At Wells Fargo, we have one goal: to satisfy our customers’ financial needs and help them achieve their dreams. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Enterprise Finance & Information Technology offers technology and services that exceed Wells Fargo customers’ expectations and directly enable them to succeed financially. We interact with customers more than 12 billion times a year through in-store, online, ATM, and telephone transactions. We impact customers directly, through systems availability and security, as well as indirectly, through our business partners who offer and deliver a myriad of products and services that meet customers’ financial needs. We provide a competitive advantage for the company through excellence in fundamentals, integrated partnerships, and our talented and engaged team members.
The Enterprise CIO Risk organizations are responsible for establishing the strategic direction and management of Wells Fargo’s enterprise technologyrisk management program, including developing, approving and maintaining the technologyrisk management framework within the Platform Services, Enterprise Architecture, and Core Services divisions. This function will be responsible for maintaining a strong technologyrisk culture, formulating technologyrisk appetite and tolerances, and for establishing/maintaining a program to identify, assess, measure, monitor, control and report, review and verify on significant enterprise technologyrisks. The team provides the first-line-of-defense competency (FLOD) to ensure an integrated and holistic view of Wells Fargo technologyrisks.
As a team member, this position will be responsible for:
- Developing practices, processes, templates, and reporting to provide risk management reviews and participation in critical enterprise programs or projects with significant technologyrisks as an enabler.
- Analyzing program/project requirements against the proposed solutions to determine technologyrisk levels, control weaknesses and to evaluate the risk of solutions not meeting requirements resulting in a value add proposal to management in a concise and comprehensive presentation
- Reviewing mitigation/remediation plans and providing advice on mitigation effectiveness and alternative mitigation approaches as well as assisting, coaching, counseling and mentoring stakeholders
- Performing review of the work products produced by the program/project according to risk program requirements and deadlines
- Attending steering and working committees to ensure appropriate technologyrisk management coverage
- ID, Recording and Resolving all issues through satisfaction including warranted and limited escalation
- Producing management reporting and focused information to all stakeholders as applicable
- Assuring a comprehensive documented RACI model and adherence to model at all times
- Integrating requirements from the broader program/project into existing technologyrisk management processes (e.g. risk assessments)
- Effectively collaborating with business partners in the first-line-of-defense (FLOD) and second line of defense (SLOD) in the establishment of new risk management processes for the specific program/project
- Working with stakeholders to ensure each has the tools, processes and expertise to effectively manage technologyrisks
- Developing and maintaining strong working relationships with the line of business, corporate regulatory and operational risk and compliance peers
- Ensuring that critical programs and projects remain aligned to thetechnologyriskmanagement strategy and functional framework
- 10+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or 10+ years of IT systems security, business process management or financial services industry experience, of which 5+ years must include direct experience in compliance, operational risk management, or a combination of both
- Advanced Microsoft Office skills
- Excellent verbal, written, and interpersonal communication skills
- Strong analytical skills with high attention to detail and accuracy
- Ability to interact with all levels of an organization
- Ability to articulate complex concepts in a clear manner
Other Desired Qualifications
- Broad and significant knowledge of technology with emphasis on development operations, SDLC, problem and incident management, configuration management, application infrastructure services (e.g. middleware), platform management, information securityarchitecture, identity and access management, enterprise architecture, cloud, third party hosted solutions, application risk assessments, information management, enterprise data, CRM services, and books and records.
- 7+ years of management experience (direct, matrix, managed resources, EGS, geographically dispersed)
- 7+ years of leadership experience, including demonstrated interaction with EIT and Wholesale or WIM business and technology level leaders
- 5+ years of wholesale or WIM experience with a large financial services organization or service provider to same
- 5+ years project management experience with large scale technology projects including: business requirements, risk analysis, project planning, resource planning, risk/issue management, testing and implementation
- Demonstrated experience in building, leading, developing and retaining a team of managers, strong technical experts and high performing professionals in geographically disbursed environments
- Certifications that support business or risk related knowledge/experience (FINRA, PMP, CRISC, CFE, CISSP, CIA, etc...)
- Experience with assessing the adequacy of policies, procedures, processes, and compliance and operational controls in a significantly large and complex organization.
- Prior experience with tracking, monitoring and implementing corrective actions or information security exceptions for Compliance/Operational Risk
- Knowledge and experience with technology-related regulatory requirements and frameworks including FFIEC,COBIT, COSO, NIST, ITIL