Cyber Vulnerability Operations Manager
The Cyber Vulnerability Operations Team consist of both the Application Security (AppSec) teams and the Vulnerability Management Operations (VM Ops) teams. Together, the Vulnerability Operations team collaborates with peers across Comerica to provide visibility into (and ensures) that vulnerabilities within applications and infrastructure are remediated, as well as to facilitate and enforce the use of secure development practices across the bank.
The Cyber Vulnerability Operations Manager role provides oversight for and technical expertise to the both the application security and vulnerability management operations (VM Ops) teams. The manager will also provide strategic direction and mentorship for engineers and drive close collaboration with technology stakeholders to enable the team to perform its day-to-day operation, while also service as a liaison with executive stakeholders to ensure that risk is adequately communicated.
Position Responsibilities Application Security
Lead application security engineers in day-to-day operations, ensuring that applications from Comerica are designed, developed, and deployed securely.
Bring the application security team together with teams from Technology and the business to manage application security vulnerability detection / remediation workflow, and to integrate security into the software development lifecycle.
Define and own objectives and key results that support secure application design strategy.
Develop and report on a comprehensive set of metrics to track and report on application risks and remediation trends.
Evaluate and improve upon AppSec processes to ensure rapid detection and remediation of AppSec risks.
Define and drive technical requirements for implementation of new tools/capabilities associated with AppSec (e.g., Snyk, Rapid7).
Drive technical excellence and implementation of secure engineering practices in collaboration with technology teams across the enterprise.
Drive a threat modelling program and enable the Application Security engineers to work with developers on secure code.
Drive developer education efforts across the enterprise to ensure that security best practices are built into the development processes within Comerica.
Vulnerability Management Operations
Lead day-to-day operations for the vulnerability management operations team, which includes performing vulnerability assessments and common baseline control scans across the Comerica environment and reporting on Key Risks Indicators.
Responsible for managing security vulnerabilities and risks across Comerica, including identifying vulnerabilities and supporting application/system owners to manage risks / remediate vulnerabilities.
Establish and mature processes around vulnerability management, remediation, and reporting.
Drive the requirements, validate, and identify enhancements for vulnerability management tools, such as ServiceNow VM and Qualys.
Identify gaps in current processes, workflows, and tools, while implement changes / enhancements as needed.
Responsible for defining and reporting on Service Level Agreement / Objectives around vulnerability management and remediation.
Team Leadership and Overall Execution
Serve as the team leader and mentor for the Vulnerability Management Operations team.
Ensure adherence to Service Level Agreements / Expectations / Objectives.
Identify and implement improvements on for operational processes.
Provide leadership on workflow automation and work with coordinators with CDO to ensure that enhancements are developed.
Define, track, and communicate goals and key performance indicators for the individual coordinators within the team.
Perform knowledge transfer to other teams as required.
Select, motivate, enable, and retain high performers within the team.
Provide ongoing feedback for staff to maximize their performance.
Position Qualifications
Bachelor's Degree in Computer Science, Engineering, Information Systems, or Cyber Security or related field or High School diploma or GED and 12 years Progressive Relevant Experience
5 years of experience in cyber / information security, preferably in vulnerability management and/or application security
5 years of experience with the application of security standards to the software development lifecycle
5 years of experience with the banking sector and both general cyber and targeted threats associated with the financial services industry
5 years of working experience collaborating across Enterprise IT and Security to remediate vulnerabilities identified
5 years of experience with vulnerability assessments, including creating, maintaining, and troubleshooting scan configurations across the enterprise
5 years of knowledge of regulatory requirements and information security management frameworks, including ISO/IEC 27001, ITIL, SOX, PCI, NIST CSF
5 years of experience in all levels of the technology stack and security solution capabilities such as: firewalls, intrusion prevention - detection, perimeter appliances, filtering (virus, spam, etc.), network segmentation, authentication, enterprise portals, data encryption, enterprise directories (LDAP and Active Directory), endpoint security controls, application security and secure coding techniques
5 years of experience with vulnerability management across cloud platforms
5 years of experience leading, managing, and building high performing teams that span technical development, product ownership, and business domains
Licenses/Certificates
Preferred -- CISSP, CISM, CISA, OSCP, GPEN, CEH
Work Best Category: Category C - Days in the office will either be designated days or will vary week to week from 2-5 days
Hours: 8:00am - 5:00pm Monday - Friday
Salary: To Be Determined Based on Individual... For full info follow application link.
Comerica is proud to be an Equal Opportunity Employer - veterans/individuals with disabilities, committed to workplace diversity.
