• Job Description

  Req#: R-324834

  Title: Chief Information Security Officer - Technology Senior Executive

  Reports to: Head of Wells Fargo Technology

  • NY, NJ, Charlotte NC, San Francisco, CA.

  Wells Fargo Technology

  Technology at Wells Fargo is at the heart of what enables us to satisfy our customers’ financial needs and help them succeed financially. The Wells Fargo Technology (WFT) team leads technology for one of the highest market cap financial services institutions in the world, helping 76.6 million customers conduct an average of 95 million transactions each day, helping more end-customers every day – both in the United States and across the globe – than any other division in our company.

  Wells Fargo Technology’s goal is to exceed Wells Fargo customers’ expectations and directly enable them to succeed financially. Through technology and operations services, Wells Fargo Technology interacts with customers more than 12 billion times a year through branch, mobile, online, ATM and telephone transactions. Wells Fargo Technology impacts customers directly through systems availability and security, as well as indirectly, through Wells Fargo business partners who offer and deliver a myriad of products and services that meet customers financial needs. Wells Fargo Technology strives to be a competitive advantage for the company and effective information management is one example of where we can take our capabilities to a new level of excellence.

  The Wells Fargo Technology team helps customers directly every time they do business with the company, delivering a true One Wells Fargo experience and ensuring their security, regardless of channel. We also help customers by remaining trusted partners working with all lines of business (LOB) to develop and deliver value-added products and services. To do this, Wells Fargo Technology draws on the talents and motivation of thousands of technology team members across the enterprise.

  About this role

  Wells Fargo seeks to recruit a Chief Information Security Officer (CISO) to protect its people, clients, information and brand against an evolving and sophisticated set of global threats. Wells Fargo is one of the oldest financial institutions in the US, a "Globally Systemically Important Financial Institution" (GSIFI) and a leading brand globally in personal, small business and commercial banking, is at least in part based on the company's reputation for security and reliability that it has built and diligently maintained since its founding in 1852.

  You will be entrusted to define what this standard of trust and security means for today’s Wells Fargo – an institution with large-scale, complex operations, facing a formidable and rapidly evolving array of risks and threats to its clients’ data, its assets, and therefore its brand. This is a critically important role for the bank with a broad set of responsibilities and accountabilities. The CISO will be responsible for developing and implementing a broad-based information security strategy covering information security ("cyber") and insider threats and playing an instrumental role in the bank's fight against financial crime in its various forms.

  Beyond this important set of responsibilities for Wells Fargo, the board and management team wish to hire an executive who will emerge as a leader not just for Wells Fargo but for the industry more broadly. As in other areas, the bank is willing to play a leadership role beyond its own interest and would support the new CISO in their endeavors to improve information sharing across the industry and to set a tone of transparency and partnership with both the private and government sectors, in order to collectively improve resilience levels in the face of a rapidly-evolving threats and emerging risks.

  You will be a part of the bank’s group technology leadership team, overseeing a team of over 3,200 globally and a budget of approximately $800M USD. The role will have end-to-end accountability for leading all aspects of information security across the global organization. Leveraging leading-edge technology and engineering practices, this leader will take a product focused approach to security; bringing together software engineering and security disciplines to establish the vision, strategy, and architecture to ensure a scalable, flexible and highly resilient technology platform for Wells Fargo and its customers.

  The new leader will find ways of delivering on this vision without impeding the brand’s best-in-class client service, pace of modernization or appetite for innovation. You will be accountable for annual and ongoing security assessment process and investigation and tracking of incidents and breaches in compliance with local laws. The ideal candidate will be innovative, intellectually curious, and able to conceptualize and implement new solutions for the business. You will have proven experience in delivering outcomes and results in a fast-paced, large-scale environment, working closely with peers and key stakeholders in a large international regulated institution.

  Position Responsibilities and Expected Outcomes

  • Develop and deliver a group-wide information security strategy for Wells Fargo that offers the bank, its staff and its clients world class protection from all manner of rapidly evolving threats.
  • Position Wells Fargo as a leader in security for the industry and broader industries, setting the benchmark in terms of capability and providing support to the broader financial sector through information sharing and a proactive security and risk-management posture.
  • Primary focus on general risk management is a must along with experience with interacting with regulators as well as with large scale regulatory remediation efforts.
  • Focus on a cultural shift of driving solutions and delivering a Cyber uplift program.
  • Translation of the Wells Fargo enterprise security strategy into an executable, time-bound road map for delivery, including the design of a supporting enterprise security organization structure and build of a world-class team.
  • Leadership of a world class security "fusion center" capability, to coordinate intelligence gathering across a variety of sources internal and external to detect patterns to rapidly identify and analyze threats to the bank, its clients, and the broader financial ecosystem.
  • Design and execute on a comprehensive program for the effective risk management of the company’s global information assets. Oversee the activities of the central group information security function and "embedded" information security teams across the firm’s global business lines.
  • Ensure security strategy, policies, standards, governance, and processes are fit for purpose to assess and mitigate risk, safeguarding Wells Fargo and limiting liability and exposure to cyber-attacks, financial crime risk and insider threats.
  • Evaluate and continue to evolve the company’s information security and financial crimes policies and partner with corporate communications and other key stakeholders to increase company-wide knowledge of security capabilities and responsibilities to create an improved culture of risk and security awareness.
  • Lead a coordinated modernization of the bank's security capabilities, such that the CISO function can deliver solutions that are repeatable, reliable, and scalable – with a strong focus on high quality, commercial-grade engineering practices.
  • As part of the modernization program, drive increased automation, including tooling, AI and data science initiatives. Streamline and modernize access management.
  • Drive and evolve the cloud security engineering team and solidify our use of the cloud in collaboration with the Cloud enablement product team.
  • Lead an effective security governance function whereby key stakeholders are brought into the decision process. Drive prioritization by aligning business goals with information security resources, identifying the initiatives that are of the highest value to the business, and gaining buy-in for those initiatives.
  • Raise awareness and communication across the company. Collaborate effectively with the CIO and business line leaders to ensure alignment between business priorities and security policies and programs.
  • Conduct research to evaluate security trends, evolving threats, risks and vulnerabilities and apply tools to mitigate risk and keep Wells Fargo safe and secure in a way that is relentlessly focused on improvement and resilience.
  • Proactively ensure the disaster recovery, business continuity planning, risk management and access controls are all in place meeting the needs of the business to ensure loss prevention, fraud prevention and privacy of data.
  • Oversee information security incident response and incident response planning, as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches, as necessary.
  • Maintain relationships with local and federal law enforcement and other government agencies in the key jurisdictions in which the bank operates. Maintain current knowledge of applicable security laws, regulatory requirements, and any industry related security requirements, ensuring Wells Fargo is compliant with national and global regulations, especially in the areas of information security and privacy.
  • Conduct, manage and coordinate complex and sensitive investigations regarding security threats and violations, including insider threats and issues. Coordinate with law enforcement as required.
  • Oversee regular third-party independent audits of information security systems and protocols, represent the company as a knowledgeable resource, and act as the primary contact for issues regarding Wells Fargo security.

  Required Qualifications

  • 10+ years of Technology Strategic Leadership experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education.
  • 5+ years of Management experience.

  Desired Qualifications

  • The CISO will be a highly influential leader, expected to establish credibility with the bank's executive team and broader organization. You should have a balance of strategic leadership and vision, with a passion for being "hands-on" in the build and management of a world-class security capability at scale.
  • It is critical for the CISO to possess a track record of successful transformation. You will serve as a thought leader, providing strategic direction and oversight for Wells Fargo security functions. As an adept communicator, the CISO will effectively articulate the bank's vision for maintaining a secure environment to all audiences. This executive should be both a teacher and a learner, capable of introducing creativity and leading-edge engineering thinking, while simultaneously demonstrating the humility to learn from the existing organization.
  • 15+ years of managerial experience in information security, a security related field or other complex information risk management function in the financial sector.
    • A high level of comfort working with ambiguity or uncertainty with exceptional organizational and project management skills with an ability to manage numerous, competing demands from internal and external stakeholders.
  • Modern technical understanding and experience developing and implementing large-scale innovation.
    • Depth with modern technology stacks, with reference to agile software engineering, data science, machine learning and cloud – both public and hybrid models.
  • Has led global teams in excess of 1,000 full time employees and contractors. Strong leadership and influencing skills within a complex, matrixed environment; able to gain support and cooperation and build effective business partnerships with all levels of team members to achieve results without direct organizational control.
  • Experience operating in a highly regulated environment, ideally a large financial institution.
    • Financial services strongly preferred. Experience in large-scale e-commerce or “high tech” a potential consideration as are other sectors providing the requisite scale and complexity. Has preferably operated in high transaction environments with complex security, operational and regulatory requirements at scale. Has a strong appreciation of, and ideally experience leading information security in a complex, global, highly regulated enterprise.
  • Has served as a representative on security matters with external partners and industry bodies where appropriate.
    • Experience partnering with the most senior executives, the Board of Directors, and external partners, specifically Regulators and Auditors. Able to enhance the reputation of Wells Fargo in the global market as a trusted bank and thought leader more broadly in improving collective security against malefactors.
  • Strong leadership skills with the ability to inspire and lead teams through transformational change.
  • Excellent communication and interpersonal skills, with the ability to collaborate effectively with stakeholders at all levels.
  • Strategic mindset and the ability to think critically and solve complex problems.
  • Transformation experience within large matrixed organizations and how to simplify the organization.
  • Understanding of different approaches towards organizational design.
  • Understanding of financial and budgeting practices and how an enterprise would operate in a product centric manner.
  • Understanding the differences between operating in a project/program/value stream centric operating model compared to a product centric operating model.
  • Strategic thinker - be able to fluidly move between strategic and tactical.
  • Experience with training development and delivery.
  • Strong collaboration, facilitation, and conflict management skills.
  • Excellent written and verbal communication skills.
  • Understanding of complex organizational design.

  We Value Diversity

  At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

  Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

  Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.

  Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.

  Drug and Alcohol Policy

  Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.

• About the company

  Wells Fargo & Company is an American multinational financial services company with corporate headquarters in San Francisco.

Notice