Wells Fargo & Company is a diversified financial services company providing banking, insurance, investments, mortgage, and
consumer and commercial finance through more than 9,000 stores and 12,000 ATMs and the Internet (wellsfargo.com
and wachovia.com) across North America and internationally.
We’re headquartered in San Francisco, but we’re decentralized so every local Wells Fargo store is a headquarters for satisfying all our customers’ financial needs and helping them succeed financially. One in three households in America does business with Wells Fargo. Wells Fargo has $1.3 trillion in assets and approximately 275,000 team members across our 80+ businesses. We ranked fourth in assets and second in market value of our stock among our U.S. peers as of June 30, 2011.
Our vision: “We want to satisfy all our customers’ financial needs and help them succeed financially.”
Learn More about Wells Fargo
Wells Fargo Audit & Security is looking to fill an IT Senior Audit Leader position to perform audits of information security technologies, processes, and related activities. Key job responsibilities for this position include the following:
• Leads execution of the audit process (primarily as in-charge or as engagement supervisor) and mentors more junior team members. May also participate in audits (under the direction of another lead auditor) to provide subject matter knowledge/skills and/or to design and conduct tests of internal controls.
• Often leads multiple concurrent projects that are generally moderate to large in size and moderate to high in complexity; when leading audits, develops and applies leadership and project management skills, by identifying project tasks and assigning them to audit resources and by ensuring that projects are executed according to budgets and schedules; provides performance feedback and coaching to less experienced auditors.
• Develops valuable and trusting relationships with internal business partners by executing efficient audit work and offering suggestions to enhance risk management based on an enterprise-wide view of technology risk management.
• Demonstrates strong subject matter knowledge in critical areas of technology including operating systems, networks, and application processing environments; identifies and assesses key risks and controls and develops effective test plans for engagements as assigned with limited guidance; documents work in accordance with professional and corporate quality standards; participates in the evaluation of information security policies, standards, procedures, and guidelines for multiple platforms and diverse system environments (e.g. distributed, client-server, and web-based applications).
• Demonstrates professional skepticism; presents audit results in an objective and unbiased manner; writes opinions reflecting relevant facts that lead to logical conclusions; escalates significant risks and loss exposures to appropriate levels of management; drafts final audit reports for review by the Engagement Supervisor or IT Senior Audit Manager; presents technical information clearly and succinctly to a wide variety of audiences.
• Exercises superior judgment when evaluating the business impact and significance of audit findings, identifying mitigating controls and other factors and assessing whether residual risks are consistent with risk tolerance and prudent risk management
* Basic Qualifications: Strong analytical and problem solving skills - ability to analyze security risks and requirements and relate them to appropriate security controls.
6+ years audit experience.
* Minimum Qualifications:
- At least 6 years of progressive experience in Information Technology, IT Audit, or Information Risk Management with at least 3 years of experience in Information Security (e.g., security audit, security program management, security compliance management, network security, application security, security consulting, security analysis and risk assessment), preferably in banking or financial services.
Ability to work effectively independently and with a team.
Effective verbal and written communications skills; ability to effectively present complex information and respond to questions from groups of managers and colleagues
High energy self-starter who thrives in large, complex environments and challenging situations; must have the ability to adapt to change quickly and adjust work in a positive, professional manner; ability to work in a dynamic environment with multiple time constraints
Ability to travel as needed up to 20%
* Preferred Skills:
Bachelors degree in computer science, information technology, engineering, business, information systems, or related discipline.
In depth knowledge of Microsoft Windows Active Directory, LDAP, Internet and network security technologies such as: TCP/IP, firewalls, routers, switches, IDS/IPS, Anti-Virus, SIEM, Web Proxy, VPN, Encryption technologies, products, etc. Experience looking for security vulnerabilities such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc. Familiarity with server, network, database, and application security hardening. Knowledge of core IT management processes (e.g., Configuration Management, Change Management, IT Operations).
Experience with Network Security and Auditing tools a plus
Experience with Windows and Active Directory Auditing tools a plus
Experience analyzing and prioritizing threats and vulnerabilities; developing and implementing information security policies, standards, procedures, and guidelines to prevent unauthorized use, release, modification, or destruction of data; and/or conducting information security reviews and risk assessments
Knowledge of information security management frameworks (e.g. COBIT, ISO 2700x, ITIL, NIST)
Related professional certification (e.g., CISSP, CISA, CISM)
|For your privacy and protection, when applying to a job online:|
Never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn More >>
By applying to a job using CareerBuilder.com you are agreeing to comply with and be subject to the CareerBuilder.com Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.