Skip to main content

Lead Information Security Analyst

About this role:

At Wells Fargo, we are looking for talented people who will put our customers at the center of everything we do. We are seeking candidates who embrace diversity, equity and inclusion in a workplace where everyone feels valued and inspired. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

Wells Fargo Information and Cyber Security (ICS) Vulnerability Operations team is looking for a Lead Info Security Analyst. Learn more about the career areas and lines of business at .

The Cyber Hygiene Vulnerability Operations team is a governance team aligned to the Information Security division within Wells Fargo Technology.  The team provides oversight of active enterprise-wide infrastructure vulnerabilities and facilitates their rapid research and subsequent remediation.  The team also owns the policy and regulatory controls surrounding delivery of this service for the company.

This particular role is responsible for shepherding vulnerabilities which need special handling/high-touch coordination to drive successful remediation. The role may also be responsible for additional vulnerability governance responsibilities as shifting demand requires.

Broadly, success is based on on-time delivery of the work, ability to drive resolution of challenges, and proactive escalation and visibility into items at risk or experiencing active issues.  This role will address deliverables by taking data and knowledge from many different sources and assembling it into a coherent package for affected teams to quickly digest the actions needed.  Use systems of records to merge, manipulate, analyze, and summarize data for senior leadership decision making.

In this role, you will:

  • Serve as co-executor of risk management controls vulnerabilities in partnership with the primary lead executor.
  • Perform and help support a strong understanding of actions needed through analysis of vulnerability data and assist with ad hoc guidance for situations where remediation is stalled. This includes collaborating with partners to create an outline for action steps to resolve the vulnerability.
  • Provide daily guidance to other team members involved in executing this control in a collaborative teamwork fashion.
  • Identify improvements and lead efforts to implement the improvements to control execution and underlying technology and procedures.
  • Develop an understanding of incoming work, identify the affected parties, communicate action needed concisely. 
  • Work with the remediation owners and relevant partners/leadership to provide guidance on actions required
  • Support leadership reporting with vulnerability-specific details on progress/plans to remediate and known issues/risks.
  • Proactively identify aging vulnerability risk and engage partners / escalate to leadership and relevant stakeholders to avoid aging.
  • Identify risk/issues and escalate/communicate with a sense of urgency to leadership and impacted stakeholders.
  • Serve as a subject matter expert on the vulnerability management system of record and perform user acceptance testing on system changes.
  • Craft communications and reports which provide transparency into progress and insight into problems or actions needed.
  • Retain evidence and artifacts demonstrating the quality of execution of this work in support of audit and control reviews and quality assurance assessments.
  • Support the Information Security program in governing vulnerability remediation across the Wells Fargo Technology organization.
  • Support the consistent implementation of the enterprise information security model and solutions to remediate information security risks around infrastructure vulnerabilities
  • Ensure that risks to all information assets are being managed in a timely and effective manner to meet the Information Security Program requirements and the current threat landscape
  • Ensure information security capabilities are included in all aspects of the company's technology architecture
  • Collaborate on vision and share expertise with more experienced leadership to support the evolution of innovative and significant business solutions that are large-scale, cross-functional, or companywide strategies
  • Pursue the necessary training and stay abreast of regulatory and compliance issues
  • Engage with all levels of professionals and managers companywide and serve as an experienced advisor to leadership
  • Consult with leadership and security peers and experts on complex security issues and findings.

Broadly, success is based on on-time delivery of the work, ability to drive resolution of challenges, and proactive escalation and visibility into items at risk or experiencing active issues.  To address deliverables, take data from many different sources and assemble it into a coherent package for affected teams to quickly digest the actions needed.  Use systems of records to merge, manipulate, analyze, and summarize data for senior leadership decision making.

Required Qualifications, US:

  • 5+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
  • 3+ years of advanced Excel data analysis including pivot tables, light macros, intermediate formulas
  • 2+ years of vulnerability management governance experience

    Desired Qualifications:

    • Demonstrated experience in analyzing governance, policy, compliance, and risk management practices
    • Ability to work and influence successfully within a matrixed environment and build effective business partnerships with all levels of team members
    • Ability to influence, partner, and negotiate with representatives of stakeholder teams to gain commitment to accomplish business goals
    • Ability to facilitate and lead meetings to reach conclusions, identify tasks, record actions, and achieve results
    • Problem solving and decision-making skills
    • Strong communication skills and ability to articulate complex material to a diverse audience
    • Strong analytical skills with high attention to detail and accuracy
    • Excellent verbal, written, and interpersonal communication skills
    • Advanced Microsoft Office (Word, Excel, Outlook, and PowerPoint) skills
    • Demonstrated experience in use of Sharepoint, ideally SharePoint Online/Teams
    • Demonstrated experience as an end user of Tableau
    • Demonstrated experience using Jira
    • Demonstrated experience using and creating content in Confluence
    • Demonstrated experience with Qualys
    • Demonstrated experience with QVRU and other Wells Fargo Vulnerability Management systems.
    • Demonstrated knowledge of Agile methodology
    • Knowledge of Common Vulnerabilities and Exposures (CVE)
    • Financial industry experience

    Job Expectations:

    • 0-5% travel for things such as annual offsite meetings
    • Work is generally performed onsite in a Wells Fargo hub location with ad hoc remote work as negotiated with manager

Pay Range

$96,600.00 - $171,800.00 Annual

We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Join our talent community

Learn about upcoming events and career opportunities at Wells Fargo

Join now
JK 1212 1236 B 4MP