About this role:
Wells Fargo is seeking a Lead Information Security Analyst. This role is an individual contributor position that's part of a team responsible for the assessment and adoption of Information Security Identity and Access Management (IAM) controls. The IAM organization owns and operates manual and automated controls to manage enterprise risk and reduce inappropriate access for organizational users. Frequent changes and updates to leveraged technology requires regular review of controls to confirm effectiveness as well as relevancy. Keeping abreast of changing risk, internal policy and regulatory landscape is critical to this role as well. Engaging with internal lines of defense, key business and technology stakeholders, and control owners/operators is part of the daily routine for this position. As a Lead Information Security Analyst - IAM Controls resource, you will be responsible for the assessment, adoption and oversight of IAM operated controls related to IAM products and services. You must be able to demonstrate in-depth knowledge of IAM controls and supported processes/procedures, risk assessment and controls testing methodologies across 3 lines of defense, and compliance and operational processes which includes successfully facilitating and completing associated deliverables. Knowledge of IT/IS control frameworks such as COSO, CoBIT, FFIEC and NIST is strongly encouraged as part of the benchmarking process that must also be supported by this role. This role is also responsible for the identification and escalation of emerging risks resulting from controls test findings, including providing input to control design/execution along with control administration changes. Partnership and collaboration with enterprise Risk and Control System (SHRP) administrators is necessary to ensure that controls are kept up-to-date, testing results are recorded and any findings are validated and have requisite remediation action plans. Familiarity with Risk and Control Self-Assessment (RCSA) processes and practices is foundational to ensure that IAM Controls resource has thorough understanding of how operational risks and the effectiveness of controls are assessed and examined. In this role, you will:
Required Qualifications, US:
- Maintain an advanced awareness of bank security policies and government regulations pertaining to information security
- Formulate and implement information security solutions and controls
- make decisions and resolve issues regarding changes to information security policy, standards, and procedures as needed for systems, applications and tool
- Provide advanced information security consultation for all aspects of information security compliance policy, risk management, and remediation
- Direct information security risk assessment and research, and recommend remediation plans and strategies
- Influence stakeholders on net new or on material changes to an asset to influence control decisions
- Provide consulting on security risk assessment and research, and recommend remediation plans and strategies
- Act as more experienced lead to the organization to develop security risk awareness and mitigating actions
- Consult the organization on complex security issues and findings
- Manage the most complex and critical information assets
- Evaluate and interpret internal and companywide information security policies, processes, standards, and participate with more experienced leaders in decision making on information security
- Serve as information security lead to advise on the development and delivery of Information Security Education and Awareness
- Collaborate and consult with peers, colleagues, and mid-level to more experienced managers to resolve issues and achieve goals
- Lead projects and teams
- Coordinate with vendor manager on third party assets to manage information security risks
- Serve as a mentor to less experienced staff
- 5+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
- 3+ years of IAM (Identity and Access Management) experience
- 2+ years of process improvement experience
- 3+ years of Microsoft office suite experience such as PowerPoint, Excel, Outlook and Word
- 5+ years of experience working with information security controls and deployments in a production environment
- 3+ years of IAM (Identity and Access Management) experience with application on-boarding, certifications or role management.
- 1+ years of information security architectural design and consulting experience
- Experience communicating and presenting complex information to multiple levels of the organization
- Strong time management skills and ability to meet deadlines
- Ability to work effectively, as well as independently, in a team environment
- Experience with synthesizing data from multiple sources and presenting it in appropriate formats
- Knowledge and understanding of information security management, audit, compliance and risk.
- Knowledge and understanding of financial services industry: compliance, risk management or audit operations
- Knowledge Information Security Frameworks and standards (FFIEC, NIST, ISO) experience
@RWF22We Value Diversity
At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.
- Architectural Design
- Business Process Improvement
- Cash Or Share Options