This job has expired and you can't apply for it anymore. Start a new search.

Information Security Site Review Analyst

Job Description


Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.

Enterprise Information Security’s (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo’s infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.


Note: This position can sit at any core Wells Fargo location or telecommute.

Are you an Information Security expert with hands-on technology experience in the areas like network engineer and/or application development? Do you like to travel 75% or more? If so, this may be the career for you. In order to keep pace with the evolving technology and information security threat landscape, a successful candidate for this position will have a well-rounded technical background with previous hands on technical and/or engineering experience coupled with an in depth understanding of information security principles, and controls. A Security Risk Consultant with the Site Review Team interacts with third party service provider’s engineers, administrators, and architects in highly technical discussions as part of the risk assessment process and must be able to translate this information to non-technical individuals in oral and written formats. If you like the security of a standard set of processes but enjoy the experience of traveling and a changing landscape with each engagement, this may be the career opportunity you have been looking for.

The Site Reviews are performed on-site; therefore the position requires travel and may include international travel as necessary. The travel schedule consists of a two weeks travel, one week off rotation. Travel is typically Monday through Friday and may consist of the full week or part of the week depending on the scope of the assessment to be performed. Weekend travel is not required. The team is geographically dispersed across the United States and India and works in a virtualized environment. The position is open to locations in the lower 48 states, but must be near major airport due to extensive travel.

Consultants on this team assess a broad range of information security controls (i.e. physical, administrative, and technical controls) to determine the information security risk to Wells Fargo. The assessments (Site Reviews) span multiple information security domains including, but not limited to:

  • Physical and Environmental Security
  • Encryption
  • Incident Management
  • Network Security Configuration and Management
  • Access Control
  • Application Architecture and Security

The primary responsibilities will include:

Conduct assessments of third/fourth party vendors

Documenting assessment results and writing assessment reports for key stakeholders in conjunction with the Wells Fargo Information Security Risk Assessment Program.

Meeting with Line of Business customers to discuss assessment results

Required Qualifications

  • 6+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or 6+ years of IT systems security, business process management or financial services industry experience, of which 3+ years must include direct experience in compliance, operational risk management, or a combination of both
  • 3+ years of information security experience

Desired Qualifications

  • Advanced Microsoft Office skills
  • Excellent verbal, written, and interpersonal communication skills
  • Strong analytical skills with high attention to detail and accuracy
  • Ability to interact with all levels of an organization
  • Knowledge and understanding of information security risk assessment procedures, risk mitigation or remediation
  • Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO)
  • Knowledge and understanding of vulnerability assessment or penetration testing
  • Ability to learn and assimilate information from multiple people and sources
  • Ability to work effectively, as well as independently, in a team environment
  • Ability to work in a fast paced deadline driven environment

Other Desired Qualifications
  • 5+ years’ experience in information security risk assessment (risk assessment vs. audit. Looking at different domains, internal and risk)Previous experience authoring risk assessment reports
  • Previous 3rd party risk assessment experience
  • Ability to accommodate a travel on a 2 week on the road, one week off schedule AND must be located near a major airport. MAY CONSIDER OTHER LOCATIONS.
  • Experience assessing information security programs
  • Previous experience administering and/or assessing Cloud and Virtualized environments
  • Previous experience administering and/or assessing Mobile applications
  • Understanding of Wells Fargo Information Security Policies, Baselines and Control Standards.
  • Understanding of Wells Fargo’s ISRA process.
  • Degree in Information Security or related field
  • Related Information Security Certification (e.g. CISSP, CISA, GIAC, etc.)
  • Ability to effectively communicate with peers, customers, vendors, engineers, administrators and various levels of management

    All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

    Relevant military experience is considered for veterans and transitioning service men and women.

    Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.