Senior Lead Information Security Analyst

at  Wells Fargo

APPLICANTS WITH DISABILITIES

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .

WELLS FARGO RECRUITMENT AND HIRING REQUIREMENTS:

a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process

Ensure that risks to all information assets are being managed in a timely and effective manner to meet the Information Security Program requirements and the current threat landscape

• Lead complex initiatives designed to mitigate current and emerging risks with broad impact across the Data Science Organization
• Build a consolidated view of all the Risk and Controls related items in Jira within the Data Science Organization
• Act as the organizational delegate with external parties to support timeliness, appropriate response strategy, and effectiveness of communications and materials
• Develop and implement metrics and reporting to provide concise risk view in control environment health, timeliness and effectiveness of risk mitigation, and emerging risk

Ensure information security capabilities are included in all aspects of the company’s technology architecture

• Establish strong partnership and collaboration with Wells Fargo Technology, aligned Risk Partners, Information Security, Second and Third Lines of defenses, to ensure CTO adherence to Wells Fargo Technology Policy, Compliance and external regulation requirements.
• Proactively manage the information security risk profile of line of business information assets throughout the lifecycle of the asse

Provide vision, direction, and expertise to more experienced leadership on implementing innovative and significant business solutions that are large-scale, cross-functional, or companywide strategies

• Collaborate with relevant business group to identify current and emerging risks associated with business activities and operations, and provide guidance in developing and implementing risk-mitigating strategie

Engage with all levels of professionals and managers companywide and serve as an experienced advisor to leadership

• Monitor moderately complex business specific programs, and provide risk management consulting to support the business in designing and implementing risk-mitigation strategies
• Provide Risk and Control Updates to Leadership Team

Required Qualifications:

• 7+ years of Risk Management or Control Management experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 7 + years of Information Security experience, or equivalent demonstration through one or a combination of the following: work experience, training, military experience, education

Desired Qualifications:

• Strong knowledge of Secure Application Development Lifecycle, Agile Methodology, Continuous Integration and Deployment, and associated Risk
• Strong knowledge of Application Lifecycle and Architecture Management, and associated Risk
• Strong knowledge of Control Framework and Control Testing
• Ability to generate, review, edit, and distribute executive level reports
• Experience working with internal and external auditors and examiners
• Experience with Issue Validation and Remediation
• Experience reviewing testing strategies and methodologies; evaluating the adequacy and effectiveness of policies, procedures, processes, initiatives, products and internal controls; and identifying issues resulting from internal and/or external compliance examination
• Ability to articulate complex concepts in a clear manner-Performing centralized governance, oversight responsibilities, and the facilitation of strategic planning for the Technology Control Framework
• Experience managing and executing information Technology risk programs that align to a Technology Business function
• Knowledge of Technology and Security risk framework - COBIT, FFIEC, NIST, ITIL, COSO, BASEL, and OCC Heightened Standards
• Certified in Risk and Information Systems Control (CRISC), Certified Internal Auditor (CIA), Certified Information Systems Auditor, (CISA) Certification in Control Self-Assessment (CCSA) or any other risk management discipline certificatio

ABOUT THIS ROLE:

Wells Fargo is seeking a Senior Lead Information Security Analyst for the Data Science Organization in Cybersecurity.

IN THIS ROLE, YOU WILL:

Provide oversight to the Information Security program for a major line of business

• Coordinate Audit related activities across the organization and collaborate with the Product Owners to prioritize the work
• Provide Risk Opinion, Credible Challenge, and Recommendations through Process, Risk and Control evaluation.

Consult with line of business on the consistent implementation of the enterprise information security model and solutions to remediate information security risks

• Act as key participant in monitoring, evaluating, and measuring the impact of decisions practiced in the Risk and Controls Area
• Monitor, measure, evaluate, and report on the impact of decisions and risk/controls to the relevant business group or functional area

Ensure that risks to all information assets are being managed in a timely and effective manner to meet the Information Security Program requirements and the current threat landscape

• Lead complex initiatives designed to mitigate current and emerging risks with broad impact across the Data Science Organization
• Build a consolidated view of all the Risk and Controls related items in Jira within the Data Science Organization
• Act as the organizational delegate with external parties to support timeliness, appropriate response strategy, and effectiveness of communications and materials
• Develop and implement metrics and reporting to provide concise risk view in control environment health, timeliness and effectiveness of risk mitigation, and emerging risk.

Ensure information security capabilities are included in all aspects of the company’s technology architecture

• Establish strong partnership and collaboration with Wells Fargo Technology, aligned Risk Partners, Information Security, Second and Third Lines of defenses, to ensure CTO adherence to Wells Fargo Technology Policy, Compliance and external regulation requirements.
• Proactively manage the information security risk profile of line of business information assets throughout the lifecycle of the asset

Provide vision, direction, and expertise to more experienced leadership on implementing innovative and significant business solutions that are large-scale, cross-functional, or companywide strategies

• Collaborate with relevant business group to identify current and emerging risks associated with business activities and operations, and provide guidance in developing and implementing risk-mitigating strategies

Ensure the team has the necessary training and is keeping abreast of regulatory and compliance issues

• Identify opportunities for Process and Control improvements thru monitoring of emerging risk, changes to Technology environment, industry framework and trends.
• Educate and influence WFT for effective implementation, execution, and governance of Technology Control Framework

Engage with all levels of professionals and managers companywide and serve as an experienced advisor to leadership

• Monitor moderately complex business specific programs, and provide risk management consulting to support the business in designing and implementing risk-mitigation strategies
• Provide Risk and Control Updates to Leadership Teams

Required Qualifications:

• 7+ years of Risk Management or Control Management experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 7 + years of Information Security experience, or equivalent demonstration through one or a combination of the following: work experience, training, military experience, education.

Desired Qualifications:

• Strong knowledge of Secure Application Development Lifecycle, Agile Methodology, Continuous Integration and Deployment, and associated Risk
• Strong knowledge of Application Lifecycle and Architecture Management, and associated Risk
• Strong knowledge of Control Framework and Control Testing
• Ability to generate, review, edit, and distribute executive level reports
• Experience working with internal and external auditors and examiners
• Experience with Issue Validation and Remediation
• Experience reviewing testing strategies and methodologies; evaluating the adequacy and effectiveness of policies, procedures, processes, initiatives, products and internal controls; and identifying issues resulting from internal and/or external compliance examination
• Ability to articulate complex concepts in a clear manner-Performing centralized governance, oversight responsibilities, and the facilitation of strategic planning for the Technology Control Framework
• Experience managing and executing information Technology risk programs that align to a Technology Business function
• Knowledge of Technology and Security risk framework - COBIT, FFIEC, NIST, ITIL, COSO, BASEL, and OCC Heightened Standards
• Certified in Risk and Information Systems Control (CRISC), Certified Internal Auditor (CIA), Certified Information Systems Auditor, (CISA) Certification in Control Self-Assessment (CCSA) or any other risk management discipline certification

Job Expectations:

• This position is not eligible for Visa sponsorship
• 100% remote work option is not available