Information Security Manager 2

Wells Fargo Boston , MA 02298

Posted 2 months ago

Job Description:

Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume when submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as "Personal Cell" or "Cellular" in the contact information of your application.

At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargo's more than 70 million global customers.

Our Cyber Information Security team is looking for a strong cyber security professional to join our Cyber Security Defense and Monitoring Team. This role will involve performing cutting-edge research on new attack vectors, techniques, and tactics. This role will emulate adversarial attacks in order to provide information to Wells Fargo Lines of Business with the overall goal of providing knowledge of indicators or compromise and TTP (Tools, Tactics, and Procedures) to other teams.

This team member will be responsible for managing a team responsible for identifying, formulating and implementing complex information security policies, procedures and controls. Works with and influences information security and line of business management to identify, formulate and implement information security solutions and controls. Team may be responsible for complex and innovative solutions addressing: vulnerability detection, threat analysis, network intrusion and development/implementation of vulnerability mitigation strategies; identifying security risks and solutions for the company's networks and virtual private networks, application systems, security tools, key public infrastructures, authentication and directory services, and access management services to ensure the security of the network and confidential data. Maintains an advanced awareness of bank security policies and government regulations pertaining to information security and participates in recommending changes to information security policy, standards and procedures as needed for systems/applications/tools. Exercises the usual authority of a manager including budgeting and staff management.

This role reports to the Offensive Security Research Team manager and will lead the Device Research & Exploitation team. The manager of this role should understand financial threat actors and know about the Tactics, Techniques, and Procedures used by threat actors.

As a Team Member Manager, you are expected to achieve success by leading yourself, your team, and the business. Specifically you will:

  • Lead your team with integrity and create an environment where your team members feel included, valued, and supported to do work that energizes them.

  • Accomplish management responsibilities which include sourcing and hiring talented team members, providing ongoing coaching and feedback, recognizing and developing team members, identifying and managing risks, and completing daily management tasks.

Required Qualifications

  • 7+ years of experience in one or a combination of the following: information security, IT systems security or technology experience that includes 2+ years direct experience in information security
  • 2+ years of leadership experience in an Information Security or IT environment

Desired Qualifications

  • Experience managing a technology infrastructure function, application or information security function that has impact across multiple lines of business

  • Excellent verbal, written, and interpersonal communication skills

  • Ability to effectively influence and interact with all levels of an organization

  • Experience working in a large enterprise environment

  • Ability to assess issues, make quick decisions, implement solutions, and influence change

  • Ability to motivate staff to prioritize work, meet deadlines, achieve goals, and work under pressure in a dynamic and complex environment

  • Ability to negotiate, influence, and collaborate to build successful relationships

  • Knowledge and understanding of banking or financial services industry

  • Certifications in one or more of the following: Global Information Assurance Certification (GIAC), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), or Offensive Security Web Expert (OSWE)

Other Desired Qualifications

  • Experience managing security plans, red team tooling, risk acceptations, and TSC exceptions.

  • Knowledge of the corrective action process and understanding the intent of audit recommendations and the ability to work through annual audits.

  • Knowledge of device testing research tools and penetration testing tools.

  • Knowledge and understanding of the MITRE attack framework

  • TTP - Tactics techniques and procedures.

  • PTES - Pen Testing Execution Standard

Job Expectations

  • Ability to travel up to 5% of the time

Disclaimer

All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Security Officer

Manulife

Posted Yesterday

VIEW JOBS 6/5/2020 12:00:00 AM 2020-09-03T00:00 Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations. Job Description Description We are seeking a talented Information Security Officer to join Enterprise Technology & Services team. This is a 1st line of defense IT Governance role in which the incumbent will enable businesses and IT partners to recognize and manage their cyber and information security risks in a vibrant business environment. The incumbent will be part of the team which will work with different service areas within ETS. You will serve as trusted partner and subject matter expert to the business and help them protect their information assets. You will participate in critical global projects and initiatives to ensure Information risk is always appropriately managed. As a security officer you will perform security risk assessments, vendor assessments and consulting on various projects & implementation of tools or services. You will work closely with infrastructure, development, application teams on implementation of security controls to ensure the integrity of information security policies, procedures and standards; also report to senior management on the effectiveness of such controls. You will join a world-class company known for its commitment to diversity, community involvement and work-life balance via the WorkSmart program where 20% Manulife's North American employees work from home. We are committed to the personal and professional development of our team members, including support for attaining and keeping industry designations and certifications. Responsibilities: As Information Security Officer you will be: * Assisting project teams with identifying and validating security requirements or leading the completion of information risk assessments. * Performing in-depth risk assessments on projects from technical security perspective to ensure that the security safeguards and controls are in-line with Manulife Security policy and standards. * Conducting security risk assessments of 3rd parties. Assessment types include self-assessment questionnaires, performing site visits and examining external audit reports (i.e. SOC 2 type 2, ISO 27001). * Providing input and recommendations to the ETS Service Areas on information security requirements and best practices. * Assisting with security incident investigations & service provider threat notifications for the ETS Service Areas. * Support other operational security activities including oversight of ongoing security processes (e.g., incident response, ad hoc queries, periodic access reviews and vulnerability management) * Working with the ETS Service Areas to help define and improve Information Security practices. * Working with the ETS Service Areas on input and recommendations to hardening standards for the relevant technologies within each of the ETS Service Areas. * Working with the ETS Service Areas on Acceptance Reviews for new cloud initiatives, infrastructure & services associated with ETS Service Areas * Reporting on security metrics and compliance with company policies/standards. * Take on other information risk management tasks as required. Qualifications * 5+ years of relevant information security and information risk management experience. * 5+ years of relevant experience in cloud computing environment such as Azure or AWS including IaaS, PaaS and SaaS. * Professional certification(s) related to information security or information risk management such as CISSP, CISM, CISA, GIAC are preferred. * Experience with FAIR or comparable quantitative risk management frameworks is a plus. * Post-secondary diploma or degree in computer science fields of study is preferred. * Working knowledge and experience in the following areas is a plus: * Security architecture and controls in various infrastructure platforms (i.e. Windows, Unix, Virtual hosting, networking, end user technology, cloud computing including Infrastructure as a Service (IaaS) and Platform as a Service (PaaS)). * Security systems such as privilege management system, SIEM/big data solution for security monitoring, NAC, vulnerability management solution and operating model, PKI/Encryption technology, APT solutions (FireEye, Zscaler), Firewall/IPS, WAF etc. * Knowledge of application security best practices such as secure coding, security testing techniques * Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies * Configuration Management Technologies (i.e. Ansible, Chef, Puppet), Infrastructure Automation Technologies (i.e. Terraform), Build Automation Technologies (i.e. Jenkins, Concourse), Containerization & Cloud Orchestration Technologies (i.e. Cloud Foundry, Kubernetes, Dockers) * Windows and related services (i.e. Active Directory, DNS, IIS, MSSQL), Active Directory Federated Services and Protocols (i.e. ADFS, SAML) * Collaboration and messaging platforms (i.e. Office 365, Sharepoint) * Mobile Devices along with Mobile Device Management / Mobile Application Management Platforms and Services * GRC platform such as Archer. * Proven ability to build relationships, engage and influence others, and work with diverse internal and international user communities as well as vendors * Previous experience in the Financial, Insurance or Healthcare sectors considered an asset. * Experience implementing and/or supporting a large-scale corporate enterprise solution. Attributes * Focused on helping ETS Service Areas achieve their objectives; understands that Information Security must enable the business. * Strong written and verbal communication and effective negotiation skills. * Strong technical skills and background with the ability to easily develop strong working capabilities with new technologies and the related security implications * Influences others across the organization to accomplish their objectives. * Works independently and takes initiative. * Handles conflict well and maintains professionalism at all times. * Takes ownership for their objectives and ensures they are achieved. * Functions well as part of a distributed team. * Strong analytical skills. * Ability to step back for cross-organization context or to pivot to specific, detailed technology and/or risk review. This is a full time permanent role that can be worked out of a number of office locations including Toronto and Waterloo, ON and Boston, MA If you are ready to unleash your potential it's time to start your career with Manulife/John Hancock. About Manulife Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Canada, Asia, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and wealth and asset management solutions for individuals, groups and institutions. At the end of 2019, we had more than 35,000 employees, over 98,000 agents, and thousands of distribution partners, serving almost 30 million customers. As of March 31, 2020, we had $1.2 trillion (US$0.8 trillion) in assets under management and administration, and in the previous 12 months we made $30.4 billion in payments to our customers. Our principal operations are in Asia, Canada and the United States where we have served customers for more than 155 years. We trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong. Manulife is an equal opportunity employer. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention and advancement and we administer all of our practices and programs based on qualification and performance and without discrimination on any protected ground. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request any accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially. Manulife Boston MA

Information Security Manager 2

Wells Fargo