19 days old

Information Security Manager 2 - Security Code Review Validation Review

San Francisco, CA
  • Job Code
Job Description

Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.

Enterprise Information Securitys (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargos infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.

The EIS Security Code Review (SCR) team provides application vulnerability and risk identification for many of the critical applications used by Wells Fargo, from an automated and manual static analysis (code level) perspective.

Within the Cyber Security Defense and Monitoring (CSD&M) organization, this Information Security Manager position will lead the SCR Validation Review team. This is an exciting ground-floor opportunity to build out a fully functional, new team, while leveraging mature security code review processes, that will be responsible for the validation of code level security remediation by the business for all public facing applications, internally hosted and vendor hosted, supporting local, vendor-integrated, and remote review capabilities.

SCR Validation Review capabilities will support over 30 different language technologies that vary between reviews, with the majority split between both Microsoft and Java-based technologies. This process must enable and support diverse and niche directions in Wells Fargo application technology roadmap.

This leadership position will report directly to the Security Code Review Leader within Cyber Threat Management (CTM), and will be managing and leading a high performance team of security engineers focused on driving success of manual and automated validation review capabilities within the SCR Team that operates as part of CTM within EIS CSD&M. This is an exciting opportunity as Wells Fargo continues to improve and expand our core capabilities in application vulnerability remediation, validation and reporting.

This position will require leadership in ensuring that standard processes and procedures are implemented and followed in SCR validation review practices, ensures SCR compliance to best practices, standards and security requirements, and supports all aspects of validation review.

This position will manage a team inclusive of US and India based team members spread across several locations. Works with and influences information security and line of business management to identify, formulate and implement security validation review solutions in support of diverse application technologies. Team may be responsible for complex and innovative solutions addressing application security vulnerability detection, validation and reporting as well as evaluation of software, and analyzing proof-of-concept results to make decisions on software acceptance and use.

The position will be responsible for establishing/maintaining effective communication and collaboration between many internal and external technology/business units as well as exercise the usual authority of a manager including budgeting and staff management.

Maintains an advanced awareness of bank security policies and government regulations pertaining to information security and participates in recommending changes to information security policy, standards and procedures as needed for SCR processes/systems/tools.

Required Qualifications

  • 7+ years of experience in one or a combination of the following: information security, IT systems security or technology experience that includes 2+ years direct experience in information security
  • 2+ years of leadership experience in an Information Security or IT environment
  • 4+ years application security vulnerability detection and mitigation experience with Open Web Application Security Project (OWASP) Top 10 and SANS Common Weakness Enumeration Top 25
  • 4+ years of web applications experience
  • 4+ years of SAST (Static Analysis Software Testing) experience
  • 1+ year of relational database experience

Desired Qualifications

  • Experience managing a technology infrastructure function, application or information security function that has impact across multiple lines of business
  • Excellent verbal, written, and interpersonal communication skills
  • Ability to effectively influence and interact with all levels of an organization
  • Virtual leadership experience with ability to effectively drive results, provide feedback/direction, and manage and build relationships with leaders and team members in a geographically dispersed team environment
  • Ability to positively influence, motivate, and direct diverse teams in a shift based, decentralized, and geographically dispersed environment
  • Ability to identify and manage complex issues and negotiate solutions within a geographically dispersed organization
  • Ability to translate and summarize complex data into understandable, actionable information and recommendations
  • Ability to translate and present complex technical data across technical and non-technical groups
  • Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis
  • Knowledge and understanding of J2EE
  • Knowledge and understanding of .net
  • Knowledge and understanding of C++
  • SAST (Static Analysis Software Testing) experience

Other Desired Qualifications
  • 5 years of experience in J2EE/JEE and/or .NET development, and/or secure code review/secure static code analysis
  • 1 year of experience with relational databases (e.g. Oracle, MS SQL Server, etc.) from an application/software development perspective
  • Knowledge and understanding of mobile technologies
  • Advanced Information Security technical skills and understanding of information security practices and policies
  • Understands application security as it relates to development, infrastructure, data classifications, policy, etc.
  • Understands security code review and can assess and recommend areas for technological improvement including changes to software, tools, processes, etc.
  • In-depth knowledge and understanding of web applications, including various languages and frameworks (i.e. Java, ASP.NET, C++, C#, Struts, Spring MVC, .Net MVC, Python, Apex, XML, Objective-C, etc.).
  • Experience with Fortify SCA and/or Checkmarx.
  • CISSP, CSSLP, GSSP, or comparable security certification
  • Knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications.
  • Ability to handle multiple complex assignments simultaneously
  • Experience working with technology vendors
  • Knowledge and understanding of SPARC (Security Planning & Assessment of Risks / Controls)
  • Ability to stay current with emerging technologies and industry trends
  • Ability to handle difficult situations and to provide alternative solutions or workarounds
  • Flexible and creative in helping to find acceptable solutions


All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.



  • Engineering
  • Government
  • Information Technology
  • Security / Protective Services
  • Legal

Featured Jobs

Career News

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Information Security Manager 2 - Security Code Review Validation Review

Wells Fargo
San Francisco, CA

Share this job

Information Security Manager 2 - Security Code Review Validation Review

Wells Fargo
San Francisco, CA

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast