[Skip To Content]

Lead Information Security Engineer Controls

About this role:

Wells Fargo is seeking a motivated Lead Information Security Engineer to join an exciting, fast paced team working on cutting edge encryption, tokenization and key management technologies that are leveraged to protect information companywide.  This role will provide technical leadership and be an individual contributor to teams that design, deploy, and operationally maintain cryptographic products and services including Hardware Security Modules (HSMs) and security appliances. The ideal candidate will have demonstrated experience in the design and deployment of cryptographic products in physical, virtual, and containerized environments with a deep understanding of Process, Risk and Control and experience with Risk Control Self Assessments (RCSA). The ideal candidate will also have demonstrated experience in automating processes including product builds, operational maintenance, and customer integration and onboarding.  This role reports directly to the Technology Director of Critical Infrastructure within Secure Network Services.

In this role, you will:

  • Collaborate with, guide and counsel Critical Infrastructure process and control owners for Control Assurance requirements, including identifying where controls reside, oversight of control documentation changes, evaluating effectiveness and functioning as liaison to control assurance teams in 1st and 2nd Lines responsible for Testing.

  • Ensure a proper Critical Infrastructure profile of applicable regulations and associated controls as well as residual risks and compensating controls are maintained and continuously updated in appropriate systems of record on an ongoing basis.

  • Establish the inventory of all relevant business processes, governance channels, internal testing, audit, regulatory engagements and prioritize internal preparation, review routines and the integration with RCSA as applicable.

  • Establish regular routines with corporate risk, testing & validation and audit partners to provide transparency into business risk profile and trend.

  • Establish a formal communication channel to broadcast risk program updates, risk profiles, policy updates and other key risk program information to the senior leaders of all coverage areas.

  • Lead Critical Infrastructure RCSA process(s) and activities and related feeder/governance meetings.

  • Establish and update regular risk reports for communication of risk ratings, issues, and key topics.

  • Conduct risk assessments to evaluate the adequacy and effectiveness of policies, procedures, processes, systems, technology, and internal controls.

  • Report risk assessment findings through corporate risk reporting channels and develop business cases to influence control owners and business sponsors on the need for additional or improved controls to mitigate risk as applicable.

  • Provide reporting, written and verbal updates to Secure Network Services Leadership and Enterprise risk committees as issues/incidents arise that require escalation.

  • Drive design, deployment and automation strategies for encryption, tokenization and key management products and services including Hardware Security Modules, security appliances and security applications deploying in physical, virtual and containerized environments.

  • Provide technical guidance and oversight to teams and team members responsible for product delivery and operational maintenance.  

  • Support company driven audits, gather evidence of compliance to company policies, and drive product enhancements, when needed, to remediate findings.

  • Conduct technical investigation of incidents to identify causes and recommend future mitigation strategies.

  • Collaborate across Wells Fargo teams, including compliance, security architecture and security evaluation teams to ensure cryptographic products are compliant to company policies.

  • Work with vendors to understand the technology vendor's roadmap, help to influence that roadmap, and ensure requests for technology/product enhancements are meeting the needs of Wells Fargo.

  • Work with partner engineering teams on identification and remediation of security vulnerabilities and may also conduct risk assessments of infrastructure to ensure compliance with corporate security policies and adherence to best practices.

  • Support incident response, root cause analysis and corrective action activities.

Required Qualifications:

  • 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education.

  • 4+ years of Risk Management and Financial Services Industry experience, or equivalent experience demonstrated through one or a combination of the following: work experience, training, military experience, education.

  • 4+ years working with audit and risk and control partners to identify issues, establish corrective actions and control procedures to remediate risk in the technology product area.

  • 3+ years of experience with encryption or tokenization and key management technologies.

  • Advanced Knowledge of Cryptographic protocols & algorithms.

  • Knowledge and understanding of implementing infrastructure upgrades, security patches, version upgrades for systems, appliances and Hardware Security Modules.

  • Experience with Agile Scrum or Kanban methodologies.

  • Proven experience with change and incident management practices in medium to large enterprise environments.

Desired Qualifications:

  • 4+ years of intermediate to advanced level experience with scripting/automation using tools such as: Bash, PowerShell, Python, Ansible, VBScript, or JavaScript, UI path, etc.

  • Experience with Hardware Security Modules, such as Thales, Entrust, Futurex or Fortanix.

  • Technical understanding of specific business operations, processes, products, and customer interactions where they manifest risk.

  • Ability to conceptualize, develop, and deliver quality analysis and highly actionable management information.

  • Demonstrated capacity to pro-actively and independently analyze and solve problems and address risks with the business unit’s risk appetite and all risk and compliance program requirements.

  • Experience developing, evaluating, and validating corrective actions to ensure sustainability and adequacy in risk mitigation.

  • Support LOB RCSA Affirmation process(s) and related feeder/governance meetings.

  • Support the execution and maintenance of RCSA program which includes:

    • Identify risks applicable for the RAU.

    • Ensure data is up to date.

    • Identify items that are applicable to the RAU in the data provided.

    • Identify risk drivers.

    • Ensure process inventory is updated in the RCSA RAU

  • Assesses, documents, and communicates emerging risks, themes and identified control deficiencies to management and risk partners in a timely manner.

  • Foster strong relationships with team and collaborate effectively. Ensures coordination with team, line of business, other business units, Audit, and regulators on risk related topics.

  • Ensures internal collaboration with the team, line of business/ partners.

  • Interfaces internally with the team, line of business, and risk partners.

  • Timely update, reporting and escalation of issues.

  • Experience in evaluating the adequacy and effectiveness of policies, procedures, processes, systems and internal controls; additional experience analyzing business and/or systems changes to determine impact.

  • Experience with DevOps and CI/CD automated build and deployment processes.

  • Experience with Puppet/Chef/Ansible or similar automation tools.

  • Public cloud engineering or support experience.

  • Experience performing technical product assessments, including development of implementation plans, in a large enterprise.

  • Advanced critical thinking, problem solving and technical troubleshooting abilities.

  • Security certifications such as CISSP, GIAC or equivalent.

  • Knowledge and understanding of implementing infrastructure upgrades, security patches, or version upgrades.

  • Experience with and the ability to thrive in a complex and fast-paced technology and/or information security organization, within a large enterprise environment.

Job Expectations:

  • Ability to travel up to 10% of the time.

  • Ability to work onsite in the office in a hybrid model.

Pay Range

$111,100.00 - $237,100.00


Wells Fargo provides all eligible full- and part-time employees with a comprehensive set of benefits designed to protect their physical and financial health and to help them make the most of their financial future. Visit Benefits - Wells Fargo Careers for an overview of the following benefit plans and programs offered to employees.

  • 401(k) Plan
  • Paid Time Off
  • Parental Leave
  • Critical Caregiving Leave
  • Discounts and Savings
  • Health Benefits
  • Commuter Benefits
  • Tuition Reimbursement
  • Scholarships for dependent children
  • Adoption Reimbursement

Posting End Date:

29 Feb 2024

*Job posting may come down early due to volume of applicants.

We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.

Applicants with Disabilities

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo.

Drug and Alcohol Policy


Wells Fargo maintains a drug free workplace.  Please see our Drug and Alcohol Policy to learn more.

Rejoignez notre communauté de talents

En savoir plus sur les événements à venir et les opportunités de carrière chez Wells Fargo.

Rejoignez vous
JK 1212 1236 B 4MP