Are you looking for more? Find it here. At Wells Fargo, we're more than a financial services leader — we’re a global trailblazer committed to driving innovation, empowering communities, and helping our customers succeed. We believe that a meaningful career is much more than just a job — it’s about finding all of the elements to help you thrive, in one place.
Living the Well Life means you’re supported in life, not just work. It means having robust benefits, competitive compensation, and programs designed to help you find work-life balance and well-being. You’ll be rewarded for investing in your community, celebrated for being your authentic self, and empowered to grow. And we’re recognized for it — Wells Fargo continues to rank on the LinkedIn Top Companies lists of best workplaces “to grow your career.” Join us!
About this role:
The Application Risk Domain Officer operates within Technology Risk Management (TRM), part of Corporate Risk, providing independent second line oversight across application domains. The role is part of the Information Security and Application Risk Domain Team, which performs domain level evaluation and produces evidence based views of how application conditions contribute to enterprise risk exposure. The role engages with Technology, including Tech Operations, CIO organizations, to provide challenge and inform risk based decisions. Outputs from this role support enterprise risk views provided to senior management, risk committees, and regulators.
The Application Risk Domain Officer (P4) serves as the second line oversight lead across assigned domains and is a deeply technical individual contributor who provides second-line risk oversight across modern software engineering environments and has responsibility across the application risk domain. This role focuses on secure SDLC execution, application delivery controls, engineering standards, and the technical risks that arise throughout design, development, testing, deployment, and change management activities.
The individual in this role must be able to engage application engineering teams with confidence, identify control weaknesses in complex delivery environments, and translate technical observations into clear, actionable risk insights. The ideal candidate brings strong practitioner knowledge of application development and delivery processes, combined with experience in technology risk, controls, or related oversight functions.
In this role, you will:
Provide second-line oversight and credible challenge across application engineering and SDLC practices, including requirements management, application design, secure coding, testing, deployment, change control, and defect remediation.
Assess application development processes and control implementations to identify key technology risks related to code quality, security, resiliency, release readiness, segregation of duties, and production change governance.
Review application architectures, development workflows, and engineering evidence to evaluate whether controls are appropriately designed and operating effectively within the software lifecycle.
Partner with application engineering, information security, architecture, and control teams to support consistent risk management practices across SDLC activities and engineering initiatives.
Analyze issues identified through assessments, incidents, control testing, or thematic reviews and convert technical findings into clear risk statements, remediation guidance, and prioritized actions.
Apply advanced analytics and AI tools to support risk assessments, trend analysis, and insight generation across SDLC and application engineering processes.
Identify recurring control gaps, process inefficiencies, and risk patterns in development and release practices, and recommend practical solutions that improve operational effectiveness.
Support the development of metrics, reporting, and visualizations that help stakeholders understand risk themes, control performance, and remediation progress.
Provide leadership in the defined domain of SDLC and application engineering risk by sharing expertise, helping refine standards, and contributing to broader technology risk initiatives.
Required Qualifications:
5+ years of Technology Risk experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education.
Desired Qualifications:
5+ years of experience spanning software engineering, DevSecOps, platform engineering, cloud engineering, application security, with direct experience in technology risk, technology controls, or second-line risk oversight in complex technological environments.
Strong knowledge of software development lifecycle practices, including requirements, design, coding, testing, deployment, release management, and production support.
Experience assessing or supporting controls related to application development, secure coding, change management, defect management, access control, release readiness, and production governance.
Ability to review technical documentation, system designs, development artifacts, and engineering evidence to identify potential control weaknesses and risk exposures.
Ability to work effectively with engineering and risk stakeholders in complex situations to support meaningful risk mitigation outcomes.
Practical understanding of how analytics and AI tools can support risk identification, analysis, visualization, and decision making in complex technology environments.
Experience performing risk assessments or oversight activities in application engineering or software delivery environments.
Strong analytical, problem-solving, and communication skills with the ability to translate technical details into clear recommendations and actions.
Background in software engineering, application development, application security, quality engineering, or DevSecOps.
Knowledge of AI-assisted development or analytics use cases relevant to software engineering and risk oversight.
Experience in financial services, highly regulated environments, or large enterprise technology organizations.
Knowledge of secure SDLC principles, common application security risks, software delivery controls, and risk or control frameworks relevant to application engineering.
Familiarity with development tools and platforms such as GitHub, GitLab, Jenkins, Azure DevOps, ticketing systems, test automation tools, or cloud-based engineering platforms.
Relevant certifications such as CISA, CRISC, CISSP, CSSLP, cloud certifications, or similar credentials.
Job Expectations:
Willingness to work on-site at stated location on the job opening.
This position offers a hybrid work schedule.
This position is not eligible for Visa sponsorship.
Posting Locations:
401 S Tryon St, Charlotte, NC
North Carolina – Charlotte Pay Range: $119,000.00 - 187,000.00 USD Annually
Posting End Date:
3 Jun 2026*Job posting may come down early due to volume of applicants.
We Value Equal Opportunity
Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.
Applicants with Disabilities
To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo.
Drug and Alcohol Policy
Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.
Wells Fargo Recruitment and Hiring Requirements:
a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.
