About this role:

The Audit Manager at Wells Fargo is an Individual Contributor role with no direct reports.  The officer title associated with this role is Executive Director given the complexity of engagements that this role is acting as the Auditor-in-charge, overseeing the work of a team of Audit staff.  

The Enterprise Technology Audit Group - Cybersecurity Audit Team is looking to fill an IT Audit Manager, Executive Director position to support the coverage of Wells Fargo’s core Information Security and Cybersecurity controls (e.g., Cyber Threat Fusion Center, Data Loss Protection, Security Information and Event Management, Cryptographic Services, Patch and Vulnerability Management, Network Security Management, Third Party Information Security Management etc.). We’re building a Cybersecurity Audit function for the future and looking for high-energy talent to join us on our journey! You’ll be part of a team that provides audit coverage of the controls and tools that provide the front line protection for the Bank’s critical systems and data.  Given the dynamic nature of the external threat landscape, you’ll be exposed to cutting edge technology and threat management techniques. We’re looking for team members that have a passion for Cybersecurity and a continual thirst for knowledge in this fascinating and critical space!

In this role, you will:

• Lead a team of audit staff to resolve highly complex and unique challenges requiring in depth evaluation across multiple areas or the enterprise, delivering solutions that are long term.
• Lead defined audits within one or more segments of the Audit Plan
• Ensure audit engagements are risk based, and executed according to Wells Fargo Internal Audit policies and guidance
• Assist in planning and organizing work in an annual cycle and project cycle
• Provide timely feedback, coaching and monitoring of audit work and staff
• Develop and maintain solid business relationships within Wells Fargo Internal Audit and with teams across Wells Fargo, and other stakeholders
• Become a subject-matter-expert in various integrated and application auditing disciplines so that you can be viewed as a trusted advisor on risks in these areas to management and audit leadership.
• Maintain an ongoing knowledge of the people, processes and tools that interact in this area so that you can keep the big picture in mind as you design your work approach and structure your opinions.
• Lead audit execution teams with integrity and creating an environment where team members feel included, valued, and supported to do work that energizes them.
• Accomplish management responsibilities to provide day-to-day oversight of audit execution including designing the scope and approach for information and cyber security audits, providing ongoing coaching and feedback for audit team members, identifying and managing risks, and completing daily management tasks.

Required Qualifications:

• 7+ years of Audit, Risk experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

Desired Qualifications:

• 7+ years of increasing responsibilities within IT audit, including experience leading and supervising audits (external and/or internal), preferably in the financial services sector
• Proficiency with MITRE ATT&CK Framework.  Applicants must have over 3-5 years of experience working with the MITRE ATT&CK framework. A strong grasp of its application in identifying, assessing, and mitigating cyber threats based on real-world observations is essential.
• Demonstrate expertise in managing and evaluating cloud security, with a strong proficiency in leading identity and access management (IAM) assessments and audits.
• Strong data analytical skills are crucial. Candidates should be adept at interpreting complex data sets, identifying trends, and deriving meaningful insights to enhance threat detection and response capabilities.
• Knowledge of IT and Cloud management and control frameworks
• Experience working in a highly formal audit environment, including preparation of formal test of design and test of effectiveness work-papers, sample selection through use of formal sample selection tools, process and control flow-charting, and audit methodology compliance
• Experience at a financial institution or accounting firm
• A BS/BA degree or higher
• Solid knowledge and understanding of audit or risk methodologies and supporting tools
• Strong understanding of financial regulatory environment
• Certification in one or more of the following: CISSP, CEH, Azure & CIAM
• Experience leading and providing feedback to staff on audit projects or engagements
• Experience with Issue Validation and Remediation
• Ability to effectively communicate complex security concepts to stakeholders at all levels

Job Expectations:

• Ability to travel up to 10% of the time
• Position does not provide sponsorship

Pay Range
 

Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to achievements, skills, experience, or work location. The range listed is just one component of the compensation package offered to candidates.

$144,400.00 - $300,000.00

Posting End Date:

30 Jan 2025

*Job posting may come down early due to volume of applicants.

We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.

Applicants with Disabilities

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo.

Drug and Alcohol Policy

Wells Fargo maintains a drug free workplace.  Please see our Drug and Alcohol Policy to learn more.

Wells Fargo Recruitment and Hiring Requirements:

a. Third-Party recordings are prohibited unless authorized by Wells Fargo.

b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.