Live chat
Wells Fargo

Information Security Manager 2 - Security Code Review Validation Review

Wells Fargo - Charlotte, NC

Job DescriptionSince 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle. Enterprise Information Securitys (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargos infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.The EIS Security Code Review (SCR) team provides application vulnerability and risk identification for many of the critical applications used by Wells Fargo, from an automated and manual static analysis (code level) perspective.Within the Cyber Security Defense and Monitoring (CSD&M) organization, this Information Security Manager position will lead the SCR Validation Review team. This is an exciting ground-floor opportunity to build out a fully functional, new team, while leveraging mature security code review processes, that will be responsible for the validation of code level security remediation by the business for all public facing applications, internally hosted and vendor hosted, supporting local, vendor-integrated, and remote review capabilities.SCR Validation Review capabilities will support over 30 different language technologies that vary between reviews, with the majority split between both Microsoft and Java-based technologies. This process must enable and support diverse and niche directions in Wells Fargo application technology roadmap.This leadership position will report directly to the Security Code Review Leader within Cyber Threat Management (CTM), and will be managing and leading a high performance team of security engineers focused on driving success of manual and automated validation review capabilities within the SCR Team that operates as part of CTM within EIS CSD&M. This is an exciting opportunity as Wells Fargo continues to improve and expand our core capabilities in application vulnerability remediation, validation and reporting.This position will require leadership in ensuring that standard processes and procedures are implemented and followed in SCR validation review practices, ensures SCR compliance to best practices, standards and security requirements, and supports all aspects of validation review.This position will manage a team inclusive of US and India based team members spread across several locations. Works with and influences information security and line of business management to identify, formulate and implement security validation review solutions in support of diverse application technologies. Team may be responsible for complex and innovative solutions addressing application security vulnerability detection, validation and reporting as well as evaluation of software, and analyzing proof-of-concept results to make decisions on software acceptance and use.The position will be responsible for establishing/maintaining effective communication and collaboration between many internal and external technology/business units as well as exercise the usual authority of a manager including budgeting and staff management.Maintains an advanced awareness of bank security policies and government regulations pertaining to information security and participates in recommending changes to information security policy, standards and procedures as needed for SCR processes/systems/tools.Required Qualifications7 years of experience in one or a combination of the following: information security, IT systems security or technology experience that includes 2 years direct experience in information security2 years of leadership experience in an Information Security or IT environment4 years application security vulnerability detection and mitigation experience with Open Web Application Security Project (OWASP) Top 10 and SANS Common Weakness Enumeration Top 254 years of web applications experience4 years of SAST (Static Analysis Software Testing) experience1 year of relational database experienceDesired QualificationsExperience managing a technology infrastructure function, application or information security function that has impact across multiple lines of businessExcellent verbal, written, and interpersonal communication skillsAbility to effectively influence and interact with all levels of an organizationVirtual leadership experience with ability to effectively drive results, provide feedback/direction, and manage and build relationships with leaders and team members in a geographically dispersed team environmentAbility to positively influence, motivate, and direct diverse teams in a shift based, decentralized, and geographically dispersed environmentAbility to identify and manage complex issues and negotiate solutions within a geographically dispersed organizationAbility to translate and summarize complex data into understandable, actionable information and recommendationsAbility to translate and present complex technical data across technical and non-technical groupsKnowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysisKnowledge and understanding of J2EEKnowledge and understanding of .netKnowledge and understanding of C SAST (Static Analysis Software Testing) experienceOther Desired Qualifications 5 years of experience in J2EE/JEE and/or .NET development, and/or secure code review/secure static code analysis 1 year of experience with relational databases (e.g. Oracle, MS SQL Server, etc.) from an application/software development perspective Knowledge and understanding of mobile technologies Advanced Information Security technical skills and understanding of information security practices and policies Understands application security as it relates to development, infrastructure, data classifications, policy, etc. Understands security code review and can assess and recommend areas for technological improvement including changes to software, tools, processes, etc. In-depth knowledge and understanding of web applications, including various languages and frameworks (i.e. Java, ASP.NET, C , C#, Struts, Spring MVC, .Net MVC, Python, Apex, XML, Objective-C, etc.). Experience with Fortify SCA and/or Checkmarx. CISSP, CSSLP, GSSP, or comparable security certification Knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications. Ability to handle multiple complex assignments simultaneously Experience working with technology vendors Knowledge and understanding of SPARC (Security Planning & Assessment of Risks / Controls) Ability to stay current with emerging technologies and industry trends Ability to handle difficult situations and to provide alternative solutions or workarounds Flexible and creative in helping to find acceptable solutions DisclaimerAll offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.Relevant military experience is considered for veterans and transitioning service men and women.Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

Categories

Engineering

Government

Information Technology

Security / Protective Services

Legal

Wells Fargo

See more jobs from this location

See more jobs from this company

See more Information Security jobs

Research Salary

Back to search results

(function initAsync() {

if (typeof aiJQuery !== 'function') {

setTimeout(initAsync, 5);

return;

if (typeof PayScaleExtension !== 'object') {

setTimeout(initAsync, 5);

return;

aiJQuery(document).ready(function() {

PayScaleExtension.joblisting = true;

PayScaleExtension.ServiceURL = 'https://www.payscale.com';

PayScaleExtension.affiliateId = '';

PayScaleExtension.backgroundColor = '#395a90';

PayScaleExtension.textColor = '#ffffff';

PayScaleExtension.init();

})();

googletag.cmd.push(function() { googletag.display('div-gpt-ad-1500667501538-0'); });

Featured Jobs

View All

Career News

(function(){

if (ccRssFeed1) {

var container = document.getElementById('atCareerNews');

for (var i = 0; i < ccRssFeed1.items.length; i ) {

var entry=ccRssFeed1.items[i];

var titleLink = document.createElement('a');

titleLink.href = entry.link;

titleLink.innerHTML = entry.title;

var div = document.createElement('div')

div.appendChild(titleLink);

div.className = 'atNewsContainer';

container.appendChild(div);

}

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

My Email (optional)

12 days 14 hours ago

Wells Fargo

apply

Information Security Manager 2 - Security Code Review Validation Review Wells Fargo - Charlotte, NC, United States

   

Location: Charlotte, NC

Company Profile:
Wells Fargo & Company provides retail, commercial, and corporate banking services to individuals, businesses, and institutions. The company’s Community Banking segment offers checking and market rate accounts, savings and time deposits, individual retirement accounts, and remittances; and lines of credit, auto floor plan lines, equity lines and loans, equipment and transportation loans, education and residential mortgage loans, and credit and debit cards. This segment also provides equipment leases, real estate and other commercial financing, small business administration financing, venture capital financing, cash management, payroll services, retirement plans, health savings accounts, and merchant payment processing and private label financing solutions, as well as purchases retail installment contracts. Its Wholesale Banking segment offers commercial loans and lines of credit, letters of credit, asset-based lending, equipment leasing, international trade facilities, trade financing, collection, foreign exchange, treasury management, investment management, institutional fixed-income sales, interest rate, commodity and equity risk management, insurance, corporate trust fiduciary and agency, and investment banking services, as well as online/electronic products. This segment also provides construction, and land acquisition and development loans; secured and unsecured lines of credit; interim financing arrangements; rehabilitation loans; affordable housing loans and letters of credit; loans for securitization; commercial real estate loan servicing; and real estate and mortgage brokerage services. The company’s Wealth, Brokerage, and Retirement segment offers financial advisory, wealth management, brokerage, retirement, trust, and reinsurance services. As of March 7, 2014, it operated through 9,000 locations and 12,000 ATMs, and offices in 36 countries, as well as through wellsfargo.com. The Company was founded in 1852 and is headquartered in San Francisco, California.