Posted in

Senior Information Security Engineer – Control Management

Senior Information Security Engineer – Control Management

CompanyWells Fargo
LocationWestlake, TX, USA, Iselin, Woodbridge Township, NJ, USA, Charlotte, NC, USA, Columbus, OH, USA
Salary$84000 – $164400
TypeFull-Time
DegreesBachelor’s
Experience LevelSenior

Requirements

  • 4+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

Responsibilities

  • Collaborate with, guide and counsel Critical Infrastructure process and control owners for Control Assurance requirements, including identifying where controls reside, oversight of control documentation changes, evaluating effectiveness and functioning as liaison to control assurance teams in 1st and 2nd Lines responsible for Testing
  • Ensure a proper Critical Infrastructure profile of applicable regulations and associated controls as well as residual risks and compensating controls are maintained and continuously updated in appropriate systems of record on an ongoing basis
  • Establish the inventory of all relevant business processes, governance channels, internal testing, audit, regulatory engagements and prioritize internal preparation, review routines and the integration with RCSA as applicable
  • Establish regular routines with corporate risk, testing & validation and audit partners to provide transparency into business risk profile and trend
  • Conduct risk assessments to evaluate the adequacy and effectiveness of policies, procedures, processes, systems, technology, and internal controls
  • Provide reporting, written and verbal updates to Secure Network Services Leadership and Enterprise risk committees as issues/incidents arise that require escalation
  • Deploy automation strategies for encryption, tokenization and key management products and services including Hardware Security Modules, security appliances and security applications deploying in physical, virtual and containerized environments
  • Provide technical guidance and oversight to teams and team members responsible for product delivery and operational maintenance
  • Support company driven audits, gather evidence of compliance to company policies, and drive product enhancements, when needed, to remediate findings
  • Conduct technical investigation of incidents to identify causes and recommend future mitigation strategies
  • Support incident response, root cause analysis and corrective action activities.

Preferred Qualifications

  • Technical understanding of specific business operations, processes, products, and customer interactions where they manifest risk
  • Demonstrated capacity to pro-actively and independently analyze and solve problems and address risks with the business unit’s risk appetite and all risk and compliance program requirements
  • Support the execution and maintenance of RCSA program which includes: Identify risks applicable for the RAU. Ensure data is up to date. Identify items that are applicable to the RAU in the data provided. Identify risk drivers. Ensure process inventory is updated in the RCSA RAU
  • Assesses, documents, and communicates emerging risks, themes and identified control deficiencies to management and risk partners in a timely manner
  • Foster strong relationships with team and collaborate effectively. Ensures coordination with team, line of business, other business units, Audit, and regulators on risk related topics
  • Ensures internal collaboration with the team, line of business/partners
  • Interfaces internally with the team, line of business, and risk partners
  • Timely update, reporting and escalation of issues
  • Experience with DevOps and CI/CD automated build and deployment processes
  • Experience with application support in Linux and Windows server environments
  • Experience mentoring/guiding less experienced staff
  • Strong analytical skills with high attention to detail and accuracy
  • Advanced critical thinking, problem solving and technical troubleshooting abilities
  • Security certifications such as CISSP, GIAC or equivalent
  • Knowledge and understanding of implementing infrastructure upgrades, security patches, or version upgrades
  • Experience with and the ability to thrive in a complex and fast-paced technology and/or information security organization, within a large enterprise environment
  • Strong verbal, written, and interpersonal communication skills