Wells Fargo de facto Chief Information Security Officer (CISO) | Acting Group Information Security Officer Acting (GISO) | Information Security Consulting (ISC) Lead | Community Banking (CB) Business Vertical (2017)

 

Cybersecurity Executive | Crisis and Turnaround Leadership | Building Next-Gen Security for Emerging Threats

 

Rapid Response Executive | Innovation Lead | Strategic Operations Leader | Transformation Lead | Turnaround Specialist

 

Wells Fargo | Company Overview

Wells Fargo & Company is one of the largest multinational financial services firms in the world and a cornerstone of the U.S. banking system. Headquartered in San Francisco, it ranks within the Fortune 50 and is consistently among the “Big Four” banks in the United States by total assets. With operations in more than 30 countries and tens of millions of customers worldwide, Wells Fargo plays a critical role in consumer banking, commercial lending, and capital markets, maintaining a global presence while remaining deeply embedded in the American financial landscape. At one point, Wells Fargo was the fourth largest company in the world.

 


Professional Experience

 

Brand Statement

Hunter Storm is the CISO organizations call when the unthinkable happens — crisis, breach, or systemic failure — to restore order, mitigate risk, and rebuild trust. Part crisis commander, part innovator — she steps in when security failures or new threats demand a leader who can both restore order and build what comes next.

Delivers enterprise-scale security and operational turnarounds with precision and discretion. Trusted to navigate high-risk, complex environments, neutralize emerging threats, and implement sustainable strategies—often unseen, but always effective.

  • Strategic Crisis Executive
  • Resiliency Architect
  • Cyber and Risk Turnaround Leader

 


Hunter Storm | Acting GISO | de facto CISO

Led enterprise-wide initiatives and risk mitigation strategies that ensured operational continuity for millions of customers and billions in revenue, often navigating complex crises and regulatory challenges behind the scenes. While outcomes were seamless to most stakeholders, the work required orchestrating teams, systems, and processes at a level rarely visible outside executive oversight.

In this Acting GISO | de facto CISO | Shadow Leadership role, Hunter Storm held three distinct multi-role scope, prestigious, and enterprise-level influence high-level positions simultaneously:

 

Group Information Security Officer (GISO) | Community Banking Business Vertical Scope

Oversaw operations impacting over $100 billion in revenue, approximately 70 million customers, and global financial networks. For comparison, this was roughly equivalent to the Gross Domestic Product (GDP) of a small to mid-sized country, such as Hungary, and the population of a medium-sized nation, such as France or Italy, spread across multiple continents. Operations spanning 30+ countries — bigger than many multinational conglomerates. Touchpoints included ATMs, bank branches, online and mobile banking, credit bureaus, and third-party platforms — essentially a financial ecosystem the size of a small nation. Tasked with stabilizing security and compliance for an operation larger than most sovereign economies, four layers below the CEO, during a high-profile regulatory crisis.

  • Responsible for full enterprise-wide risk, security, compliance, and strategy across Community Banking business vertical.
  • Assumed de facto CISO responsibilities for Community Banking, four levels below the Chief Executive Officer (CEO), during a period of heightened regulatory and reputational crisis.
  • Engaged shortly before the sales practices scandal became public, and was tasked with stabilizing overdue security and compliance operations — including bringing the annual security plan certifications back into alignment under accelerated deadlines.
  • Directed division-wide cyber risk, governance, and compliance strategy to restore operational credibility and executive confidence.

 

Known for being the trusted leader executives call when the stakes are highest — brought in to stabilize high-risk environments, restore compliance and security credibility, and design long-term strategies others can build on.

High-stakes crisis strategist, chaos cleaner, the one they bring in when the “normal” CISO skillset isn’t enough.

Skills:

  • High-stakes fixer
  • Crisis stabilizer
  • Strategic closer

 

Enterprise Cross-Functional Coordinator | Matrix Leader

  • Chaired and facilitated meetings for all GISOs across the enterprise.
  • Aligned strategy, risk mitigation, and policy implementation across multiple business units without formal authority.

 

Acting Executive | Strategic Advisor

  • Served as de facto Chief Information Security Officer (CISO)-level executive in decision-making, program execution, and enterprise initiatives.
  • Mentored dotted-line team members and influenced senior leadership decisions beyond formal reporting line.

 


Led a team of internal information security consultants to provide enterprise security plans (information security risk assessments), risk remediation, risk mitigation, and risk removal strategies for applications, infrastructure, cloud, applications, infrastructures, platforms, mobile, third-party vendors, and all other technological interfaces for Community Banking: Deposit Products Group (DPG), Other | Business Direct (BD), and TRB.

Initiated product changes between business lines, audit, governance, architecture, network, infrastructure, etc. to accomplish goals within expedited timeframes, thereby meeting and exceeding enterprise information security goals and insuring compliance with legal and regulatory issuances.

 

Scope and Scale of Responsibilities

The Wells Fargo Community Banking was the largest footprint in the enterprise. The CB verticals included services and relationships spanning:

  • ATMs
  • bank branches
  • business direct services
  • correspondent banking
  • credit cards and debit cards
  • credit bureau relationships (Lexis Nexis, Equifax, Experian, Trans Union, etc.)
  • multinational banking
  • regional banking
  • third-party vendor relationships
  • software
  • platforms
  • infrastructure (cloud, servers, storage, etc.) across distributed systems, mainframes, and network

 

Provide expert consultation on architecture and design, as well as the results of code review, site review, penetration testing, controls testing, etc. Address proper information protection controls during systems development, including consulting, technology research, architectural alignment assessments, technology roadmaps, blueprints and standards to ensure that systems are designed appropriately and work together effectively for companywide and LOB-specific risk mitigation.

Report and track any outstanding control recommendations via the establishment of Action Plans. Act as liaison between business lines, audit, governance, architecture, network, infrastructure, etc. to bring the right people together in order to accomplish shared goals within expedited timeframes in a way that enables the business to meet both tactical and strategic targets while fulfilling enterprise information security goals and insuring compliance with legal and regulatory issuances. Knowledgeable in all Wells Fargo risk platforms, including Security Planning & Assessment of Risks | Controls (SPARC), Configuration Management Database (CMDB), Information Services Application Inventory (ISAI), Vendor Management System of Record (VSMOR), Third Party Information Management Systems (TRIMS), Control Review Assessment System Plus (CRAS+), and sensitive information tracking databases, as well as most other enterprise systems.

Transformed CB information security consulting team, risk profile, and annual certification risk assessment queue by completely redesigning workflow and processes, working with business leaders and SMEs to address risks, implementing strategic queue management, providing actionable vision and roadmap, as well as applying unconventional training methods. This resulted in the following achievements within only 8 months:

  • Led the weekly Enterprise ISC Lead meeting, comprised of all the ISC Leads (GISOs) across the Wells Fargo Enterprise
  • Created innovative queue management strategy, as well as streamlined and redesigned processes and workflow, that enabled CB to reduce the enterprise security plan queue by 50% in first 2 months leading the team.
  • Led the CB ISC team to become the only team in the WF enterprise to complete not only the CA plans, but to prevent a new CA by completing all overdue security plan certifications from 2016 and even worked the queue to a 3-month lead time for 2017. Accomplished this with a team 85% smaller than the other ISC teams.
  • Reduced risk in CB at 5 times the rate of the WF enterprise. CB attained the lowest risk profile in the enterprise due to dramatically reduced risk ratings and dedicated focus on remediation, testing, and tracking efforts, resulting in CB becoming the only business line within the enterprise to achieve 100% compliance with all FFIEC testing requirements. This also insured that CB passed enterprise FFIEC authentication audit with no findings.
  • Evaluated CB queue and reduced the total number of CB security plans over 50% by consolidating, retiring, and/or moving plans to the appropriate groups.
  • Wrote 77% of CB enterprise security plans, including at least 80%+ of the DPG queue. DPG owns the relationships for and is comprised of the most technologically complex externally facing environments, such as First Data Resources (FDR), Fair Isaac Corporation (FICO), Visa, Mastercard, credit bureaus, etc.), which it not only handles for CB, but for other channels such as Consumer Lending Group (CLG). DPG has the largest number of Federal Financial Institutions Examination Council (FFIEC) test requirements, Code Reviews, and VIPs of the CB channels, including Virtual Channels and Mobile Banking.
  • Mentored and trained the smallest and least experienced group of ISCs in the enterprise and developed them into a highly effective, successful team. Accomplished this by training them in enterprise security planning and risk control processes, internal WF tools, information security risk assessment processes, as well as in personal best practices, processes, and workflow management strategies created and developed over a decade in writing risk assessments. Taught novel methodologies to most of the WF enterprise ISCs and former ISOs. Dramatically improved team morale, resulting in increased output.

 


Experienced In:

AI (Artificial Intelligence), Anomaly Detection, Audit, Background Check, Bank Secrecy Act (BSA), BCP / DR, Behavioral Analysis, Cloud Computing, Code Review, Compliance, COSO / COBIT, Consumer Financial Protection, Controls Testing, Credit Reporting, Cryptography, Cyber Security Strategy and Transformation, Data Breaches, Data Classification, Data Exfiltration / DLP, Data Protection, Dodd-Frank, Encryption, ECMP (Enterprise Capacity Management Planning), FFIEC, Firewall, FISMA, Fraud, GLBA, Governance, GRC, HIPAA, Hybrid Threat, IAM, Information Assurance, Information Classification, Insider Threat, IP (Intellectual Property), IP Protection, ISO/IEC 27002, ITIL, Legal, Log Management, Machine Learning, Mainframe, Mobile Device Security, Nation State Cyber Warfare, New Product Development, Neural Networks, NIST, Pattern Analysis, PCI DSS, Physical Security, PKI, Predictive Analysis, Privacy, R&D (Research and Development), Regulatory Compliance, Reputation Management, RFC, RFI, RFP, Risk Assessment, Risk Management, Risk Mitigation, SDLC, Security Architecture, Security Awareness Training, Security Planning, SEMP, SIEM, Site Assessment, Site Security, Social Engineering, SOX, Strategic Planning & Execution, Strategy, Succession Planning, Vendor Management & Selection, Vulnerability Assessment

 


Discover More from Hunter Storm