Lead Information Security Analyst - GRC Project Leadership

About this role:
Wells Fargo is seeking a Lead Information Security Analyst to join a dynamic team dedicated to safeguarding our customers and the company's most critical assets. In this pivotal role, you will provide technical leadership in Cybersecurity Governance, Risk, and Compliance while driving projects and mentoring team members to achieve exceptional results. You're the kind of person who can lead, is coachable and enjoys partnering with others to complete projects.
The position requires deep expertise in policy compliance and vulnerability management, with a strong focus on cryptography, encryption key lifecycle management, and digital certificate governance. The ideal candidate will have demonstrated experience in designing and implementing policy compliance or vulnerability management programs and leading initiatives or teams to successful completion. Most of all we need a person who can manage cyber projects, has keen organizational skills and is highly collaborative.
This is a hybrid role at Wells Fargo.
There is no Visa sponsorship or Visa Transfers.
The position is seated in the location posted on the requisition.
In this role, you will:

• Provide advanced information security consultation for policy compliance, risk management, security controls and remediation monitoring
• Lead projects and coordinate team efforts to ensure timely delivery of security initiatives
• Direct information security risk assessment and research, and recommend remediation plans and strategies
• Perform Governance, Risk, and Compliance activities to identify and prioritize key risk areas, monitor remediation, and escalate critical risks to senior management
• Conduct user engagement on vulnerabilities and identified areas of policy non-adherence, report and advise on moderately complex remediation or mitigation plans
• Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, encryption keys and digital certificates
• Review and correlate technical data such as vulnerability or endpoint scanning reports (e.g., Qualys, Tanium), key and certificate management reports, and security logs
• Analyze identified vulnerabilities, assess their potential impact, and prioritize remediation efforts based on risk levels
• Develop and maintain security policies and procedures related to information protection, encryption, and certificate management
• Create detailed process documentation and governance artifacts for security controls, metrics, and escalation routines

Required Qualifications:

• 5+ years of Information Security experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 4+ years in a vulnerability management or governance, risk and compliance role, identifying and prioritizing areas of policy non-adherence, report development, remediation monitoring and escalation to senior management
• Strong experience with vulnerability or endpoint scanning tools (e.g., Qualys, Tanium)
• Solid understanding of cryptography, encryption key management, and digital certificate lifecycle
• Proven ability to lead projects and/or teams, including planning, coordination, and delivery

Desired Qualifications:

• IT Security certification (CISSP, CRISC, GIAC, Cloud, etc)
• Demonstrated expertise of Governance, Risk and Compliance principles for monitoring adherence to Information Security policies
• Experience with or strong conceptual understanding of data protection principles, frameworks and technologies
• Knowledge of Cloud service providers such as Amazon Web Services (AWS), Google Cloud Platform (GCP) or MS Azure
• Documentation skills including design diagrams, process flows, security controls and evidence archival
• Proven ability to plan, manage, and deliver complex projects or security initiatives, including defining scope, setting timelines, coordinating resources, and ensuring successful outcomes
• Knowledge of financial institution security procedures and data protection principles
• Experience with Agile methodology and product delivery
• Ability to communicate confidently and professionally
• Ability to negotiate, influence, and collaborate to build successful relationships
• Strong time management skills including the ability to handle multiple deliverables concurrently
• Ability to influence across all organizational levels

Job Expectations:

• Work independently and lead governance routines on a regular cadence
• Identify security vulnerabilities, perform product mapping, conduct trend analysis, perform risk assessments, and evaluate remediation alternatives
• Engage with stakeholders to monitor remediation and escalate critical risks
• Prepare executive ready
• Develop and maintain documentation for security controls and metrics, governance routines, escalation events, and consequence model
• Drive continuous improvement in policy adherence monitoring, vulnerability management and cryptographic security processes

Posting End Date:
1 Feb 2026
*Job posting may come down early due to volume of applicants.
We Value Equal Opportunity
Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.
Applicants with Disabilities
To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .
Drug and Alcohol Policy
Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.
Wells Fargo Recruitment and Hiring Requirements:
a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.