Cyber Vulnerability Operations Manager The Cyber Vulnerability Operations Team consist of both the Application Security (AppSec) teams and the Vulnerability Management Operations (VM Ops) teams. Together, the Vulnerability Operations team collaborates with peers across Comerica to provide visibility into (and ensures) that vulnerabilities within applications and infrastructure are remediated, as well as to facilitate and enforce the use of secure development practices across the bank. The Cyber Vulnerability Operations Manager role provides oversight for and technical expertise to the both the application security and vulnerability management operations (VM Ops) teams. The manager will also provide strategic direction and mentorship for engineers and drive close collaboration with technology stakeholders to enable the team to perform its day-to-day operation, while also service as a liaison with executive stakeholders to ensure that risk is adequately communicated. Position Responsibilities
| Application Security
- Lead application security engineers in day-to-day operations, ensuring that applications from Comerica are designed, developed, and deployed securely.
- Bring the application security team together with teams from Technology and the business to manage application security vulnerability detection / remediation workflow, and to integrate security into the software development lifecycle.
- Define and own objectives and key results that support secure application design strategy.
- Develop and report on a comprehensive set of metrics to track and report on application risks and remediation trends.
- Evaluate and improve upon AppSec processes to ensure rapid detection and remediation of AppSec risks.
- Define and drive technical requirements for implementation of new tools/capabilities associated with AppSec (e.g., Snyk, Rapid7).
- Drive technical excellence and implementation of secure engineering practices in collaboration with technology teams across the enterprise.
- Drive a threat modelling program and enable the Application Security engineers to work with developers on secure code.
- Drive developer education efforts across the enterprise to ensure that security best practices are built into the development processes within Comerica.
|
| Vulnerability Management Operations
- Lead day-to-day operations for the vulnerability management operations team, which includes performing vulnerability assessments and common baseline control scans across the Comerica environment and reporting on Key Risks Indicators.
- Responsible for managing security vulnerabilities and risks across Comerica, including identifying vulnerabilities and supporting application/system owners to manage risks / remediate vulnerabilities.
- Establish and mature processes around vulnerability management, remediation, and reporting.
- Drive the requirements, validate, and identify enhancements for vulnerability management tools, such as ServiceNow VM and Qualys.
- Identify gaps in current processes, workflows, and tools, while implement changes / enhancements as needed.
- Responsible for defining and reporting on Service Level Agreement / Objectives around vulnerability management and remediation.
|
| Team Leadership and Overall Execution
- Serve as the team leader and mentor for the Vulnerability Management Operations team.
- Ensure adherence to Service Level Agreements / Expectations / Objectives.
- Identify and implement improvements on for operational processes.
- Provide leadership on workflow automation and work with coordinators with CDO to ensure that enhancements are developed.
- Define, track, and communicate goals and key performance indicators for the individual coordinators within the team.
- Perform knowledge transfer to other teams as required.
- Select, motivate, enable, and retain high performers within the team.
- Provide ongoing feedback for staff to maximize their performance.
|
Position Qualifications
- Bachelor's Degree in Computer Science, Engineering, Information Systems, or Cyber Security or related field or High School diploma or GED and 12 years Progressive Relevant Experience
- 5 years of experience in cyber / information security, preferably in vulnerability management and/or application security
- 5 years of experience with the application of security standards to the software development lifecycle
- 5 years of experience with the banking sector and both general cyber and targeted threats associated with the financial services industry
- 5 years of working experience collaborating across Enterprise IT and Security to remediate vulnerabilities identified
- 5 years of experience with vulnerability assessments, including creating, maintaining, and troubleshooting scan configurations across the enterprise
- 5 years of knowledge of regulatory requirements and information security management frameworks, including ISO/IEC 27001, ITIL, SOX, PCI, NIST CSF
- 5 years of experience in all levels of the technology stack and security solution capabilities such as: firewalls, intrusion prevention - detection, perimeter appliances, filtering (virus, spam, etc.), network segmentation, authentication, enterprise portals, data encryption, enterprise directories (LDAP and Active Directory), endpoint security controls, application security and secure coding techniques
- 5 years of experience with vulnerability management across cloud platforms
- 5 years of experience leading, managing, and building high performing teams that span technical development, product ownership, and business domains
Licenses/Certificates
- Preferred -- CISSP, CISM, CISA, OSCP, GPEN, CEH
Work Best Category: Category C - Days in the office will either be designated days or will vary week to week from 2-5 days
Hours: 8:00am - 5:00pm Monday - Friday
Salary: To Be Determined Based on Individual Experience
About Comerica
We know our employees are critical to our overall success and we are dedicated to investing in their future. One of the ways we do this is to offer a comprehensive Total Rewards package designed to recognize and reward individual performance, as well support health, well-being, development and security for our colleagues and their family. Total Rewards consists of cash compensation, development and flexible benefit programs designed to meet individual needs today and in the future. Your salary will be commensurate with your work experience and our programs are reviewed regularly to ensure each remain competitive. We are proud to offer benefits such as health and welfare programs, strong retirement benefits, and generous paid time off programs. You and your eligible family members, including domestic partners and their children, can participate in medical, dental, and vision benefits, 401(k) and pension, income protection benefits such as life insurance, AD&D, and supplemental health programs to offset unexpected health care expenses. We also have a variety of time off programs for things like vacation, sick time, disability, and parental leave. Eligibility for some programs varies based on employment status and tenure.
Upon offer, Comerica conducts a comprehensive background and fingerprint check.
NMLS certification requirement: where applicable, a favorable background check screening, credit check, fingerprint check, and NMLS certification is required in accordance with the SAFE Act.
Comerica Incorporated (NYSE: CMA) is a financial services company headquartered in Dallas, Texas, and strategically aligned into three major business segments; the Commercial Bank, the Retail Bank, and Wealth Management. Comerica's colleagues focus on relationships, and helping people and businesses be successful. In addition to Texas, Comerica Bank locations can be found in Arizona, California, Florida and Michigan, with select businesses operating in several other states, as well as in Canada and Mexico.
Comerica is proud to be an Equal Opportunity Employer - veterans/individuals with disabilities, committed to workplace diversity.
|
Comerica Bank
life insurance, parental leave, paid time off, sick time, 401(k)
Apr 28, 2025