Lead Information Security Analyst - Cloud Control Framework

at  Wells Fargo

APPLICANTS WITH DISABILITIES

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .

WELLS FARGO RECRUITMENT AND HIRING REQUIREMENTS:

a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process

Required Qualifications:

• 5+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years of experience managing a cloud control framework, or a Cybersecurity policy stack for a large Enterprise
• 2+ years of experience working with public and/or private cloud technologies, platforms and services
• 2+ years of experience with the creation, management or implementation of formal Enterprise security controls
• 2+ years working with key industry frameworks and authoritative sources, such as: FFIEC, ISO, MITRE, NIST, CSA CCM, CRI Profile
• 2+ years of a demonstrated track record of executive communication, relationship building, negotiating, and influencing strategic outcomes
• 2+ years of validated proficiency and advanced knowledge of MS Word, Excel, PowerPoint, Outlook and Team

Desired Qualifications:

• 5+ years’ experience with Cloud Security technologies, cryptography, certificate and key management, data loss prevention or information protection
• 5+ years’ experience in the development and management of complex programs spanning multiple technology, Cybersecurity, or large banking operations
• 5+ years’ experience working in financial services or other highly regulated industry; knowledge of the financial services regulatory environment
• 5+ years of Technical Writing experience
• Strong critical thinking skills, consistent attention to detail, and ability to meet deadlines amidst competing priorities
• Functional experience across Cybersecurity domains (e.g., infrastructure, cryptography/information protection, identity and access management, defense & incident response, vulnerability management, application security, etc.)
• Experience with developing and presenting business management materials to senior management and governance committees
• Confirmed knowledge of agile methodology and Atlassian suite of products (e.g., Confluence, Jira)
• Experience with data aggregation and reporting tools (e.g., Tableau

Wells Fargo is seeking a Lead Information Security Analyst to join the Cybersecurity Cloud Security Delivery Team, working with the Cloud Control Framework (CCF) “L1” Feature team to manage and develop security specific CCF content. The CCF is used to manage Cybersecurity risk for Wells Fargo private and public cloud implementations. This role involves control objective ideation, development, reviews, mappings, and processes related to publication. There is extensive interaction with Subject Matter Experts (SMEs) across Cybersecurity, Cloud Product, Cloud Engineering, Cloud Governance, along with WF Legal/Regulatory teams and “Line of Defense” partners: Technology Control, Independent Risk Management, and Internal Audit. The role will also work externally, interfacing with government standards organizations, regulatory agencies and industry standards bodies to stay up to date on the latest frameworks and standards that inform CCF content.

In this role, you will:

• Provide oversight to the Cybersecurity Cloud Control Framework (CCF)
• Develop and execute Cybersecurity CCF annual refresh considering inputs across Cybersecurity domain functions and key stakeholder groups
• Lead/drive refinements and uplift to the CCF security objectives content
• Ensure the CCF is in alignment to authoritative and regulatory sources to meet the evolving threat landscape
• Recommend enhancements to the Wells Fargo Cybersecurity policy “stack” to manage cloud risk, help to uplift and “cloudify” the WF policy stack, along with providing mapping updates resulting from the policy simplification process
• Perform assessment of SHRP control mapping to the CCF and work with Tech Control partners to ensure proper alignment
• Lead and oversee revisions/lifecycle of CCF control objectives and obtain feedback and approvals from Domain owners
• Work closely with Cloud Governance to ensure parity with Cybersecurity CCF Annual Review process
• Revise and drive finalization of others’ input specific to CCF procedural documentation and sub-processes
• Ensure the team has the necessary training and is keeping abreast of regulatory and compliance issues
• Engage with all levels of professionals and managers companywide and serve as an experienced advisor to leadership
• Enhance and maintain knowledge of Wells Fargo’s expectations for program and change management, including policies, processes, procedures and tools for program delivery
• Maintain and employ knowledge of industry best practices for program and change management, including agile methodology
• Deliver periodic business and operating reports, including identification and remediation of execution or other risks and issues, retrospectives, and lessons learned
• Build strong relationships with program sponsors, business partners, and key stakeholders
• Coordinate, facilitate, negotiate, and influence cross-functional macro-level topics with key stakeholders and senior management
• Deliver clear, concise, and actionable communication to various levels of organization on a timely basis to ensure effective understanding, decision-making, and execution

Required Qualifications:

• 5+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years of experience managing a cloud control framework, or a Cybersecurity policy stack for a large Enterprise
• 2+ years of experience working with public and/or private cloud technologies, platforms and services
• 2+ years of experience with the creation, management or implementation of formal Enterprise security controls
• 2+ years working with key industry frameworks and authoritative sources, such as: FFIEC, ISO, MITRE, NIST, CSA CCM, CRI Profile
• 2+ years of a demonstrated track record of executive communication, relationship building, negotiating, and influencing strategic outcomes
• 2+ years of validated proficiency and advanced knowledge of MS Word, Excel, PowerPoint, Outlook and Teams

Desired Qualifications:

• 5+ years’ experience with Cloud Security technologies, cryptography, certificate and key management, data loss prevention or information protection
• 5+ years’ experience in the development and management of complex programs spanning multiple technology, Cybersecurity, or large banking operations
• 5+ years’ experience working in financial services or other highly regulated industry; knowledge of the financial services regulatory environment
• 5+ years of Technical Writing experience
• Strong critical thinking skills, consistent attention to detail, and ability to meet deadlines amidst competing priorities
• Functional experience across Cybersecurity domains (e.g., infrastructure, cryptography/information protection, identity and access management, defense & incident response, vulnerability management, application security, etc.)
• Experience with developing and presenting business management materials to senior management and governance committees
• Confirmed knowledge of agile methodology and Atlassian suite of products (e.g., Confluence, Jira)
• Experience with data aggregation and reporting tools (e.g., Tableau)

Job Expectations:

• Travel up to 10% of the time.
• This is not a remote position. Wells Fargo has a hybrid work environment, Candidates must be able to work in either of the designated locations, Westlake, TX, Charlotte, NC or Chandler, AZ 3 days per week.
• Candidate must be able to work in the US for any employer. Wells Fargo will not provide immigration sponsorship now or in the future.