunities within the infrastructure or business. Propose changes to the technical design solutions as applicable.
- Evaluate and align strategic fit solutions across platforms and solutions specific to system hardware and software technologies.
- Understand, participate, review and influence long term capacity planning and technology investments.
- Provide client consulting and planning guidance as applicable for moderate to complex projects
- Provide consultation and works closely with other functional infrastructure areas/departments on multiple initiatives to meet common organizational/business goals and objectives.
- Participate in and provides consulting to project teams on architectural, design development, integration opportunities, planning of complex systems.
Planning & Organizing
- Map requirements into standard services solution, identity opportunities for integrating to existing or reuse technology and provide cost effective solutions for moderate to large highly complex project/programs/initiatives.
- Review, identify and manage requirements for moderate to complex solutions and do a cost value, feasibility and risk analysis.
- Review, participate, develop and update architectural standards, guiding principles, rationales and strategies.
- Evaluate, review and approve highly complex design solutions for business and Infrastructure project or programs or initiatives.
- Keep management informed of status of on activities through accurate, timely, and appropriate reporting.
- Actively participate in committees representing the department and/or planning unit.
Apply on company website