Principal Auditor / Enterprise Technology - Information Security

Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume when submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as “Personal Cell” or “Cellular” in the contact information of your application.

At Wells Fargo, we are looking for talented people who will put our customers at the center of everything we do. We are seeking candidates who embrace diversity, equity and inclusion in a workplace where everyone feels valued and inspired.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

Internal Audit is a provider of independent, objective assurance services delivered through a highly competent and diverse team. As a business partner, Audit helps the company accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The Enterprise Technology Audit Group - Information Security Audit Team is looking to fill a Principal Auditor position to support the coverage of Wells Fargo’s core Information Security and Cybersecurity controls (e.g., Cyber Threat Fusion Center, Data Loss Protection, Security Information and Event Management, Cryptographic Services, Patch and Vulnerability Management, Network Security Management, Access Management, Third Party Information Security Management etc.). We’re building a Cybersecurity Audit function for the future and looking for high-energy talent to join us on our journey!
You’ll be part of a team that provides audit coverage of the controls and tools that provide the front line protection for the Bank’s critical systems and data. Given the dynamic nature of the external threat landscape, you’ll be exposed to cutting edge technology and threat management techniques. We’re looking for team members that have a passion for Cybersecurity and a continual thirst for knowledge in this fascinating and critical space!

The Role

• Principal Auditor’s in the ETAG Team report to Senior Audit Managers. Key responsibilities for this role are:
• Responsible for performing audit testing of moderately complex to very complex components of assigned audits within multiple segments of the Audit Plan.
• Leads timely planning and execution of an assigned audit test.
• Assigned to projects ranging in size and complexity based upon level of experience.
• May perform auditor-in-charge responsibilities as assigned.
• Provides timely and quality work product.
• Ensures documentation and reporting are ready for review by managers and senior managers.
• Develops and maintains strong business relationships within Internal Audit and with teams across the enterprise.
• Ensures audit programs and testing are risk-based, and executed according to Internal Audit policies and guidance.
  

• 
  5+ years of experience in one or a combination of the following audit or risk functions: covering risk identification, mitigation and management (includes audit, legal, operational risk, compliance risk, credit risk, market risk, technology risk, or the management of a process or business with accountability for risk.) demonstrated through work or military experience

• 
  Experience at a financial institution or accounting firm
• A BS/BA degree or higher
• Solid knowledge and understanding of audit or risk methodologies and supporting tools
• Certification in one or more of the following: CPA, CAMS, CRCM, CIA, CISA or Commissioned Bank Examiner designation
• Excellent verbal, written, and interpersonal communication skills
• Strong organizational, multi-tasking, and prioritizing skills
• Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important
• Ability to execute in a fast paced, high demand, environment while balancing multiple priorities
• Solid problem solving skills
• Good analytical skills with high attention to detail and accuracy

• Demonstrate professional skepticism and exercise superior judgment when evaluating the business impact and significance of audit findings.
• Experience performing risk assessments and/or audits of third party technology and information and cyber security risks.
• Demonstrated experience assessing scaled and highly complex environments, preferably in the financial services sector. Knowledge of IT, information security and Cloud management and control frameworks (e.g. NIST Cybersecurity Framework and 800-53, CIS Top 20 Critical Security Controls, FFIEC IT Examination Handbooks, COBIT, FedRAMP, ISO 2700x, ITIL).
• CISSP, CCSP, CCAK and Ethical Hacker certifications would be highly regarded, as well as CSX Nexus Cybersecurity and Cybersecurity Audit Certificates from ISACA.
• Experience assessing Cyber Threat Fusion Center controls, techniques and tools; cryptographic controls and solutions; logging and monitoring, anti-virus, network security, data loss protection, vulnerability, configuration and patch management controls.
• Experience assessing Identity and Access Management programs, familiarity with relevant access management tools and processes.
• High–energy self-starter who thrives in large, complex environments and challenging situations; must have the ability to adapt to change quickly and adjust work in a positive, professional manner; ability to work in a dynamic environment with multiple time constraints.
• Experience working in a highly formal audit environment, including preparation of formal test of design and test of effectiveness work-papers, sample selection through use of formal sample selection tools, process and control flow-charting, and audit methodology compliance.
• Outstanding problem solving and analytical skills with ability to turn findings into strategic imperatives.
• Ability to communicate effectively, in both written and verbal formats, with senior executive-level leaders.

• 
  Ability to travel up to 10% of the time

NC-Charlotte: 301 S College St - Charlotte, NC
NC-Charlotte: 1525 W Wt Harris Blvd - Charlotte, NC
MN-Minneapolis: 600 S 4th St - Minneapolis, MN
AZ-Chandler: 2600 S Price Rd - Chandler, AZ
TX-Addison: 5080 Spectrum Dr - Addison, TX