Cyber Vulnerability Operations Manager The Cyber Vulnerability Operations Team consist of both the Application Security (AppSec) teams and the Vulnerability Management Operations (VM Ops) teams. Together, the Vulnerability Operations team collaborates with peers across Comerica to provide visibility into (and ensures) that vulnerabilities within applications and infrastructure are remediated, as well as to facilitate and enforce the use of secure development practices across the bank. The Cyber Vulnerability Operations Manager role provides oversight for and technical expertise to the both the application security and vulnerability management operations (VM Ops) teams. The manager will also provide strategic direction and mentorship for engineers and drive close collaboration with technology stakeholders to enable the team to perform its day-to-day operation, while also service as a liaison with executive stakeholders to ensure that risk is adequately communicated. Position Responsibilities Application Security * Lead application security engineers in day-to-day operations, ensuring that applications from Comerica are designed, developed, and deployed securely. * Bring the application security team together with teams from Technology and the business to manage application security vulnerability detection / remediation workflow, and to integrate security into the software development lifecycle. * Define and own objectives and key results that support secure application design strategy. * Develop and report on a comprehensive set of metrics to track and report on application risks and remediation trends. * Evaluate and improve upon AppSec processes to ensure rapid detection and remediation of AppSec risks. * Define and drive technical requirements for implementation of new tools/capabilities associated with AppSec (e.g., Snyk, Rapid7). * Drive technical excellence and implementation of secure engineering practices in collaboration with technology teams across the enterprise. * Drive a threat modelling program and enable the Application Security engineers to work with developers on secure code. * Drive developer education efforts across the enterprise to ensure that security best practices are built into the development processes within Comerica. Vulnerability Management Operations * Lead day-to-day operations for the vulnerability management operations team, which includes performing vulnerability assessments and common baseline control scans across the Comerica environment and reporting on Key Risks Indicators. * Responsible for managing security vulnerabilities and risks across Comerica, including identifying vulnerabilities and supporting application/system owners to manage risks / remediate vulnerabilities. * Establish and mature processes around vulnerability management, remediation, and reporting. * Drive the requirements, validate, and identify enhancements for vulnerability management tools, such as ServiceNow VM and Qualys. * Identify gaps in current processes, workflows, and tools, while implement changes / enhancements as needed. * Responsible for defining and reporting on Service Level Agreement / Objectives around vulnerability management and remediation. Team Leadership and Overall Execution * Serve as the team leader and mentor for the Vulnerability Management Operations team. * Ensure adherence to Service Level Agreements / Expectations / Objectives. * Identify and implement improvements on for operational processes. * Provide leadership on workflow automation and work with coordinators with CDO to ensure that enhancements are developed. * Define, track, and communicate goals and key performance indicators for the individual coordinators within the team. * Perform knowledge transfer to other teams as required. * Select, motivate, enable, and retain high performers within the team. * Provide ongoing feedback for staff to maximize their performance. Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled