About this role:Wells Fargo is seeking a Lead Information Security Analyst. This position will provide information security consultation for all aspects of Identity and Access Management (IAM) compliance policies, risk management and remediation. Engaging with internal lines of defense, key business and technology stakeholders, and control owners/operators is part of the daily routine for this position. Works with various compliance and regulatory teams internal and external to Wells Fargo. Provides guidance and direction to all Lines of Defense when evaluating processes and controls, participates in reviewing security risk assessment findings and mitigating controls to optimize IAM security. Ensures IAM domain controls are appropriately inventoried, tested and periodically reviewed to ensure control design effectiveness. Using in-depth knowledge of information security and the enterprise, recommends changes to enterprise information security IAM domain policies, standards, procedures, and control requirements. Recommends compliance and risk management requirements for the IAM domain and works with other stakeholders to implement key risk initiatives, proactively identify and address issues, and escalate where necessary. Engages Information and Cyber Security (ICS), Wells Fargo Technology (WFT), and Wells Fargo lines of business (LOB) management to identify, formulate and implement risk-managed information security solutions. Improves awareness and compliance via development and delivery of Information Security Education and Awareness.
In this role, you will:- Provide advanced information security consultation for all aspects of information security compliance policy, risk management, and remediation
- Direct information security risk assessment and research, and recommend remediation plans and strategies
- Influence stakeholders on net new or on material changes to an asset to influence control decisions
- Provide consulting on security risk assessment and research, and recommend remediation plans and strategies
- Act as more experienced lead to the organization to develop security risk awareness and mitigating actions
- Consult the organization on complex security issues and findings
- Manage the most complex and critical information assets
- Evaluate and interpret internal and companywide information security policies, processes, standards, and participate with more experienced leaders in decision making on information security
- Serve as information security lead to advise on the development and delivery of Information Security Education and Awareness
- Collaborate and consult with peers, colleagues, and mid-level to more experienced managers to resolve issues and achieve goals
- Lead projects and teams
- Coordinate with vendor manager on third party assets to manage information security risks
- Serve as a mentor to less experienced staff
- Evaluates adequacy and effectiveness of IAM domain policies, procedures and processes, systems and internal controls, including IAM-related SOX and SOC controls.
- Works directly with all Lines of Defense ensuring their understanding of IAM processes and controls during their testing engagements, answering questions and gathering the necessary evidence for testing.
- Acts as the point of contact for the Lines of Defense and IAM partners as it relates to audits/assessments
- Partners with the IAM Issues Management group reviewing Self Identified issues and providing insight during the testing of remediation on issues.
- Recommends changes to processes for continuous improvement.
- Provides consultation on IAM compliance and controls issues.
Required Qualifications, US:- 5+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
- 4+ years experience in one or a combination of the following: compliance, operational risk, or legal
- 4+ years of strategic planning and development experience
- 3+ years of IAM (Identity and Access Management) experience
- 3+ years of experience with Sarbanes-Oxley IT General Controls
- 3+ years of experience with handling both internal and external audits
Desired Qualifications:- Good communication skills and ability to articulate complex material to a diverse audience
- Strong time management skills and ability to meet deadlines
- Ability to influence across all organizational levels, particularly senior management
- Virtual leadership experience with ability to effectively drive results, provide feedback/direction, and manage and build relationships with leaders and team
- Ability to identify inefficiencies, opportunities to streamline business processes and implement change
- Ability to evaluate impacts based on changes in law/regulations and develop company response
- Process definition and documentation experience
- Expert knowledge and understanding of information security practices and policies, frameworks, standards, and best practices
- Experience working at a top-tier consulting firm ("big 4" for example)
- Audit experience within one of the following areas: Information security, IT governance, risk management or application security
Job Posting Locations:- 300 S Brevard St, Charlotte, NC
- 2600 South Price Rd. Chandler, AZ
- 550 S 4th St Minneapolis, MN
- 1301 Solana Blvd - Westlake, TX 76262
Posting End Date: 29 Nov 2024
*Job posting may come down early due to volume of applicants. We Value DiversityAt Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.
Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.
Applicants with DisabilitiesTo request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .
Drug and Alcohol PolicyWells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.
Wells Fargo Recruitment and Hiring Requirements:a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.
