IT Senior Audit Manager - Information Security & IT Governance Audit Teams

Wells Fargo | Denver, CO

Posted Date 9/12/2019

At Wells Fargo, we want to satisfy our customers’ financial needs and help them succeed financially. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

Wells Fargo Audit Services (WFAS) conducts audits and reports the results of our work to the Audit & Examinations Committee of the Board of Directors. We provide independent, objective assurance and consulting services delivered through a highly competent and diverse team. As a business partner, Audit Services helps the Company accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

The WFAS Enterprise Technology Audit Group (ETAG) is looking for two (2) IT Senior Audit Managers (Information Security Audit Team and IT Governance Audit Team) who will manage a team of 10 to 12 professional IT auditors and technical SMEs in the execution of audit activities across Wells Fargo’s technology and security infrastructure. Candidates must demonstrate in-depth subject matter expertise in a number of technical focus areas.

Responsibilities include:

  • Creating/managing the technology information security audit coverage strategy, including strategy design, audit execution, and coordination with other audit teams on key infrastructure and information security related controls that are tested within a variety of different audit projects 
  • Maintaining effective relationships with senior management
  • Overseeing audit projects
  • Supervising and coaching audit managers, subject matter experts, and audit staff
  • Providing for staff development through mentoring, training, and reviewing audit work
  • Leading special projects
  • Analyzing emerging issues
  • Escalating risks and recommending controls to stakeholders
  • Editing audit reports
  • Assisting with Audit Committee reporting

The IT Senior Audit Manager is responsible for establishing the overall strategy for auditing assigned areas of responsibility as well as identifying and evaluating emerging areas of Information Security and Technology Risk. Responsibilities also include the completion of a periodic risk assessment and the creation and completion of an annual audit coverage plan. The IT Senior Audit Manager is responsible for providing and supporting the audit and reporting needs of the Audit Director, Executive Audit Director, and Chief Auditor in all matters related to significant information security and technology infrastructure issues. A critical component of this role is designing audit coverage strategies and communicating technically complex internal control issues and business risk in a clear non-technical manner.

The IT Senior Audit Manager is responsible for the creation and maintenance of effective relationships with the senior executives throughout the bank, and with regulators and external auditors. The IT Senior Audit Manager is expected to provide leadership to the team and audit department, and to promote the goals and the culture of Wells Fargo, including the recognition of individual performance and contributions.

Staff Development:
The IT Senior Audit Manager is responsible for developing, coaching, and mentoring audit managers and staff. In addition, the development and maintenance of effective staff skills, competencies, and behaviors necessary to perform high quality audit work in a very large scale and technically complex environment are integral components of the role. The attention to staff development and promulgation of Wells Fargo’s core values, including the commitment to creating and maintaining a diverse and inclusive work environment, are important performance factors.

As a Team Member Manager, you are expected to achieve success by leading yourself, your team, and the business. Specifically you will:

  • Lead your team with integrity and create an environment where your team members feel included, valued, and supported to do work that energizes them.
  • Accomplish management responsibilities which include sourcing and hiring talented team members, providing ongoing coaching and feedback, recognizing and developing team members, identifying and managing risks, and completing daily management tasks.

Required Qualifications
  • 8+ years of experience in one of the following: audit, technology risk management, information security, IT program management, technology governance, or availability management
  • 2+ years of leadership or management experience

Desired Qualifications
  • A BS/BA degree or higher in accounting, finance, or business administration
  • Risk or compliance experience
  • Solid knowledge and understanding of audit methodologies and tools that support audit processes
  • Certification in one or more of the following: CPA, CAMS, CRCM, CIA, CISA or Commissioned Bank Examiner designation
  • Leadership experience for professional auditors, risk management, or project leadership professionals
  • Audit experience at a large financial institution or auditing company.

Other Desired Qualifications
  • Proven experience as a technical subject matter expert:
    • In depth knowledge of industry frameworks for managing technology/information security and related risk (e.g., NIST, SANS, ISO 27001, COBIT)
    • In depth knowledge of some of the following technical areas of focus or concepts:
      • Distributed server platform management (Windows, UNIX Operating Systems)
      • Mainframe platform management (z/OS)
      • Midrange platform management (iSeries)
      • Database management (Oracle, DB2, SQL, etc.)
      • Middleware management (Apache, WebLogic, etc.)
      • Data center management, including physical security and environmental controls
      • Change, problem, and incident management
      • Vulnerability, patch, system lifecycle, and configuration management
      • IT governance
      • IT Asset Management
      • Network and Perimeter - knowledge of Microsoft Windows Active Directory, LDAP, Internet and network security technologies such as: TCP/IP, firewalls, routers, switches, IDS/IPS, Anti-Virus, SIEM, Web Proxy, VPN, Encryption technologies, products, etc. 
      • Secure coding - experience looking for security vulnerabilities such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc.; familiarity with server, network, database, and application security hardening
  • Experience designing and implementing an operational risk program and/or overseeing the ongoing execution of an operational risk program for technology and information security
  • Experience assessing system availability, functionality, and information security risks
  • Technical experience in technology management, engineering, or consulting
  • Proven project management skills; ability to effectively lead project teams, develop and communicate recommendations, and provide effective performance feedback to managers and team members
  • Mature planning, organizing, and directing skills to include relationship and teaming ability through excellent listening and communication skills
  • Self-awareness, conflict resolution skills, strong sense of individual accountability, and passion for learning are critical
  • Ideal candidate will possesses a great degree of natural curiosity and professional skepticism
  • Excellent analytical skills
  • Excellent verbal and written communication skills 
  • Strong track record of influencing senior management and leading change on both strategic and tactical initiatives

Job Expectations
  • Ability to travel up to 20% of the time

Street Address

CO-Denver: 1700 Lincoln St - Denver, CO
AZ-PHX-Central Phoenix: 100 W Washington St - Phoenix, AZ
MN-Minneapolis: 600 S 4th St - Minneapolis, MN
CA-SF-Financial District: 420 Montgomery - San Francisco, CA
PA-Philadelphia: 1 S Broad St - Philadelphia, PA
NC-Charlotte: 301 S College St - Charlotte, NC
TX-San Antonio: 4101 Wiseman Blvd - San Antonio, TX
MO-Saint Louis: 1 N Jefferson Ave - Saint Louis, MO
IA-Des Moines: 800 Walnut St - Des Moines, IA


All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

Share this job