Responsibilities of this position include, but are not limited to:
- As a Front line of defense team , Provide leadership on risk methodology, organizational interdependencies across risk and control partners to influence strategic and operational direction
- Identify and assess significant gaps and weaknesses in the control environment.
- Collaborate and engage with control partners, business, legal, compliance, audit, IRM, regulators and across technology control function
- Proficient knowledge of control and risk management concepts with the ability to design and evaluate operational risk and control environment in conjunction with business partners.
- Technology RCSA, Control Frameworks (e.g., COBIT, NIST, COSO) and other regulations/standards such as FFIEC, PCI-DSS, SOX, SOC 2, ISO 27001
- Experience in driving Risk based process improvement and need to design/implement and test Controls (Test and monitor the controls for design and Operating effectiveness)
- Risk and control mindset. Strong risk and control fundamentals, knowledge of frameworks and methodologies, common implementation challenges
- Program lead or management experience in Enterprise Risk Management or control domain
- Provide leadership on risk methodology, organizational interdependencies, and interoperability across risk and control partners to influence direction
- Responsible for managing the implementation and monitoring of risk-based programs as part of central horizontal services in technology control to identify, assess and mitigate operational risk that arises from inadequate or failed internal processes, people, systems or external events. Works and manages team of risk consultants to design and formulate controls, test the control design and operating effectiveness, implement risk policies and frameworks to mitigate risks.
- Support a governance framework to provide transparency, accountability, and escalation of risk management related matters
- Partner, support and liaise closely with WFIP Risk Management team that supports platform risk and control activities including but not limited to Information Security, Business Continuity, Records Management, Vendor Management, Regulatory Compliance and Control Validation
- Provide subject matter expertise on regulatory expectations and industry best practice around risk and control frameworks
- Partner with Second and third line of defense to inform, educate, and collaborate
12+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or 10+ years of IT systems security, business process management or financial services industry experience, of which 8+ years must include direct experience in control framework, compliance, operational risk management, or a combination of both
The candidate must have:
- Bachelor’s Degree or equivalent; regulatory experience is a plus
- Control Frameworks (e,g, COBIT, NIST, COSO) and other regulations such as FFIEC, PCI-DSS, SOX, SOC
- Experience in Controls Testing (Test of Design and Test of Performance)
- IT audit/audit consulting experience
- Advanced Enterprise Risk Management experience and perspective
- Experience successfully navigating and influencing global financial institutions on risk management topics
- Strong risk and control fundamentals, knowledge of frameworks and methodologies, common implementation challenges
- Experience in evaluating the adequacy and effectiveness of policies, procedures and controls.
- Experience in review and development of risk ratings.
- Experience in assessing risk, writing issues, and developing appropriate corrective actions.
- Demonstrated negotiation skills, especially with difficult topics when partnering with senior management. This includes the willingness and ability to question decisions, understand direction and escalate issues, where necessary.
- Demonstrated experience with both strategic and tactical approaches to risk management.
- Ability to synthesize data from a variety of sources and deliver results quickly.
- Atleast one of the Professional certifications such as CSCP, CRCM, CGEIT, CRISC, CITP, CISA, CISSP, CIA
Desired Qualifications :
- Program lead or management experience
- Advanced Microsoft Office (Outlook, Excel, Word, PowerPoint, LiveMeeting and SharePoint) skills
- Ability to interact with all levels of an organization
- Good analytical skills with high attention to detail and accuracy
- Virtual leadership experience with ability to effectively drive results, provide feedback/direction, and manage and build relationships with leaders and team members in a geographically dispersed team environment.
- Strong leadership and influencing skills within a complex, matrix environment; able to gain support and cooperation and build effective business partnerships with all levels of team members to achieve results without direct organizational control
- Strong communications skills both written and oral; able to broker agreements amongst diverse, differing, competing, and/or conflicting perspectives/priorities
- Analyzing current risks in IT processes and identifying potential controls that can handle those risks.
- Development and/or evaluation of technology governance programs, policies, standards and procedures. @RWF23
We Value Diversity
At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.