|Vacant position:||Info Security Consultant 5|
|Requirements for applicants:||
7+ years of information technology security experience
Extensive knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices.
Advanced Information Security technical skills.
Ability to manage complex issues and develop solutions.
Excellent verbal and written communication skills.
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC).
Strong analytical skills with high attention to detail and accuracy.
Ability to prioritize work, meet deadlines, achieve goals, and work under pressure in a dynamic and complex environment.
Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important.
Ability to work and influence successfully within a matrix environment and build effective business partnerships with all levels of team members.
Ability to maintain professional etiquette under pressure.
Financial services industry experience.
Advanced Microsoft Office (Word, Excel, Outlook, PowerPoint, and Access) skills.
Knowledge and understanding of platform technologies including network, distributed systems, desktop computing, voice, and threat management technologies.
Ability to identify risk factors and provide alternatives to mitigate.
Knowledge and understanding of information security risk assessment procedures, risk mitigation or remediation.
Knowledge and understanding of threat analysis and assessment of potential and current information security risk/threats.
Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO).
Other Desired Qualifications
7 years direct information technology experience in multiple disciplines, such as engineering, technology implementations, architecture and design, analysis and configuration, site reviews/risk assessments, and/or audit.
The EIS organization is responsible for implementing and monitoring a risk-based program to identify and mitigate information security risks that arise from inadequate or failed internal processes, systems or external events or may provide oversight of an operational risk program. The group also participates in and provides consulting and support for projects and initiatives to identify and mitigate operational risk in business activities.
Provides advanced information security consultation for all aspects of information security policy, risk management, and remediation. Directs, participates in and reviews all aspects of information security risk assessment and analysis, recommends remediation plans and strategies. The Information Security Consultant (ISC) is a skilled position that requires the incumbent to be able to assess information technology security risks as relates to information assets. This includes performing IT risk assessments through discovery with Subject Matter Experts (SMEs), writing and/or updating Security Plan narratives, conducting risk analysis, and recommending remediation options and creating action plans for high and/or medium risks. The ISC will coordinate with vendor managers on third-party assets to manage information security risks and provide consultative services to stakeholders on new and emerging information security issues and findings. The ISC will act as an SME with Wells Fargo Audit Services and other enterprise stakeholders; evaluate and interpret internal and enterprise information security policies, processes and standards, and provide recommendations to improve or modify the policy or control. The candidate may direct, mentor, or manage less experienced staff.
Key job responsibilities (essential position functions)
Information Security Consultant (ISC) is the information security risk expert supporting their assigned line of business and is responsible for working with management in his or her supported business to ensure compliance with the information security program and the Corporate Information Security Policy.
The Information Security Consultant is responsible for assessing the information asset and completing the information security risk assessment.
The ISC is responsible for facilitating remediation planning and ensuring that identified risks are properly addressed.
The ISC is responsible for developing the risk mitigation action plans by engaging with the technology teams, security architecture and engineering teams.
The ISC is responsible for ensuring that the business and technology teams are properly informed of the identified risk(s).
The ISC is responsible for reporting on identified gaps or risks and tracking remediation activities throughout the lifecycle.
The ISC is responsible for ensuring compliance from their supported line of business with the Information Security Program and the Information Security Risk Assessment team.
The ISC will partner with the Governance and Operational Risk teams to support the Line of Business in identifying, assessing, mitigating and managing information security risks.
The ISC will provide credible challenge, as appropriate, with supporting documentation.
The ISC is responsible for identifying and tracking risk associated with the protection of information.
Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume when submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as “Personal Cell” or “Cellular” in the contact information of your application.
This is a great opportunity to join the Enterprise Information Security (EIS) security team.
The preferred locations are posted, ability to go into the office 50% of the time is required. Other Wells Fargo hub locations within growth markets may be considered if candidates are not identified in the posted cities/states.
AZ-PHX-Northwest Phoenix: 2222 W Rose Garden Ln - Phoenix, AZ