Senior Information Security Analyst @ Wells Fargo

About the Role

Wells Fargo is seeking a Senior Information Security Analyst in the area of Information and Cyber Security for the Technology Third Party Governance function. The role activities includes Identifying, Analyzing and responding to Incidents related to third party service providers.

Key Responsibilities

• Lead the continued evolution of Third-Party Incident management and rapid response capabilities and processes.
• Record, monitor, report, escalate and track remediation of Incidents and drive them towards closure.
• Work with cross-functional teams in managing Incidents to ensure that IT systems are operating as designed and that they contain adequate controls.
• Responsible for attending and leading calls with Cyber security teams and other key stakeholders to assess the incident.
• Responsible for participating in requirements gathering, UAT for any new tools/Applications used by the team
• Advises IT and business executives on the status of Cyber Security Incidents and compliance issues based on assessment results and information from various discovery sources, monitoring, and control systems.
• Manage the remediation of gaps through oversight, follow-up and escalation and validate the remediation performed to ensure the gaps are closed.
• Provide subject matter expertise in the Third-Party Incidents Management program and provide timely solutions to identified problems
• Develop Operational metrics reports on a weekly/monthly frequency.
• Evaluate the existing process and generate ideas to enhance effectiveness and efficiency of the process
• Analyze the data related to incident findings and present meaningful views to relevant stakeholders on the trends and patterns of control gaps.

Required Qualifications

• 8+ years of experience working in Information Security
• 4+ Years of experience in Incident management/Third Party Risk Management
• Bachelor or Masters degree in IT (Computer Science)/ Engineering or respective knowledge through experience.
• Extensive experience within an enterprise scale organization including hands on experience in Information Security Risk analysis
• Experience in communicating technical issues to diverse audience.
• Good Knowledge and demonstrated experience in analysis and dissection of advanced attacker tactics, techniques, and procedures.
• Industry recognized Certifications in Cybersecurity like COMPTIA+, CISSP or other specialized security certifications would be added advantage.
• Demonstrate broad security knowledge across common industry security policy bodies. These may include ISO, NIST, COSO, COBIT, PCI, FFIEC, SOX, SSAE16, and others
• Excellent writing and verbal communication skills, interpersonal and presentation skills, and the proven ability to influence and communicate effectively.

• Demonstrated experience in stakeholder management
• Demonstrated experience of conflict resolution, negotiation and problem identification and solving skills.
• Demonstrated experience in managing complex projects related to information security.