Manager BRCO Risk Partner – Enterprise Security
The Business Risk and Control Officers (BRCOs) play a pivotal role in guiding the business to identify and understand risk exposures, as well as ensuring the implementation of effective controls to reduce risks and safeguard our customers and colleagues. BRCOs are critical to the success of the risk management lifecycle and play a role in planning, Identifying, assessing, mitigating, monitoring, and reporting. As members of the First Line of Defense (1LOD), BRCOs:
Provide leadership and coaching to the 1LOD to proactively identify and effectively manage risks.
Translate and educate 1LOD to enable and drive business relevant implementation of Second Line of Defense (2LOD) risk management frameworks, policies, taxonomies, and inventories.
Review, validate, and test 1LOD activities to ensure adequate control design and effective control operation.
- Provide credible challenge to 1LOD colleagues, ensuring safeguard and risk mitigation measures are upheld in decision making and adherence to 2LOD frameworks and policies prior to 2LOD review.
- Drive two-way collaboration across 1LOD and 2LOD; liaise between 1LOD and 2LOD to drive engagement throughout the risk management lifecycle.
- Collaborate and coordinate across the organization to help navigate and mitigate horizontal risk promoting resilience and ensuring safety and soundness.
- Document, aggregate and report risk in accordance with the risk management lifecycle.
The Manager BRCO Risk Partner for Enterprise Security (ES) is responsible for leading a team of ES Risk Partners to engage with control and process owners on the development and design of new or updated cybersecurity controls as well as changes to existing processes to mitigate risk to an acceptable level. The Enterprise Security Risk Partners develop options and actions for control owners to perform to drive improvements to the control environment. This role will lead the team and provide the necessary direction to drive proactive cybersecurity risk monitoring and mitigation to improve the Bank’s overall security posture. This role will also be responsible for monitoring controls, including advising on appropriate monitoring structures and conducting thematic analysis providing insights on drivers of risk and emerging risks. A breadth of cybersecurity knowledge is required to be successful in this role.
Position Responsibilities:
Business Partnerships
- Develops and maintains partnerships with the Line of Business process owners to provide end-to-end thought leadership through strategic consulting and providing expertise in control design that can lead to early identification and sustainable mitigation of risks.
- Inquiries about and builds deep familiarity with critical Line of Business processes to advise on controls.
- Drives a strong enterprise risk culture by fostering rigor and discipline focused on risk and compliance awareness, ethical business practices, transparency, and escalation.
- Collaborates with and supports other BRCO team members to ensure a robust and comprehensive implementation of 2LOD frameworks within 1LOD.
- Depending on size of LOB and the number BRCO Risk Partners, may align support to specific leaders.
Design Controls
- Engages in the development and design of implementation of new controls as well as changes to existing processes. Develops options and actions for control owners to perform that will result in improved controls and greater control effectiveness.
- Designs controls to fit for purpose, are relevant and primarily address the root causes of the risk, they should also be appropriate, covering the full extent and scope of the risk and its consequences, taking into consideration efficiency and cost-effectiveness as well as ensure they conform to relevant standards or regulatory requirements.
- Supports Line of Business process owners and ensures appropriate controls for new and changing processes are identified, risk assessed, documented, and implemented to mitigate risks and ensure all incremental risks have been captured.
- Drives adherence within 1LOD to enterprise-wide control design standards, policies, and frameworks.
- Engages with 2LOD to ensure risks and control results are in alignment with Comerica's objectives, all risk pillars, and risk appetite and provides 2LOD with regular updates.
Monitoring and Analyzing of Controls
- Oversees Line of Business monitoring of controls, including advising on appropriate monitoring structures.
- Performs validation to demonstrate the remediation has effectively address root cause of issue, is effective and aligned with regulatory/audit expectations.
- Conducts thematic analysis providing insights on drivers of risk and emerging risks.
HR and Financial Management
- Selects, motivates, and retain high performing talent, cultivating a spirit of teamwork and continuous improvement with shared goals and objectives.
- Supports the development and growth of direct reports through on-going direction, coaching and performance management.
- Manages expenses and budget associated with the team and the work managed.
A successful candidate will have the following knowledge and/or skills:
- Demonstrated knowledge of banking industry products, services, and workflows.
- Strong familiarity with critical business processes and controls, as well as overall business needs and objectives, for Line of Business.
- Strong track record of driving timely and effective issue resolution in a financial services context.
- Deep expertise and ability to educate colleagues on risk management, controls, and compliance concepts, frameworks, and policies.
- Ability to establish authority, influence stakeholders, and productively debate issues (e.g., credible challenge) at all levels including without direct reporting responsibility.
- Ability to build strong relationships and engage constructively in a proactive and transparent approach with cross-functional stakeholders, to challenge status quo and drive buy-in to achieve common goals.
- Ability to clearly and effectively communicate, including ability to summarize and explain complex findings and issues to a wide range of audiences.
- Ability to apply sound judgment and appropriately escalate concerns and issues.
- Ability to demonstrate managerial courage and inspire colleagues across the organization to embrace change.
- Ability to gather, analyze and interpret large datasets from various sources.
- Strong analytical and critical thinking skills with high attention to detail and accuracy.
- Ability to manage multiple tasks and projects, prioritize work, meet deadlines, achieve goals, and work under pressure in a dynamic and complex environment.
- Self-starter, able to work independently, flexible and can navigate a complex organization.
Position Qualifications
- Bachelor's degree from an accredited university or a High School Diploma or GED and 6 years of Risk Management or other related experience in the Financial Services Industry
- 8 years of experience in Risk Management, Compliance, Audit, or related field
- Expertise in identifying areas of control weakness, risk environment assessment and process improvement
- Expertise in designing or advising on the design of a broad range of controls (e.g. preventative vs. detective controls; manual vs automated)
- Strong understanding of various risk types/pillars, risk management, controls, and compliance concepts and frameworks
- Project support / project management skills - ability to provide direction, track progress and ensure alignment with program requirements
- Proficient in risk management software, MS Office Suite, and other related technology tools.
- Strongly Preferred: Experience managing or leading a team
- Strongly Preferred: 6 years of experience in Financial Services industry and/or knowledge of Line of Business products, services, and business processes
- Preferred: Experience working for or with (significant interactions) regulatory agencies
Category C - Days in the office will either be designated days or will vary week to week from 2-5 days
8:00am - 5:00pm Monday - Friday, this position includes both onsite and remote work.
To Be Determined Based on Individual Experience
About Comerica
We know our employees are critical to our overall success and we are dedicated to investing in their future. One of the ways we do this is to offer a comprehensive Total Rewards package designed to recognize and reward individual performance, as well support health, well-being, development and security for our colleagues and their family. Total Rewards consists of cash compensation, development and flexible benefit programs designed to meet individual needs today and in the future. Your salary will be commensurate with your work experience and our programs are reviewed regularly to ensure each remain competitive. We are proud to offer benefits such as health and welfare programs, strong retirement benefits, and generous paid time off programs. You and your eligible family members, including domestic partners and their children, can participate in medical, dental, and vision benefits, 401(k) and pension, income protection benefits such as life insurance, AD&D, and supplemental health programs to offset unexpected health care expenses. We also have a variety of time off programs for things like vacation, sick time, disability, and parental leave. Eligibility for some programs varies based on employment status and tenure.
Upon offer, Comerica conducts a comprehensive background and fingerprint check.
NMLS certification requirement: where applicable, a favorable background check screening, credit check, fingerprint check, and NMLS certification is required in accordance with the SAFE Act.
Comerica Incorporated (NYSE: CMA) is a financial services company headquartered in Dallas, Texas, and strategically aligned into three major business segments; the Commercial Bank, the Retail Bank, and Wealth Management. Comerica's colleagues focus on relationships, and helping people and businesses be successful. In addition to Texas, Comerica Bank locations can be found in Arizona, California, Florida and Michigan, with select businesses operating in several other states, as well as in Canada and Mexico.
Comerica is proud to be an Equal Opportunity Employer - veterans/individuals with disabilities, committed to workplace diversity.