We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Comerica Bank jobs

Enterprise Security Policy and Standards Analyst

Comerica Bank
life insurance, parental leave, paid time off, sick time, 401(k)
United States, Texas, Frisco
3333 Preston Rd (Show on map)
Feb 07, 2025
Enterprise Security Policy and Standards Analyst
The Enterprise Security Policy and Standards Analyst is focused on the development and ongoing maintenance of Technology and Enterprise Security policies and standards for protecting the confidentiality, integrity, and availability of information at Comerica. The incumbent evaluates the need to establish new technology/information security standards based on risk evaluations, changes in threats, technology updates, business objectives, laws, and/or regulations. This will include monitoring new laws, regulations, and industry standards that may affect how technology and information security is managed at Comerica (e.g., GLBA, FFIEC standards, PCI standards, HIPAA, Privacy laws).
The incumbent will assess gaps with Comerica's existing technology/information security controls, policies, and standards and make recommendations to management as needed for new and updated standards. This will require working directly with subject matter experts from Enterprise Security, Technology, Enterprise Risk, Legal and other business units within the bank to further assist in the recommendations and document these requirements.
This role will be responsible for interpreting, analyzing, developing, and writing policies and standards from a business and technical perspective. This includes managing the entire lifecycle of which consists of planning research, drafting, approval and publication, and communication of the policies and standards.
Position Responsibilities:
Policy Development


  • Assist with drafting of policy documents (standards, procedures, and reference documents) ensuring clarity, accuracy, and effectiveness.
  • Develop and implement organizational policies to compliance with applicable laws, regulations, and industry best practices.
  • Coordinate with business unit leaders and management to assess policy needs and develop strategies to address organizational challenges.
  • In collaboration with Technology and Enterprise Security partners, evaluate moderately complex technologies, systems, processes and controls to identify security risks and compliance gaps.
  • Conduct thorough document reviews to ensure the validity and accuracy of all documentation related Technology and Enterprise Security policies and procedures.
  • Participate in policy review meetings with stakeholders to gather feedback, discuss policy implication, and achieve consensus.


Policy Governance and Oversight


  • Review new or modified technology and information security policies prior to vetting and publication and making recommendations to the Sr. Manager.
  • Identify, recommend, and facilitate the enhancement or modification of Technology and Enterprise Security policies based on changes in risks, organizational practices, regulations, industry best practices or technical trends.
  • Monitor the impact of implemented policies, analyzing performance data and stakeholder feedback to identify areas for improvement.
  • Assist in maintaining a comprehensive and up-to date policy library.
  • Oversee the archiving of obsolete policies and documentation of policy changes, maintain a comprehensive and up-to date policy library.
  • Test and monitor Technology and Enterprise Security compliance improvements and their impact on current policies and standards.


Project Management and Communication


  • Manages and leads small to medium projects related to technology risk and information security such as development of new policies or complex policy revisions, large technology projects, training course development.
  • Contributes to projects driven by groups both internal and external to Enterprise Security.
    Publishes updates/new policies and procedures SharePoint.
  • Participates in working groups regarding Technology risk and Enterprise Security policy development and review of new technologies, designs, and remediation planning efforts.
  • Other duties as assigned.

Position Qualifications:


  • Bachelor's Degree from an accredited university in Information Management, Information Governance, Risk Management, Computer Science, or other relevant disciplines OR HS/GED with 5 years progressive relevant experience
  • 5 years of experience in policy interpretation and development
  • 5 years of experience in the development and analysis of industry best practices
  • 5 years of experience with IT governance, compliance, risk, and audit programs
  • 5 years of experience with GLBA, FFIEC standards, PCI standards, HIPAA, Privacy laws or similar compliance activities such as SOX, PCI, etc.
  • 3 years of experience supporting audits and assessments
  • 2 years of experience in IT security control development, control testing, risk remediation, and reporting
  • 2 years of experience with one or more of the following: MS Office, Qualys, SIEM, Archer, ServiceNow


Licenses/Certifications:


  • CISSP (Certified Information Systems Security Professional) preferred
  • CISM (Certified Information Security Manager) preferred
  • CISA (Certified Information Systems Auditor) preferred
  • CIRSC (Certified in Risk and Information Systems Control) preferred

Work Best Category: Category C - Days in the office will either be designated days or will vary week to week from 2-5 days Hours: 8:00am - 5:00pm Monday - Friday Salary: To Be Determined Based on Individual Experience

About Comerica
We know our employees are critical to our overall success and we are dedicated to investing in their future. One of the ways we do this is to offer a comprehensive Total Rewards package designed to recognize and reward individual performance, as well support health, well-being, development and security for our colleagues and their family. Total Rewards consists of cash compensation, development and flexible benefit programs designed to meet individual needs today and in the future. Your salary will be commensurate with your work experience and our programs are reviewed regularly to ensure each remain competitive. We are proud to offer benefits such as health and welfare programs, strong retirement benefits, and generous paid time off programs. You and your eligible family members, including domestic partners and their children, can participate in medical, dental, and vision benefits, 401(k) and pension, income protection benefits such as life insurance, AD&D, and supplemental health programs to offset unexpected health care expenses. We also have a variety of time off programs for things like vacation, sick time, disability, and parental leave. Eligibility for some programs varies based on employment status and tenure.

Upon offer, Comerica conducts a comprehensive background and fingerprint check.

NMLS certification requirement: where applicable, a favorable background check screening, credit check, fingerprint check, and NMLS certification is required in accordance with the SAFE Act.

Comerica Incorporated (NYSE: CMA) is a financial services company headquartered in Dallas, Texas, and strategically aligned into three major business segments; the Commercial Bank, the Retail Bank, and Wealth Management. Comerica's colleagues focus on relationships, and helping people and businesses be successful. In addition to Texas, Comerica Bank locations can be found in Arizona, California, Florida and Michigan, with select businesses operating in several other states, as well as in Canada and Mexico.

Comerica is proud to be an Equal Opportunity Employer - veterans/individuals with disabilities, committed to workplace diversity.

Applied = 0
MORE JOBS LIKE THIS

(web-7d594f9859-5j7xx)