Information Security Risk Framework Consultant - ORC5

  • Competitive
  • Charlotte, NC, USA
  • Permanent, Full time
  • Wells Fargo US
  • 19 Sep 17

Information Security Risk Framework Consultant - ORC5

Job Description
It starts with you. Our goal is to attract, develop, retain and motivate the most talented people - those who care and who work together as partners across business units and functions. We value and promote diversity and inclusion in every aspect of our business and at every level of our organization.

You've got the passion. You've got the skills. Are you looking for the next opportunity to learn and grow? At Wells Fargo, we offer a supportive environment where team members can cultivate their careers and make a difference within our company and the communities we serve.

Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.

Enterprise Information Security's (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo's infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.


The EIS regulatory program is responsible for building, managing, and maintaining programs that ensure compliance to information security related regulatory requirements and industry standards. As part of managing these programs, team members must maintain constant awareness of financial regulatory and legal requirements material to Information Security (e.g., FFIEC, NIST, COBIT, ISO 27000, GLBA 501(b),) to ensure the Wells Fargo meets the requirements.

The regulatory program team members will analyze existing, new, and changing regulations to determine if current program elements are adequate, new elements are required or existing elements are now obsolete. If program changes are required, the team works with subject matter experts across the enterprise to identify business and technology requirements and provide structure and guidance over their implementation and ongoing management, promoting "strong" risk management principals and providing protection from and response to internal and external threats. The regulatory program also works extensively with groups across Enterprise Information Security to ensure work activities are compliant with regulatory requirements and industry expectations.

  • Identifying and assessing information security related risks to understand how they impact effectiveness or efficiency of the Information Security Program
  • Building or adjusting risk framework elements and integrating them into the enterprise risk management program and framework
  • Consulting with business units or other risk management areas to ensure program components meet business needs and follow the Corporate Risk Management Expectations
  • Influencing change and providing fact based data as rationale
  • Establishing and/or maintaining ways to measure program effectiveness
  • Managing change and designing, developing and delivering training opportunities
  • Providing guidance and coaching to less experienced consultants
Required Qualifications
  • 10+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or 10+ years of IT systems security, business process management or financial services industry experience, of which 5+ years must include direct experience in compliance, operational risk management, or a combination of both

Desired Qualifications
  • Advanced Microsoft Office skills
  • Excellent verbal, written, and interpersonal communication skills
  • Strong analytical skills with high attention to detail and accuracy
  • Ability to interact with all levels of an organization
  • Experience reviewing testing strategies and methodologies; evaluating the adequacy and effectiveness of policies, procedures, processes, initiatives, products and internal controls; and identifying issues resulting from internal and/or external compliance examinations
  • Experience developing, implementing and monitoring a risk-based compliance program to assure compliance with federal, state, agency, legal and regulatory requirements or providing oversight to a compliance function
  • Ability to influence and build relationships with LOB stakeholders, technology CIO leadership, external service providers, and architecture teams
  • Virtual leadership experience with ability to effectively drive results, provide feedback/direction, and manage and build relationships with leaders and team members in a geographically dispersed team environment
  • Meeting facilitation experience in leading discussions that result in consensus and commitment
  • Ability to identify inefficiencies, opportunities to streamline business processes, and implement change
  • 1+ year of information security experience
  • Information Security Frameworks and standards (FFIEC, NIST, ISO) experience
  • Experience preparing security risk assessments for Wells Fargo business and 3rd party service providers
  • Certified Internal Auditor (CIA), Certified Information Systems Auditor, (CISA) Certification in Control Self-Assessment (CCSA), Certified Information Systems Security Professional, (CISSP) or other risk management discipline certification

Other Desired Qualifications
  • Experience developing, implementing and monitoring risk-based metrics that depict levels of compliance at an enterprise and/or group level
  • Ability to report findings and develop business cases to influence executive management or management committee member/head of business on the need for controls to mitigate risk
  • Knowledge and understanding of consulting on complex issues related to information security, risk management or technology
    All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

    Relevant military experience is considered for veterans and transitioning service men and women.

    Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.