Secure by Design - Head of Architecture - Technology Director

About this role:

Wells Fargo is seeking a Technology Director. This individual will server as the Head of Security Architecture will lead the enterprise-wide cybersecurity architecture strategy, ensuring robust, scalable, and compliant security solutions across all technology platforms. This role provides technical leadership, governance, and innovation to safeguard critical assets, reduce risk, and align with regulatory frameworks such as NIST, FFIEC, and GLBA. This is a hands-on, deeply technical, and forward-looking architectural leadership role responsible for shaping the future of the company's security posture.

Enterprise Engineering: Covers strategic roles responsible for technology application development across the enterprise, identifies and resolves abstract, systemic, cross-function issues impacting the effectiveness of the company's technology capability and builds support for strategies with the business and technology leaders

Key Responsibilities

Enterprise Security Architecture Leadership

• Serve as the principal architect and final decision-maker for all enterprise security standards, patterns, and target-state architectures.
• Define, maintain, and own the enterprise security architecture roadmap across all major cybersecurity domains, including Network Security, Cloud Security, Identity and Access Management, Application Security, Data Protection, Cryptography, Threat Management, Vulnerability Management, Endpoint Security, and Security Operations.
• Establish and enforce architecture standards, patterns, and technology disposition policies to ensure consistency and control.
• Manage the architecture for large portfolios of applications and security products, ensuring alignment with current and target state architectures.

• Drive and ensure compliance with internal security control requirements and external regulations (e.g., GLBA, PCI DSS, SOX) and industry standards (e.g., NIST, COBIT).
• Serve as the senior technical authority during regulatory exams, audits, and risk committee reviews.
• Architect proactive controls and automation that reduce manual burden and mitigate audit findings.

• Oversee threat modeling, cryptographic evaluations, and architecture risk assessments for hybrid cloud environments and new data centers.
• Lead the integration of advanced technologies such as AI/ML, Quantum Security, and Zero Trust into the enterprise architecture frameworks.
• Embed security principles into the CI/CD pipeline and champion DevSecOps best practices.

• Partner with engineering, operations, and business units to embed security by design into all technology initiatives and programs.
• Direct and influence product, engineering, and operations teams on the implementation of security architecture.
• Represent security architecture in executive forums, strategy councils, and enterprise steering committees, effectively communicating complex technical concepts to non-technical stakeholders.

• A unified, modern, and resilient security ecosystem with minimized risk and friction.
• Widespread adoption of architectural guardrails and security standards by all engineering and application teams.
• A demonstrable improvement in security posture, evidenced by a reduction in architectural risk and audit findings.
• Security is recognized as a strategic business enabler and a core component of all technology initiatives.
• Clear and consistent alignment with key regulatory frameworks, including NIST, FFIEC, and GLBA.

• 8+ years of Technology Strategic Leadership experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 4+ years of management or leadership experience

• 10+ years of experience in cybersecurity architecture leadership roles, preferably within financial services or another highly regulated industry.
• Deep expertise across all major cybersecurity domains: Network and Cloud Security, IAM and Privileged Access, Application Security and DevSecOps, Data Security and Encryption, Threat Detection and Incident Response, Vulnerability and Patch Management, and Security Operations/SIEM.
• Strong knowledge of regulatory frameworks (GLBA, PCI DSS, SOX) and industry standards (NIST, COBIT).
• Proven ability to lead large, cross-functional teams and influence executive stakeholders.
• Advanced degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• Professional certifications such as CISSP, CISM, SABSA, or TOGAF.
• Demonstrable experience designing and implementing Zero Trust Architecture.
• Experience leveraging AI-driven security solutions for threat detection, automation, and analytics.

• Ability to work on-site in one of the listed locations. This is a hybrid work environment with no option for fully remote work.
• This position is not available for visa sponsorship.
• Ability to travel up to 15% of the time.

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement