Wells Fargo is seeking a Lead Information Security Analyst. This resource will lead a policy governance body of work to identify, formulate, and implement complex Cybersecurity policies, procedures, and controls for Cybersecurity. In so doing, this resource will support execution of the 2024 strategic initiative to implement Policy Simplification across all Cybersecurity policy stacks (and Policy Modernization in 2025) while partnering and influencing across the Cybersecurity policy stakeholder community, including Cybersecurity technical domains, Business Information Security Officers (BISO), Chief Information Officers, front line risk management, and the Enterprise Policy Office.
In this role, you will:
Provide advanced information security consultation for all aspects of information security compliance policy, risk management, and remediation
Direct information security risk assessment and research, and recommend remediation plans and strategies
Influence stakeholders on net new or on material changes to an asset to influence control decisions
Provide consulting on security risk assessment and research, and recommend remediation plans and strategies
Act as more experienced lead to the organization to develop security risk awareness and mitigating actions
Consult the organization on complex security issues and findings
Manage the most complex and critical information assets
Evaluate and interpret internal and companywide information security policies, processes, standards, and participate with more experienced leaders in decision making on information security
Serve as information security lead to advise on the development and delivery of Information Security Education and Awareness
Collaborate and consult with peers, colleagues, and mid-level to more experienced managers to resolve issues and achieve goals
Lead projects and teams
Coordinate with vendor manager on third party assets to manage information security risks
Serve as a mentor to less experienced staff
Lead one or more complex Cybersecurity policy governance areas
Align policy area scope and deliverables to strategic and transformational goals
Develop and evolve Cybersecurity policy governance program strategy to scale with Cybersecurity organizational growth
Develop and execute Cybersecurity policy governance annual activities considering inputs across Cybersecurity domain functions and key stakeholder groups
Plan and coordinate with PGO teammates to support on-time delivery of deliverables across all programs
Drive the successful completion of programs to achieve business goals, including timely identification, escalation, and remediation of risks and issues that impact program execution and delivery
Enhance and maintain knowledge of Wells Fargo's expectations for program and change management, including policies, processes, procedures and tools for program delivery
Maintain and employ knowledge of industry best practices for program and change management, including agile methodology
Deliver periodic business and operating reports, including identification and remediation of execution or other risks and issues, retrospective reviews, and lessons learned
Build strong relationships with program sponsors, business partners, and key stakeholders
Coordinate, facilitate, negotiate, and influence cross-functional macro-level topics with key stakeholders and senior management
Deliver clear, concise, and actionable communication to various levels of organization on a timely basis to ensure effective understanding, decision-making, and execution
Required Qualifications:
5+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
Desired Qualifications:
3+ years of experience managing cyber policy governance, including drafting policy; or 3+ years of cyber governance is highly desired
4+ years' experience with identity and access management, infrastructure security, cryptography, certificate and key management, data loss prevention, information protection, cloud governance, or incident response
4+ years' experience in the development and management of complex programs spanning multiple technology, Cybersecurity, or large banking operations
4+ years of experience in financial services or other highly regulated industry; knowledge of the financial services regulatory environment
4+ years experience change management principles (e.g., ADKAR) and developing and implementing change management strategies
4+ years of Technical Writing experience
Knowledge of COBIT, FedRamp, FFIEC, ISO, MITRE, NIST, CRI and other key industry frameworks and authoritative sources
Functional experience across two or more Cybersecurity domains (e.g., infrastructure security, cryptography, identity and access management, data loss prevention)
Experience with developing and presenting business management materials to senior management and governance committees
Strong critical thinking skills, consistent attention to detail, and ability to meet deadlines amidst competing priorities
Advanced level leadership, communication, relationship building, negotiating, and influencing skills
Advanced proficiency in MS Word, Excel, and PowerPoint
Experience with agile methodology and Atlassian suite of products (e.g., Confluence, Jira)
Experience with data aggregation and reporting tools (e.g., Tableau)
Job Expectations:
This is not a remote position. Candidates are required to work in the office three (3) days per week at the specified location
Wells Fargo cannot consider individuals for this role who will require immigration assistance either now or in the future
Posting End Date: 17 Nov 2024 *Job posting may come down early due to volume of applicants.
We Value Diversity
At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.
Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.
Applicants with Disabilities
To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .
Drug and Alcohol Policy
Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.
Wells Fargo Recruitment and Hiring Requirements:
a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.