IT Audit Manager - Executive Director (Cybersecurity)

at  Wells Fargo

PAY RANGE

Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to achievements, skills, experience, or work location. The range listed is just one component of the compensation package offered to candidates.
$144,400.00 - $300,000.00

APPLICANTS WITH DISABILITIES

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .

WELLS FARGO RECRUITMENT AND HIRING REQUIREMENTS:

a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process

Required Qualifications:

• 7+ years of Audit, Risk experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, educatio

Desired Qualifications:

• 7+ years of increasing responsibilities within IT audit, including experience leading and supervising audits (external and/or internal), preferably in the financial services sector
• Data Loss Prevention and Insider Threat Expertise. Candidates should possess at least 3-5 years of experience in managing implementing and/or governing Data Loss Prevention (DLP) and Insider Threat programs. A deep understanding of strategies, tools, and techniques to mitigate internal risks and protect sensitive information is desired.
• Proficiency with MITRE ATT&CK Framework. Applicants must have over 3-5 years of experience working with the MITRE ATT&CK framework. A strong grasp of its application in identifying, assessing, and mitigating cyber threats based on real-world observations is essential.
• Strong data analytical skills are crucial. Candidates should be adept at interpreting complex data sets, identifying trends, and deriving meaningful insights to enhance threat detection and response capabilities.
• Knowledge of IT and Cloud management and control frameworks
• Experience working in a highly formal audit environment, including preparation of formal test of design and test of effectiveness work-papers, sample selection through use of formal sample selection tools, process and control flow-charting, and audit methodology compliance
• Experience at a financial institution or accounting firm
• A BS/BA degree or higher
• Solid knowledge and understanding of audit or risk methodologies and supporting tools
• Strong understanding of financial regulatory environment
• Certification in one or more of the following: CPA, CAMS, CRCM, CIA, CISA or Commissioned Bank Examiner designation
• Experience leading and providing feedback to staff on audit projects or engagements
• Experience with Issue Validation and Remediation
• Ability to effectively communicate complex security concepts to stakeholders at all level

The Enterprise Technology Audit Group - Cybersecurity Audit Team is looking to fill an IT Audit Manager, Executive Director position to support the coverage of Wells Fargo’s core Information Security and Cybersecurity controls (e.g., Cyber Threat Fusion Center, Data Loss Protection, Security Information and Event Management, Cryptographic Services, Patch and Vulnerability Management, Network Security Management, Third Party Information Security Management etc.). We’re building a Cybersecurity Audit function for the future and looking for high-energy talent to join us on our journey! You’ll be part of a team that provides audit coverage of the controls and tools that provide the front line protection for the Bank’s critical systems and data. Given the dynamic nature of the external threat landscape, you’ll be exposed to cutting edge technology and threat management techniques. We’re looking for team members that have a passion for Cybersecurity and a continual thirst for knowledge in this fascinating and critical space!

In this role, you will:

• Lead a team of audit staff to resolve highly complex and unique challenges requiring in depth evaluation across multiple areas or the enterprise, delivering solutions that are long term. This is an individual contributor role.
• Lead defined audits within one or more segments of the Audit Plan
• Ensure audit engagements are risk based, and executed according to Wells Fargo Internal Audit policies and guidance
• Assist in planning and organizing work in an annual cycle and project cycle
• Provide timely feedback, coaching and monitoring of audit work and staff
• Develop and maintain solid business relationships within Wells Fargo Internal Audit and with teams across Wells Fargo, and other stakeholders
• Become a subject-matter-expert in various integrated and application auditing disciplines so that you can be viewed as a trusted advisor on risks in these areas to management and audit leadership.
• Maintain an ongoing knowledge of the people, processes and tools that interact in this area so that you can keep the big picture in mind as you design your work approach and structure your opinions.
• Lead audit execution teams with integrity and creating an environment where team members feel included, valued, and supported to do work that energizes them.
• Accomplish management responsibilities to provide day-to-day oversight of audit execution including designing the scope and approach for information and cyber security audits, providing ongoing coaching and feedback for audit team members, identifying and managing risks, and completing daily management tasks.

Required Qualifications:

• 7+ years of Audit, Risk experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

Desired Qualifications:

• 7+ years of increasing responsibilities within IT audit, including experience leading and supervising audits (external and/or internal), preferably in the financial services sector
• Data Loss Prevention and Insider Threat Expertise. Candidates should possess at least 3-5 years of experience in managing implementing and/or governing Data Loss Prevention (DLP) and Insider Threat programs. A deep understanding of strategies, tools, and techniques to mitigate internal risks and protect sensitive information is desired.
• Proficiency with MITRE ATT&CK Framework. Applicants must have over 3-5 years of experience working with the MITRE ATT&CK framework. A strong grasp of its application in identifying, assessing, and mitigating cyber threats based on real-world observations is essential.
• Strong data analytical skills are crucial. Candidates should be adept at interpreting complex data sets, identifying trends, and deriving meaningful insights to enhance threat detection and response capabilities.
• Knowledge of IT and Cloud management and control frameworks
• Experience working in a highly formal audit environment, including preparation of formal test of design and test of effectiveness work-papers, sample selection through use of formal sample selection tools, process and control flow-charting, and audit methodology compliance
• Experience at a financial institution or accounting firm
• A BS/BA degree or higher
• Solid knowledge and understanding of audit or risk methodologies and supporting tools
• Strong understanding of financial regulatory environment
• Certification in one or more of the following: CPA, CAMS, CRCM, CIA, CISA or Commissioned Bank Examiner designation
• Experience leading and providing feedback to staff on audit projects or engagements
• Experience with Issue Validation and Remediation
• Ability to effectively communicate complex security concepts to stakeholders at all levels

Job Expectations:

• Ability to travel up to 10% of the time
• Position does not provide sponsorship