Feb 22, 2020
Job Description Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume when submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as "Personal Cell" or "Cellular" in the contact information of your application. At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you. Corporate Risk helps all Wells Fargo businesses identify and manage risk. The team focuses on several key risk types, including conduct, credit, financial crimes, information security, interest rate, liquidity, market, model, operational, regulatory compliance, reputation, strategic, and technology risk. The group provides leadership, enhances communications, assists with problem identification and solutions, and shares best practices. In addition, the group provides an enterprise-wide view of risk, assists management and our Board of Directors in identifying and monitoring risks that may affect multiple lines of business, and takes appropriate action when business activities exceed the risk tolerance of the company. This role will be part of the broader Information Security Domain Oversight team within the Information and Information Security Risk Management oversight group with a focus on Cyber Defense Monitoring, Vulnerability and Patch Management. This function oversees the Front Line's information security controls and independently credibly challenges IS Domain risk decisions. Team reviews the execution of requirements by Information Security Domains (ISDs) to provide and maintain a consolidated view of effectiveness and sustainability for senior management while ensuring alignment to the Risk Management Framework. Specifically, it evaluates the ISDs on information security risks and controls across the enterprise to which the ISDs are held accountable, including policy, policy design monitoring, control design, execution and assurance. Operational Risk Officer - Cyber Defense Monitoring, Vulnerability and Patch Management We have a new opportunity for a seasoned information security SME within the Information Security Domain Governance team. The person selected for this position will be responsible for developing and implementing an oversight program over Cyber Defense Monitoring, Vulnerability and Patch Management Information Security Domains. The individual will be required to provide their independent assessment over topics including Security Monitoring and Event Detection, Information Security Incident, Cyber Attack Prevention, Threat Intelligence, etc. The role will monitor emergency vulnerabilities and patches and understand the residual risk for vulnerability management across the bank. Additionally, this individual will work closely with the Information Security Control Assurance and Information Security Oversight managers in addition to the broader TTIRO group to help develop a complete picture of enterprise oversight of the Cyber Defense and Vulnerability Management Information Security program. Outcome of these activities would result in written opinions, credible challenges, and define expected remediation. The role will be considered a technical SME in helping design Cyber Defense Monitoring, Vulnerability and Patch Management Domain and will cover aspects including risk, governance and maturity. Required Qualifications 7+ years of experience in risk management (includes compliance, financial crimes, operational risk, audit, legal, credit risk, market risk, IT systems security, business process management) or 7+ years of financial services industry experience, of which 5+ years must include direct experience in risk management Desired Qualifications Excellent verbal, written, and interpersonal communication skills Strong relationship development skills Strong analytical skills with high attention to detail and accuracy Other Desired Qualifications 5+ years of information technology or information security experience in one or a combination of the following: vulnerability management, cyber defense, infrastructure security, application or information system security including security monitoring and event detection Advanced Information Security technical skills with experience in vulnerability management and cyber defense including security monitoring and event detection, incident handling, cyber-attack prevention and threat intelligence Demonstrated operational risk and information security risk management experience, including information security assessment, mitigation solution design and implementation Ability to report findings and develop point of view or credible challenges to influence vulnerability management and cyber defense Domain Owners and Leadership to mitigate risk or improve domain governance and maturity Virtual leadership experience with ability to effectively drive results, provide feedback, and build/manage relationships with Domain Owners and SMEs in a geographically dispersed environment Knowledge and understanding of information security industry standards, framework and financial industry regulations (FFIEC, NIST, ISO, etc.) One or more of professional certifications: Certified Information Systems Security Professional, (CISSP), Certified in Risk and Information System Control (CRISC), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certification in Control Self-Assessment (CCSA), or other risk management discipline certifications Job Expectations Ability to travel up to 10% of the time Disclaimer All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act. Relevant military experience is considered for veterans and transitioning service men and women. Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.
Minneapolis, MN, USA