Operational Risk Consultant 4 - Information Security Site Review Analyst

Job Description
At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Corporate Risk helps all Wells Fargo businesses identify and manage risk. We focus on three key risk areas: credit risk, operational risk, and market risk. We help our management and Board of Directors identify and monitor risks that may affect multiple lines of business, and take appropriate action when business activities exceed the risk tolerance of the company.
Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.
Enterprise Information Security's (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo's infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.
Are you an Information Security expert with hands-on technology experience in areas like network engineering, cloud security, and/or application development? Do you like to travel 60-75%? A Security Risk Consultant with the Site Review Team interacts with third party service provider's engineers, administrators, and architects in highly technical discussions as part of the risk assessment process, and translates this information to non-technical individuals in verbal and written formats. This position combines the structure of a standard set of processes with the experience of traveling and a changing landscape week.
The Site Reviews are performed on-site; therefore the position requires travel and may include international travel as necessary.

  • The schedule is a three week rotation, with two weeks on the road followed by one week off.
  • Travel is typically Monday through Friday and may consist of the full week or part of the week depending on the scope of the assessment to be performed.
  • Weekend travel is not required.
  • The position is open to locations in the lower 48 states, but must be near major airport due to the travel requirement.
The team is geographically dispersed across the United States and India and works in a virtualized environment.
Consultants on this team assess a broad range of information security controls (i.e. physical, administrative, and technical controls) to determine the information security risk to Wells Fargo. The assessments (Site Reviews) span multiple information security domains including, but not limited to:
  • Physical and Environmental Security
  • Network Security Configuration and Management
  • Cloud Security
  • System Configuration and Hardening
  • Database Security
  • Access Control
  • Application Architecture and Security
  • Encryption
  • Incident Management
  • Business Continuity and Disaster Recovery
The primary responsibilities will include conducting assessments of third/fourth party vendors, documenting assessment results, and writing assessment reports for key stakeholders in conjunction with the Wells Fargo Information Security Risk Assessment Program.
Note: This position can sit at any core Wells Fargo location or telecommute.

Required Qualifications
  • 6+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or 6+ years of IT systems security, business process management or financial services industry experience, of which 3+ years must include direct experience in compliance, operational risk management, or a combination of both
  • 3+ years of information security experience

Desired Qualifications
  • Advanced Microsoft Office skills
  • Excellent verbal, written, and interpersonal communication skills
  • Strong analytical skills with high attention to detail and accuracy
  • Ability to interact with all levels of an organization
  • Knowledge and understanding of information security risk assessment procedures, risk mitigation or remediation
  • Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO)
  • Knowledge and understanding of vulnerability assessment or penetration testing
  • Ability to learn and assimilate information from multiple people and sources
  • Ability to work effectively, as well as independently, in a team environment
  • Ability to work in a fast paced deadline driven environment

Other Desired Qualifications
  • Well-rounded technical background with previous hands on technical and/or engineering experience, coupled with an in depth understanding of information security principles and controls
  • Related Information Security Certification (e.g. CISSP, CISA, GIAC, etc.)
  • Ability to effectively communicate with peers, customers, vendors, engineers, administrators, and various levels of management
  • Previous experience authoring risk assessment reports, particularly for information security programs including Cloud and Virtualized environments
  • Previous 3rd party risk assessment experience
  • Understanding of Wells Fargo Information Security Policies, Baselines, and Control Standards
  • Understanding of Wells Fargo's ISRA process
  • Degree in Information Security or related field

Job Expectations
  • Ability to travel up to 60% of the time
  • Ability to travel domestically and internationally


All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

Back to top