Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume prior to submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as “Personal Cell” or “Cellular” in the contact information of your application.
At Wells Fargo, we want to satisfy our customers’ financial needs and help them succeed financially. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargo’s more than 70 million global customers.
The Application Information Security (AIS) domain team, as part of the Information and Cyber Security (ICS) group, sets application security strategy to help equip application development teams deliver highly functional applications that are secure and resilient to attacks. This is accomplished by developing policies, processes, and tools that enable development teams to proactively embed security into Wells Fargo-developed applications.
AIS is seeking an Information Security Consultant with experience managing the operations of an information security program to join the team. This position will support application security program oversight by managing activities related to application security programs reviews, self-assurance, risk analysis and communications. This includes documenting accurate business requirements to engage stakeholders as well as make process improvement recommendations.
In this role, you will specifically be responsible for organizing and participating in Application Security risk-based programs in order to identify, assess and mitigate operational risks associated with the AIS domain. You may direct, mentor, or manage less experienced staff.
Specifically, you will:
Evaluate and interpret application information security policies, processes and standards, and provides recommendations to improve them
Manage operations of risk-based programs associated with the AIS domain
Create and maintain application security risk awareness process and influence leaders in strategies to mitigate the risks
Maintain knowledge base of relevant AIS Domain information in accordance with the Information and Cyber Security standards
Influence control decisions by developing impactful communications to inform stakeholders on new or material changes to application security risks
Coordinates with 3rd party risk teams to manage application security risks within vendor solutions
Provide consultative services to stakeholders on new, emerging and/or most complex security issues and findings
Facilitate application security self-assurance activities and report self-identified issues in a timely manner
Participate in other team projects or group initiatives as needed
Collaborate with peers and partners across Wells Fargo Technology and Corporate Risk, leveraging strong relationship building skills
7+ years of information technology security experience
3+ years of Application Security experience
3+ years of Information Security Frameworks and standards (FFIEC, NIST, ISO) experience
Extensive knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices
Advanced Information Security technical skills
Ability to manage complex issues and develop solutions
Excellent verbal and written communication skills
Knowledge and understanding of security configuration management including: linking security policy with security configuration
3+ years of policy and strategy development experience
Knowledge and understanding of policy documentation creation
5+ years of policy and strategy development experience
Knowledge and understanding of software development life cycle (SDLC): all phases and types of testing
Knowledge and understanding of software development life cycle (SDLC): code control, build and deployment
Other Desired Qualifications
Ability to operate in a fast paced, high demand, environment while balancing multiple priorities
Ability to prioritize work, meet deadlines, achieve goals, and work under pressure in a dynamic and complex environment
MN-Minneapolis: 255 2nd Ave S - Minneapolis, MN
IA-West Des Moines: 800 S Jordan Creek Pkwy - West Des Moines, IA
IA-West Des Moines: 7001 Westown Pkwy - West Des Moines, IA
IL-Chicago: 10 S Wacker Drive - Chicago, IL
MA-Boston: 125 High Street - Boston, MA
NY-New York: 150 E 42nd St - New York, NY
PA-Philadelphia: 101 N Independence Mall E - Philadelphia, PA
NC-Raleigh: 1100 Corporate Center Dr - Raleigh, NC
MO-Saint Louis: 1 N Jefferson Ave - Saint Louis, MO
CA-SF-South Of Market Area: 45 Fremont Street - San Francisco, CA
AZ-Chandler: 2700 S Price Rd - Chandler, AZ