Lead Information Security Analyst

Company: Wells Fargo
Location: Charlotte
Posted on: May 27, 2023

Job Description:

About this role:Wells Fargo is seeking a Lead Information Security Analyst.In this role, you will:* Provide advanced information security consultation for all aspects of information security compliance policy, risk management, and remediation* Direct information security risk assessment and research, and recommend remediation plans and strategies* Influence stakeholders on net new or on material changes to an asset to influence control decisions* Provide consulting on security risk assessment and research, and recommend remediation plans and strategies* Act as more experienced lead to the organization to develop security risk awareness and mitigating actions* Consult the organization on complex security issues and findings* Manage the most complex and critical information assets* Evaluate and interpret internal and companywide information security policies, processes, standards, and participate with more experienced leaders in decision making on information security* Serve as information security lead to advise on the development and delivery of Information Security Education and Awareness* Collaborate and consult with peers, colleagues, and mid-level to more experienced managers to resolve issues and achieve goals* Lead projects and teams* Coordinate with vendor manager on third party assets to manage information security risks* Serve as a mentor to less experienced staff* Be a part of a highly skilled team of IT Third Party Management professionals to align and execute the Third-Party Service Provider policy on behalf of the Technology organization* Apply business-oriented expertise to the management of the third-party service provider engagements/relationships* Thoroughly understand the third-party service provider engagement/relationship, including all service and products provided* Evaluating need for a third party and gaining necessary approvals, submission of the Service Engagement Request (SER), responding to Candidate Record and Engagement Criteria Overview (ECO), reviewing, and confirming accuracy of the SCM COE completion of TRIMS records* Provide business responses to Inherit Risk Questionnaires (IRQ) and confirm accuracy with Supply Chain Management (SCM) COE, understand the inherent risk level, provide business information on the Financial Impact Questionnaire (FIQ), confirm critical activities and gain Board approval where necessary. Assist SCM COE with development of action plans to mitigate residual risk if/as needed, develop Exit & Replacement strategies, and identify material sub-contractors if applicable* Work with SCM on execution of contract and ensuring business objectives are achieved (i.e. price, SLAs, etc.), document performance metrics (contractual and otherwise) along with frequency and success criteria, confirm metrics in the Performance Metric Tracker entered by SCM COE* Monitoring and Oversight: Provide support for vendor recertification ensuring IRQ/FIQ questions are answered accurately and updated for any changes, confirm critical activities, monitor vendor compliance including performance and address any non-compliant issues. Conduct business reviews with third parties and internal stakeholders, creation of vendor scorecard and reporting, escalate material, work with SCM COE to re-assess all domains (e.g. BCP, Exit & Replacement, Customer Facing, Anti-Bribery, Security Evaluations, Compliance, etc.), document and submit risk acceptance, create action plans were needed, execute action plans and report progress, review performance and address performance failures* Document business rational for termination and notify all stakeholders, assist with completion of termination checklist with SCM COE and ensure completion of termination activities* Contribute and provide feedback on third party service provider policies, processes, strategies, and make program recommendations* Creation of reporting and third-party service provider scorecard; along with facilitating/leading various business and vendor reviews* Appropriately identifying escalating and addressing issues, when necessary* Building strong partnership and collaborating effectively with Supply Chain Management (SCM), Third Party Program (TPP), Group Third Party Officers (GTPO), and other technology risk team members to ensure appropriate oversight and governance of third-party service providers.Required Qualifications:* 5+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, educationDesired Qualifications:* 4+ years of vendor management/third party service provider relationship management experience* Candidate must have 3+ years of experience in one or more functional areas: Technology, Vendor Management, Compliance, Operational Risk Management, Project Management, or Business Operations* Contract management experience* Familiarity with third-party risk regulatory requirements and industry practices* Strong understanding of vendor management principles and practices* Prior experience within IT department and knowledge of IT products/services* Proven analytical and quantitative skills, including financial analysis abilities* Problem resolution abilities* Ability to analyze data and provide actionable insights* Demonstrated ability to operate within a team environment and strong interpersonal skills* Ability to be adaptable and multi-taskPay Range$133,300.00 - $237,100.00 AnnualBenefitsWells Fargo provides all eligible full- and part-time employees with a comprehensive set of benefits designed to protect their physical and financial health and to help them make the most of their financial future. Visit Benefits - Wells Fargo Careers for an overview of the following benefit plans and programs offered to employees.* 401(k) Plan* Paid Time Off* Parental Leave* Critical Caregiving Leave* Discounts and Savings* Health Benefits* Commuter Benefits* Tuition Reimbursement* Scholarships for dependent children* Adoption ReimbursementWe Value DiversityAt Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.Drug and Alcohol PolicyWells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.

Keywords: Wells Fargo, Charlotte , Lead Information Security Analyst, Professions , Charlotte, North Carolina