Full Job Description
Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume when submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as “Personal Cell” or “Cellular” in the contact information of your application.
At Wells Fargo, we have one goal: to satisfy our customers’ financial needs and help them achieve their dreams. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Wells Fargo Technology offers technology and services that exceed Wells Fargo customers’ expectations and directly enable them to succeed financially. We interact with customers more than 12 billion times a year through in-store, online, ATM, and telephone transactions. We impact customers directly, through systems availability and security, as well as indirectly, through our business partners who offer and deliver a myriad of products and services that meet customers’ financial needs. We provide a competitive advantage for the company through excellence in fundamentals, integrated partnerships, and our talented and engaged team members.
The Technology Control group resides within the overall Wells Fargo Technology organization. Its functions improve how we own, assess, manage, and report technology risks, while ensuring that we have strong technology risk expertise, employ the concept of risk management as a utility – operationalizing for efficiency, and move us to progressive risk management based on data and analytical processes.
This role will have accountability for risk management within the Technology division as Front Line Risk within Technology Control. The environment continues to be one of heightened standards, raised risk consciousness and regulatory requirements.
This role has been created in alignment with the Wells Fargo Risk Management Framework. As the front line technology Business Risk & Control Officer, this role assures real risk reduction within the divisions, consistent with the Wells Fargo Vision & Values, and the Wells Fargo risk appetite.
Identify & Assess:
- Develop, implement and support a Technology Risk Framework in alignment with Wells Fargo Risk Management Framework
- Document risk(s) within established and new line of business products/services and shared services IT processes/products/services
- Evaluate risks and prioritize risks, risk mitigation, and remediation work
Control & Mitigate:
- Conduct and support risk assessments that evaluate the technology application/infrastructure environment and estimate the level and trends of inherent risk, determine the effectiveness of associated controls and the level and trends of residual risk
- Be proactive identifying risks within the Wells Fargo Technology division
Monitor & Report:
- Design and implement effective and proactive action plans that appropriately mitigate risks in a sustainable manner and define Key Risk Indicators to track impact
- Operate controls in an effective manner to mitigate risks and to deliver IT value
- Execute the related compliance process (e.g. PCI) and IT Policy Management & Exceptions
Review and Verification:
- Monitor controls to identify gaps and prevent, correct, detect operational risk issues
- Identify, measure, monitor, support and complete Wells Fargo Technology risk management training, communication, and outreach programs
- Integrate continuous improvement with metrics and monitoring
- Support Virtuous Circle of risk management
- Assure strategic and foundational risk attributes are comprehensively included in analysis (pre, post, and during)
- Conduct ongoing reviews to identify anomalies, exceptions, and outliers that could lead to additional risk events
- Verify that risk management standards, requirements, and documented risk reduction attributes are applied
7+ years of experience in risk management (includes compliance, financial crimes, operational risk, audit, legal, credit risk, market risk, IT systems security, business process management) or 7+ years of financial services industry experience, of which 5+ years must include direct experience in risk management
7+ years of experience in PCI DSS (Payment Card Industry Data Security Standards) compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for PCI compliance or operational risk), or a combination of both; or 7+ years of IT systems security, business process management or financial services industry experience, of which 5+ years must include direct experience in PCI compliance
A Internal Security Assessor (ISA) certification
Certified in the Governance of Enterprise IT (CGEIT)
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC)
Program management experience
Excellent verbal, written, and interpersonal communication skills
Ability to articulate complex concepts in a clear manner
Strong analytical skills with high attention to detail and accuracy
Advanced Microsoft Office skills
Other Desired Qualifications
- 10+ of experience supporting SOX/SOC, Regulatory Exams (Domestic and International), Audits, and other technology control related assessments
- 7+ years of leadership within Consumer Banking, in a large financial services organization, or in a service provider that implemented these services for financial services organizations, both domestic and international
- 5+ years of Payment Card Industry experience within a technology risk space
- 5+ years of PCI compliance and security standards experience
- 5+ years of management experience with risk control frameworks (NIST, FFIEC, COBIT, ITIL,COSO)
- Certifications that support business or risk related knowledge/experience (FINRA, CRISC, CISSP, CIA, PCI-ISA, PCI-QSA, ISO, etc...)
- Broad and significant knowledge of technology with an emphasis in consumer, payments, and digital technology and the associated challenges, risks and required controls inherent in a complex environment, including knowledge of SDLC, Vendor and third party, BCP, PMO, change management, problem and incident management, access management, asset management, configuration, compliance, information security, vulnerability, audit and others.
- Senior risk professional with proven “C-level” communication skill set
- Experience in multiple areas of regulatory compliance, including risks and issues related to consumer protection and general banking regulations of the OCC, FRB, CFPB, FINRA and other federal, state and local regulations and law
Ability to travel up to 10% of the time
2600 S Price Rd - Chandler, AZ
800 Walnut St - Des Moines, IA
IA-West Des Moines:
800 S Jordan Creek Pkwy - West Des Moines, IA
255 2nd Ave S - Minneapolis, MN
150 E 42nd St - New York, NY
100 Fidelity Plz - North Brunswick, NJ
All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.
Relevant military experience is considered for veterans and transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.