Cloud Security Control Framework and Governance Technology Business Services Executive
Employment Type: Full-Time
About Wells Fargo
Wells Fargo & Company (NYSE: WFC) is a leading financial services company that has approximately $1.9 trillion in assets and proudly serves one in three U.S. households and more than 10% of all middle market companies and small businesses in the U.S. We provide a diversified set of banking, investment and mortgage products and services, as well as consumer and commercial finance, through our four reportable operating segments: Consumer Banking and Lending, Commercial Banking, Corporate and Investment Banking, and Wealth and Investment Management. News, insights and perspectives from Wells Fargo are also available at Wells Fargo Stories
Information & Cyber Security
Information & Cyber Security (ICS) is a part of Wells Fargo Technology. ICS is responsible for protecting the company from cyber threats, engaging with Wells Fargo businesses, assessing information security risk, providing identity services, performing security engineering, and operating the ICS function.
ICS pioneers solutions to secure customer information and enable our partners. This group's mission is to deliver seamless security for stakeholders by empowering the team to manage risk and provide proactive, innovative, and resilient solutions.
The Cloud Security team is accountable for execution of the cloud security technology strategy in support of the company's hosting strategy, which encompasses cloud and virtualization infrastructure services both on premises and external. The Principal Cloud Security Engineer is responsible for influencing and informing Technology's hybrid cloud computing security strategy, security roadmap, prioritization, and delivery of security controls and services across our hosting environments, focusing on infrastructure and virtualization capabilities.
This position is the Cloud Security Control Framework and Governance Leader. This person will report to and provide support to the Head of Cloud Security for various functions such as management of the Wells Fargo Cloud Security Control Framework and oversight of the adherence of the company's adherence to the control framework with its cloud implementations.
This role will be responsible for continuously enhancing the established cloud security control framework, ensuring its alignment to industry standards and best practices, relevant global regulations, and threat and risk vectors pertaining to cloud. In addition, the cloud security control framework must align to the Wells Fargo policy framework and control framework to ensure coverage, driving updates to internal requirements, as appropriate. The role must establish the appropriate oversight procedures, connected to established governance bodies and routines, to ensure that all cloud implementations, across service and deployment models, adhere to the cloud security control framework.
This role must define and drive a strategic and holistic approach to implementing a comprehensive and practical cloud security control framework that needs to be adopted by stakeholders across organizational lines.
* Continuously enhance the Cloud Security Control Framework by maintaining current with industry frameworks, standards, and best practices
* Monitor the cloud security threat and risk environment to ensure coverage with the control framework
* Engage in industry consortiums and collaborative programs to drive consistency in cloud security control frameworks across the Financial Services sector
* Align the Cloud Security Control Framework to the Wells Fargo policy and control frameworks. Implement oversight procedures to demonstrate Wells Fargo cloud implementations adhere to the Cloud Security Control Framework
* Implement metrics and reporting on adherence across cloud service and deployment models
* Engage with cloud security engineering and ICS domain teams to implement solutions that meet control requirements
* Engage with relevant governance and control management bodies and routines in support of control monitoring and adherence
* Support audit or regulatory examinations of the cloud security control framework and additional goals and strategies
* Helps ensure alignment and support with higher level ICS and Technology goals and strategies
* Provide day to day Chief of Staff support to the Head of Cloud Security for non-routine activities that impact multiple teams within the organization. An example would be consulting with various teams within Cloud Security in reviewing the latest cyber threat, evaluating our current controls, and determining actions that can be taken to proactively address the threat.
* 10+ years of technology experience
* 7+ years of experience with strategic planning in technology
* 5+ years of experience with leadership in an enterprise technology environment
* Experience managing large or multiple technology development efforts within a major line of business
* Ability to influence across all organizational levels, particularly senior management
Other Desired Qualifications
* 10+ years of information security or risk management experience
* 3+ years with cloud computing or infrastructure hosting
* Ability to communicate confidentially, professionally, and effectively, in both written and verbal formats, with senior executive-level leaders
* Ability to effectively partner and influence at the executive level across organizational lines
* Demonstrated experience guiding and directing work efforts of a distributed team
* Excellent analytical skills and ability to solve complex problems without direct oversight
* Ability to handle multiple, high priority deliverables concurrently
* Strong ability to manage and lead through ambiguity
* Excellent interpersonal skills, including those related to conflict resolution
* Ability to negotiate, influence, and collaborate to build successful relationships across all organizational boundaries and levels, particularly senior management
* Experience with standard Microsoft Office tools and products
* Advanced knowledge of Information and Cyber Security topics and organizations, particularly Cloud Computing or Cloud Security
* Advanced reporting and communications development experience
* In-depth understanding of information security threats, trends and industry best practices and security tools
* Finance sector security experience or other regulated industry (e.g. utilities, health care, government)
* Cloud security certification such as Certificate of Cloud Security Knowledge (CCSK), Certified Cloud Security Professional (CCSP) or Cloud Computing Architect (CCA)
* Professional Cloud Certification(s) from Cloud Security Alliance, AWS, Google, Microsoft, or equivalent industry-standard / professional organizations
All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.Relevant military experience is considered for veterans and transitioning service men and women.Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.