Professional headshot of Hunter Storm, a global strategic leader, AI expert, cybersecurity expert, quantum computing expert, strategic research and intelligence, singer, and innovator wearing a confident expression. The image conveys authority, expertise, and forward-thinking leadership in cybersecurity, AI security, and intelligence strategy.

Wells Fargo Acting GISO (Group Information Security Officer) | Information Security Consulting Lead (ISC) | Community Banking (CB) (2017)

Led a team of internal information security consultants to provide enterprise security plans (information security risk assessments), risk remediation, risk mitigation, and risk removal strategies for applications, infrastructure, cloud, applications, infrastructures, platforms, mobile, third-party vendors, and all other technological interfaces for Community Banking: Deposit Products Group (DPG), Other / Business Direct (BD), and TRB.

Initiated product changes between business lines, audit, governance, architecture, network, infrastructure, etc. to accomplish goals within expedited timeframes, thereby meeting and exceeding enterprise information security goals and insuring compliance with legal and regulatory issuances.

 

Scope and Scale of Responsibilities

The Wells Fargo Community Banking was the largest footprint in the enterprise. The CB verticals included services and relationships spanning:

  • ATMs
  • bank branches
  • business direct services
  • correspondent banking
  • credit cards and debit cards
  • credit bureau relationships (Lexis Nexis, Equifax, Experian, Trans Union, etc.)
  • multinational banking
  • regional banking
  • third-party vendor relationships
  • software
  • platforms
  • infrastructure (cloud, servers, storage, etc.) across distributed systems, mainframes, and network

 

Provide expert consultation on architecture and design, as well as the results of code review, site review, penetration testing, controls testing, etc. Address proper information protection controls during systems development, including consulting, technology research, architectural alignment assessments, technology roadmaps, blueprints and standards to ensure that systems are designed appropriately and work together effectively for companywide and LOB-specific risk mitigation.

Report and track any outstanding control recommendations via the establishment of Action Plans. Act as liaison between business lines, audit, governance, architecture, network, infrastructure, etc. to bring the right people together in order to accomplish shared goals within expedited timeframes in a way that enables the business to meet both tactical and strategic targets while fulfilling enterprise information security goals and insuring compliance with legal and regulatory issuances. Knowledgeable in all Wells Fargo risk platforms, including Security Planning & Assessment of Risks / Controls (SPARC), Configuration Management Database (CMDB), Information Services Application Inventory (ISAI), Vendor Management System of Record (VSMOR), Third Party Information Management Systems (TRIMS), Control Review Assessment System Plus (CRAS+), and sensitive information tracking databases, as well as most other enterprise systems.

Transformed CB information security consulting team, risk profile, and annual certification risk assessment queue by completely redesigning workflow and processes, working with business leaders and SMEs to address risks, implementing strategic queue management, providing actionable vision and roadmap, as well as applying unconventional training methods. This resulted in the following achievements within only 8 months:

  • Led the weekly Enterprise ISC Lead meeting, comprised of all the ISC Leads (GISOs) across the Wells Fargo Enterprise
  • Created innovative queue management strategy, as well as streamlined and redesigned processes and workflow, that enabled CB to reduce the enterprise security plan queue by 50% in first 2 months leading the team.
  • Led the CB ISC team to become the only team in the WF enterprise to complete not only the CA plans, but to prevent a new CA by completing all overdue security plan certifications from 2016 and even worked the queue to a 3-month lead time for 2017. Accomplished this with a team 85% smaller than the other ISC teams.
  • Reduced risk in CB at 5 times the rate of the WF enterprise. CB attained the lowest risk profile in the enterprise due to dramatically reduced risk ratings and dedicated focus on remediation, testing, and tracking efforts, resulting in CB becoming the only business line within the enterprise to achieve 100% compliance with all FFIEC testing requirements. This also insured that CB passed enterprise FFIEC authentication audit with no findings.
  • Evaluated CB queue and reduced the total number of CB security plans over 50% by consolidating, retiring, and/or moving plans to the appropriate groups.
  • Wrote 77% of CB enterprise security plans, including at least 80%+ of the DPG queue. DPG owns the relationships for and is comprised of the most technologically complex externally facing environments, such as First Data Resources (FDR), Fair Isaac Corporation (FICO), Visa, Mastercard, credit bureaus, etc.), which it not only handles for CB, but for other channels such as Consumer Lending Group (CLG). DPG has the largest number of Federal Financial Institutions Examination Council (FFIEC) test requirements, Code Reviews, and VIPs of the CB channels, including Virtual Channels and Mobile Banking.
  • Mentored and trained the least experienced group of ISCs in the enterprise and developed them into a highly effective, successful team. Mentored and trained the least experienced group of ISCs in the enterprise and developed them into a highly effective, successful team. Accomplished this by training them in enterprise security planning and risk control processes, internal WF tools, information security risk assessment processes, as well as in personal best practices, processes, and workflow management strategies I created and developed over a decade in writing risk assessments. I also taught to most of the WF enterprise ISCs and former ISOs. Dramatically improved team morale, resulting in increased output.

 

Experienced In:

AI (Artificial Intelligence), Anomaly Detection, Audit, Background Check, BCP / DR, Behavioral Analysis, Cloud Computing, Code Review, Compliance, COSO / COBIT, Credit Reporting, Cryptography, Cyber Security Strategy and Transformation, Data Breaches, Data Classification, Data Exfiltration / DLP, Data Protection, Dodd-Frank, Encryption, ECMP (Enterprise Capacity Management Planning), FFIEC, Firewall, FISMA, Fraud, GLBA, Governance, GRC, HIPAA, Hybrid Threat, IAM, Information Assurance, Information Classification, Insider Threat, IP (Intellectual Property), IP Protection, ISO/IEC 27002, ITIL, Legal, Log Management, Machine Learning, Mainframe, Mobile Device Security, Nation State Cyber Warfare, New Product Development, Neural Networks, NIST, Pattern Analysis, PCI DSS, Physical Security, PKI, Predictive Analysis, Privacy, R&D (Research and Development), Regulatory Compliance, Reputation Management, RFC, RFI, RFP, Risk Management, Risk Mitigation, SDLC, Security Architecture, Security Awareness Training, Security Planning, SEMP, SIEM, Site Security, Social Engineering, SOX, Strategic Planning & Execution, Strategy, Succession Planning, Vendor Management & Selection, Vulnerability Assessment.

 

Discover More from Hunter Storm