I am...

About this role:

Wells Fargo is seeking a IAM Triage Lead Analyst (Lead Information Security Analyst) in Cybersecurity as part of Identity Access Management. Learn more about career areas and business divisions at wellsfargojobs.com

This role is responsible for investigating highly complex IAM issues and needs that require in depth knowledge of IAM processes, tools, and technologies at Wells Fargo to solve, ensuring rapid and accurate diagnosis and root cause assessment. This resource will advise projects or remediation activities by creating designs and strategies to meet the goals of the issue within triage.  This role requires strong analytical skills, in-depth knowledge of IAM processes and technologies and the ability to collaborate across IAM, Cyber and other areas of Wells Fargo Technology (WFT) to produce viable solutions that meet the needs of all stakeholders while ensuring the integrity and security of the IAM controls.

• Triage

• Lead the triage and resolution of complex IAM issues and needs ensuring proper categorization and resolution.

• Perform detailed investigations to determine root cause and recommend solutions to prevent recurrence.

• Process Improvement:

• Assess complex IAM process issues to identify and mitigate risks, potential improvements, and efficiency enhancements to prevent recurrence.

• Partner with the IAM Governance and Operations team to analyze IAM metrics to identify trends and areas for improvement.

• Collaborate with engineering team to implement fixes and process improvements.

• Technical Leadership:

• Provide expert guidance in resolving complex IAM Issues

• Collaboration:

• Partner with IAM, Cyber and the broader Wells Fargo Technology (WFT) organization to resolve highly complex issues that involve identity and access management.

• Risk Management:

• Partner with IAM Governance and Risk partners to ensure proposed solutions to complex IAM issues address underlying risk, satisfy policy and regulatory requirements.

• Documentation:

• Develop and maintain detailed documentation of issues, resolutions, and process improvements to help contribute to knowledge base/best practices.

• Provide advanced information security consultation for all aspects of information security compliance policy, risk management, and remediation

• Direct information security risk assessment and research, and recommend remediation plans and strategies

• Influence stakeholders on net new or on material changes to an asset to influence control decisions

• Provide consulting on security risk assessment and research, and recommend remediation plans and strategies

• Act as more experienced lead to the organization to develop security risk awareness and mitigating actions

• Consult the organization on complex security issues and findings

• Manage the most complex and critical information assets

• Evaluate and interpret internal and companywide information security policies, processes, standards, and participate with more experienced leaders in decision making on information security

• Serve as information security lead to advise on the development and delivery of Information Security Education and Awareness

• Collaborate and consult with peers, colleagues, and mid-level to more experienced managers to resolve issues and achieve goals

• Lead projects and teams

• Coordinate with vendor manager on third party assets to manage information security risks

• Serve as a mentor to less experienced staff

Required Qualifications:

• 5+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

Desired Qualifications:

• 5+ years of experience in Information Security Analysis / Identity and Access management, with a focus on triage, troubleshooting and resolution.
• Experience with IAM Technologies and Tools (i.e., Authentication:  Ping, Okta, MS Azure Active Directory); IGA: SailPoint; PAM:  CyberArk, Beyond Trust, MFA: RSA Secure ID, Directory Services:  MS Active Directory; Open LDAP; API Security and Access Management:  Apigee, OAuth; Identity Analytic Tools: Gurucul, Saviynt;)
• Strong understanding of IAM security principles, processes, and best practices such as principle of least privilege and zero-trust architecture
• Proficient in Database, Cloud and OS security and principles
• Deep understanding of Access Control and Authentication concepts such as Role-Based Access Control (RBAC), Identity Federation and Kerberos authentication protocols
• Strong analytical and problem-solving skills
• Ability to query and analyze data in databases and log files.
• Proficiency in scripting languages such as PowerShell or Python
• Experience with Cloud-based IAM Solutions such as MS Azure AD and Google Cloud
• Excellent communication and people skills
• Ability to work under pressure and manage multiple priorities
• Experience and fluency in Financial Services and Technology

Locations:

• 300 S Brevard St. - Charlotte, North Carolina
• 1525 W WT Harris Blvd. - Charlotte, North Carolina
• 2600 S Price Rd. - Chandler, Arizona
• 550 S 4th St. - Minneapolis, Minnesota
• 1301 Solana Blvd. - Westlake, Texas

Posting Statements:

• Job posting may come down early due to volume of applicants.
• Required location(s) listed above. Relocation assistance is not available for this position
• Salary range is determined by the location of the job.  May be considered for a discretionary bonus, Restricted Share Rights, or other long-term incentive awards.
• This position is not eligible for visa sponsorship

Pay Range

Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to achievements, skills, experience, or work location. The range listed is just one component of the compensation package offered to candidates.

$111,100.00 - $197,500.00

Benefits

Wells Fargo provides eligible employees with a comprehensive set of benefits, many of which are listed below. Visit Benefits - Wells Fargo Jobs for an overview of the following benefit plans and programs offered to employees.

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement

Posting End Date:

18 Nov 2024

Job posting may come down early due to the volume of applicants.

We Value Diversity

At Wells Fargo, we believe in diversity, equity, and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran, or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in the US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.

Applicants with Disabilities

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo.

Drug and Alcohol Policy

Wells Fargo maintains a drug-free workplace.  Please see our Drug and Alcohol Policy to learn more.

Wells Fargo Recruitment and Hiring Requirements:

a. Third-Party recordings are prohibited unless authorized by Wells Fargo.

b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.

Company Description

At Western Digital, we are on a mission to unlock the potential of data so people, companies and organizations everywhere can create what’s next. To fulfill our vision, we are always on the lookout for potential team members who share our passion for solving problems to empower others.

When you join Western Digital, you join a legacy more than 50 years in the making. Across our Western Digital®, SanDisk®, SanDisk® Professional, WD® and WD_BLACK™ brands, we have brought some of the most storied advancements in memory and data storage technology to market—and our best, most innovative work is yet to come.

From energizing gaming platforms, to enabling systems to make cities safer and cars smarter and more connected, to powering the data centers behind many of the world’s biggest companies and public cloud, Western Digital is fueling a brighter, smarter future.

Here’s how you can help.

• Lead technology and security compliance programs that meet industry standards, regulatory requirements, and organizational objectives.
• Lead technical assessment activities to identify, evaluate, and prioritize information security risks across the organization, including threats, vulnerabilities, and potential impacts to information and technology assets.
• Develop and drive implementation of effective risk management strategies to mitigate identified risks, ensuring alignment with industry best practices and regulatory requirements.
• Develop comprehensive metrics and dashboards to communicate the status of information security risks to stakeholders and leadership.
• Analyze security data to identify trends, vulnerabilities, and areas for improvement.
• Collaborate with internal and external auditors to facilitate security audits and assessments.
• Collaborate across the organization to ensure the integration of risk management practices into organizational processes and projects.
• Stay current with industry trends, emerging threats, and best practices for information security and risk management.
• Provide expert technical guidance and support in developing and maintaining information security policies, standards, and procedures.
• Implement enterprise-wide risk management frameworks that align with industry standards (e.g. ISO27001, NIST, etc).

REQUIRED:

• Bachelor's degree in Information Security, Computer Science, or equivalent work experience.
• 8+ years of experience in information security, including risk management, risk assessments, reporting, and metrics analysis, and hands-on with at least one of the following: security engineering, network security, identity and access management, security operations, and/or software development security.
• 3+ years of experience in technical roles, or similar technical proficiency required.
• Proficiency in risk assessment methodologies, tools, and techniques.
• Experience in conducting risk assessments, vulnerability assessments, and compliance audits.
• Strong understanding of information security frameworks, standards, and best practices (e.g., ISO 27001, NIST, GDPR).
• Experience in generating and interpreting information security metrics and reports.
• Experience in building and maturing information security risk management practices.

PREFERRED:

• Relevant certifications such as CISSP, CISM, CRISC, GSNA or similar are highly desirable.
• Technical certifications such as GCIH, GPEN, CEH, OSCP or similar are highly desirable.

SKILLS:

• Excellent analytical and problem-solving skills with attention to detail.
• Strong communication and interpersonal skills, with the ability to explain complex security concepts to non-technical stakeholders.
• Ability to work independently and collaboratively in a fast-paced environment.

Western Digital is committed to providing equal opportunities to all applicants and employees and will not discriminate against any applicant or employee based on their race, color, ancestry, religion (including religious dress and grooming standards), sex (including pregnancy, childbirth or related medical conditions, breastfeeding or related medical conditions), gender (including a person’s gender identity, gender expression, and gender-related appearance and behavior, whether or not stereotypically associated with the person’s assigned sex at birth), age, national origin, sexual orientation, medical condition, marital status (including domestic partnership status), physical disability, mental disability, medical condition, genetic information, protected medical and family care leave, Civil Air Patrol status, military and veteran status, or other legally protected characteristics. We also prohibit harassment of any individual on any of the characteristics listed above. Our non-discrimination policy applies to all aspects of employment. We comply with the laws and regulations set forth in the "Know Your Rights: Workplace Discrimination is Illegal" poster. Our pay transparency policy is available [here](https://www.dol.gov/sites/dolgov/files/OFCCP/pdf/pay-transp_ English_formattedESQA508c.pdf).

Western Digital thrives on the power and potential of diversity. As a global company, we believe the most effective way to embrace the diversity of our customers and communities is to mirror it from within. We believe the fusion of various perspectives results in the best outcomes for our employees, our company, our customers, and the world around us. We are committed to an inclusive environment where every individual can thrive through a sense of belonging, respect and contribution.

Western Digital is committed to offering opportunities to applicants with disabilities and ensuring all candidates can successfully navigate our careers website and our hiring process. Please contact us at [email protected] to advise us of your accommodation request. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.

Based on our experience, we anticipate that the application deadline will be 02/14/2025 (3 months from posting), although we reserve the right to close the application process sooner if we hire an applicant for this position before the application deadline. If we are not able to hire someone from this role before the application deadline, we will update this posting with a new anticipated application deadline.

Compensation & Benefits Details

• An employee’s pay position within the salary range may be based on several factors including but not limited to (1) relevant education; qualifications; certifications; and experience; (2) skills, ability, knowledge of the job; (3) performance, contribution and results; (4) geographic location; (5) shift; (6) internal and external equity; and (7) business and organizational needs.
• The salary range is what we believe to be the range of possible compensation for this role at the time of this posting. We may ultimately pay more or less than the posted range and this range is only applicable for jobs to be performed in California, Colorado, New York or remote jobs that can be performed in California, Colorado and New York. This range may be modified in the future.
• You will be eligible to participate in Western Digital’s Short-Term Incentive (STI) Plan, which provides incentive awards based on Company and individual performance. Depending on your role and your performance, you may be eligible to participate in our annual Long-Term Incentive (LTI) program, which consists of restricted stock units (RSUs) or cash equivalents, pursuant to the terms of the LTI plan. Please note that not all roles are eligible to participate in the LTI program, and not all roles are eligible for equity under the LTI plan. RSU awards are also available to eligible new hires, subject to Western Digital’s Standard Terms and Conditions for Restricted Stock Unit Awards.
• We offer a comprehensive package of benefits including paid vacation time; paid sick leave; medical/dental/vision insurance; life, accident and disability insurance; tax-advantaged flexible spending and health savings accounts; employee assistance program; other voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnity; tuition reimbursement; transit; the Applause Program, employee stock purchase plan, and the Western Digital Savings 401(k) Plan.
• Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.

Manager, Information Security Office (ISO) Consultant

At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other teams within Capital One to push the envelope. You are comfortable with Cloud Service technologies like Storage Services, Security & Access Control Management, Container Services, and API Implementation and Management. You are familiar with various Cloud computing models to include IaaS, PaaS, and SaaS along with their architectural differences. You are enthusiastic about enabling developers to securely develop software efficiently. Security is essential to what we do here, from protecting our customers to our associates.

• Act as a central Information Security point of contact for Delivery Experience teams
• Coordinate and execute proactive Information Security consulting to the business and technology teams covering Infrastructure Security, Resiliency, Data Security, Network Architecture and Design, and User Access Management
• Serve as an expert in Capital One’s Information Security capabilities, solutions, policies, procedures and standards
• Influence customers to leverage security capabilities and solutions to shift and integrate security to the left in the development processes
• Escalate and manage cyber security risk
• Provide ad hoc support on special Information Security hot topics for the business
• Provide regular updates to executive leadership with your line of business on the overall Information Security health and risk environment
• Work with line of business leadership to anticipate their objectives and needs to better serve the line of business

Required Qualifications:

• High School Diploma, GED or equivalent certification
• At least 4 years of experience working in cybersecurity or information technology
• At least 3 years of experience providing guidance and oversight of cyber security concepts
• At least 3 years of experience performing security risk assessments or security architecture reviews
• At least 3 years of experience with software design, networking, or cloud infrastructure

Preferred Qualifications:

• Bachelor’s Degree
• 1+ year of experience in securing a public cloud environment (e.g. AWS, GCP, Azure)
• Experience with Threat Modeling
• Experience with integrating SaaS products into an Enterprise Environment
• Experience with securing Container services
• Professional certifications such as AWS Certified Solutions Architect and Certified Information Systems Security Professional (CISSP)
• Experience in Offensive or Defensive Security techniques
• Experience in a regulated environment
• Experience with the Software Development Life Cycle (SDLC) governance
• Experience with DevSecOps

At this time, Capital One will not sponsor a new applicant for employment authorization, or offer any immigration related support for this position (i.e. H1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN, or another type of work authorization).

The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked.

New York City (Hybrid On-Site): $201,400 - $229,900 for Manager, Cyber Technical

Illinois (Hybrid On-Site): $187,700 - $214,200 for Manager, Cyber Technical

Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate’s offer letter.

This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan.

Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

This role is expected to accept applications for a minimum of 5 business days.

No agencies please. Capital One is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex (including pregnancy, childbirth or related medical conditions), race, color, age, national origin, religion, disability, genetic information, marital status, sexual orientation, gender identity, gender reassignment, citizenship, immigration status, protected veteran status, or any other basis prohibited under applicable federal, state or local law. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City’s Fair Chance Act; Philadelphia’s Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at RecruitingAccommodation@capitalone.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com

Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.

Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).