Professional headshot of Hunter Storm, a global strategic leader, AI expert, cybersecurity expert, quantum computing expert, strategic research and intelligence, singer, and innovator wearing a confident expression. The image conveys authority, expertise, and forward-thinking leadership in cybersecurity, AI security, and intelligence strategy.

Wells Fargo Acting Group Information Security Officer (GISO) | de facto Chief Information Security Officer (CISO), business vertical] | Information Security Consulting (ISC) Lead | Community Banking (CB) (2017)

 

Wells Fargo | Company Overview

Wells Fargo & Company is one of the largest multinational financial services firms in the world and a cornerstone of the U.S. banking system. Headquartered in San Francisco, it ranks within the Fortune 50 and is consistently among the “Big Four” banks in the United States by total assets. With operations in more than 30 countries and tens of millions of customers worldwide, Wells Fargo plays a critical role in consumer banking, commercial lending, and capital markets, maintaining a global presence while remaining deeply embedded in the American financial landscape.

 

Professional Experience

 

Hunter Storm | Acting GISO | de facto CISO

In this Acting GISO / de facto CISO / Shadow Leadership role, held three distinct multi-role scope, prestige, and enterprise-level influence high-level positions simultaneously:

 

Global Information Security Officer (GISO): Business Vertical Scope

  • Responsible for full enterprise-wide risk, security, compliance, and strategy across business vertical.
  • Oversaw operations impacting over $100 billion in revenue, approximately 180 million customers, and global financial networks.

 

Enterprise Cross-Functional Coordinator / Matrix Leader

  • Chaired and facilitated meetings for all GISOs across the enterprise.
  • Aligned strategy, risk mitigation, and policy implementation across multiple business units without formal authority.

 

Acting Executive / Strategic Advisor

  • Served as de facto CISO-level executive in decision-making, program execution, and enterprise initiatives.
  • Mentored dotted-line team members and influenced senior leadership decisions beyond formal reporting line.

 

Led a team of internal information security consultants to provide enterprise security plans (information security risk assessments), risk remediation, risk mitigation, and risk removal strategies for applications, infrastructure, cloud, applications, infrastructures, platforms, mobile, third-party vendors, and all other technological interfaces for Community Banking: Deposit Products Group (DPG), Other / Business Direct (BD), and TRB.

Initiated product changes between business lines, audit, governance, architecture, network, infrastructure, etc. to accomplish goals within expedited timeframes, thereby meeting and exceeding enterprise information security goals and insuring compliance with legal and regulatory issuances.

 

Scope and Scale of Responsibilities

The Wells Fargo Community Banking was the largest footprint in the enterprise. The CB verticals included services and relationships spanning:

  • ATMs
  • bank branches
  • business direct services
  • correspondent banking
  • credit cards and debit cards
  • credit bureau relationships (Lexis Nexis, Equifax, Experian, Trans Union, etc.)
  • multinational banking
  • regional banking
  • third-party vendor relationships
  • software
  • platforms
  • infrastructure (cloud, servers, storage, etc.) across distributed systems, mainframes, and network

 

Provide expert consultation on architecture and design, as well as the results of code review, site review, penetration testing, controls testing, etc. Address proper information protection controls during systems development, including consulting, technology research, architectural alignment assessments, technology roadmaps, blueprints and standards to ensure that systems are designed appropriately and work together effectively for companywide and LOB-specific risk mitigation.

Report and track any outstanding control recommendations via the establishment of Action Plans. Act as liaison between business lines, audit, governance, architecture, network, infrastructure, etc. to bring the right people together in order to accomplish shared goals within expedited timeframes in a way that enables the business to meet both tactical and strategic targets while fulfilling enterprise information security goals and insuring compliance with legal and regulatory issuances. Knowledgeable in all Wells Fargo risk platforms, including Security Planning & Assessment of Risks / Controls (SPARC), Configuration Management Database (CMDB), Information Services Application Inventory (ISAI), Vendor Management System of Record (VSMOR), Third Party Information Management Systems (TRIMS), Control Review Assessment System Plus (CRAS+), and sensitive information tracking databases, as well as most other enterprise systems.

Transformed CB information security consulting team, risk profile, and annual certification risk assessment queue by completely redesigning workflow and processes, working with business leaders and SMEs to address risks, implementing strategic queue management, providing actionable vision and roadmap, as well as applying unconventional training methods. This resulted in the following achievements within only 8 months:

  • Led the weekly Enterprise ISC Lead meeting, comprised of all the ISC Leads (GISOs) across the Wells Fargo Enterprise
  • Created innovative queue management strategy, as well as streamlined and redesigned processes and workflow, that enabled CB to reduce the enterprise security plan queue by 50% in first 2 months leading the team.
  • Led the CB ISC team to become the only team in the WF enterprise to complete not only the CA plans, but to prevent a new CA by completing all overdue security plan certifications from 2016 and even worked the queue to a 3-month lead time for 2017. Accomplished this with a team 85% smaller than the other ISC teams.
  • Reduced risk in CB at 5 times the rate of the WF enterprise. CB attained the lowest risk profile in the enterprise due to dramatically reduced risk ratings and dedicated focus on remediation, testing, and tracking efforts, resulting in CB becoming the only business line within the enterprise to achieve 100% compliance with all FFIEC testing requirements. This also insured that CB passed enterprise FFIEC authentication audit with no findings.
  • Evaluated CB queue and reduced the total number of CB security plans over 50% by consolidating, retiring, and/or moving plans to the appropriate groups.
  • Wrote 77% of CB enterprise security plans, including at least 80%+ of the DPG queue. DPG owns the relationships for and is comprised of the most technologically complex externally facing environments, such as First Data Resources (FDR), Fair Isaac Corporation (FICO), Visa, Mastercard, credit bureaus, etc.), which it not only handles for CB, but for other channels such as Consumer Lending Group (CLG). DPG has the largest number of Federal Financial Institutions Examination Council (FFIEC) test requirements, Code Reviews, and VIPs of the CB channels, including Virtual Channels and Mobile Banking.
  • Mentored and trained the least experienced group of ISCs in the enterprise and developed them into a highly effective, successful team. Mentored and trained the least experienced group of ISCs in the enterprise and developed them into a highly effective, successful team. Accomplished this by training them in enterprise security planning and risk control processes, internal WF tools, information security risk assessment processes, as well as in personal best practices, processes, and workflow management strategies I created and developed over a decade in writing risk assessments. I also taught to most of the WF enterprise ISCs and former ISOs. Dramatically improved team morale, resulting in increased output.

 

Experienced In:

AI (Artificial Intelligence), Anomaly Detection, Audit, Background Check, BCP / DR, Behavioral Analysis, Cloud Computing, Code Review, Compliance, COSO / COBIT, Controls Testing, Credit Reporting, Cryptography, Cyber Security Strategy and Transformation, Data Breaches, Data Classification, Data Exfiltration / DLP, Data Protection, Dodd-Frank, Encryption, ECMP (Enterprise Capacity Management Planning), FFIEC, Firewall, FISMA, Fraud, GLBA, Governance, GRC, HIPAA, Hybrid Threat, IAM, Information Assurance, Information Classification, Insider Threat, IP (Intellectual Property), IP Protection, ISO/IEC 27002, ITIL, Legal, Log Management, Machine Learning, Mainframe, Mobile Device Security, Nation State Cyber Warfare, New Product Development, Neural Networks, NIST, Pattern Analysis, PCI DSS, Physical Security, PKI, Predictive Analysis, Privacy, R&D (Research and Development), Regulatory Compliance, Reputation Management, RFC, RFI, RFP, Risk Management, Risk Mitigation, SDLC, Security Architecture, Security Awareness Training, Security Planning, SEMP, SIEM, Site Assessment, Site Security, Social Engineering, SOX, Strategic Planning & Execution, Strategy, Succession Planning, Vendor Management & Selection, Vulnerability Assessment

 

Discover More from Hunter Storm