At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargo's more than 70 million global customers.
The Enterprise Information Security, Application Information Security (AIS) domain team is seeking an Operational Risk Consultant 5 to join the team. In the new Information Security model, this role will specifically be responsible for supporting the Application Information Security Domain by providing oversight for domain control requirements within line of business technology organizations. This position will lead the AIS Domain efforts including driving and maintaining the AIS domain strategy, key metrics, control requirements, reporting, and other domain related responsibilities. This position will also lead key domain initiatives that improve risk management capabilities and/or support remediation of audit or regulatory findings as needed.
Key activities include:
- Leading the Application Information Security (AIS) Information Security (IS) Domain efforts including updating and maintaining the AIS domain strategy, key metrics and control requirements, reporting, and other domain related responsibilities.
- Lead key initiatives that improve risk management capabilities and/or support audit or regulatory findings remediation.
- Provide visibility into the Application Security program strategy, status, and execution
- Strengthen application security risk transparency
- Drive enhancements to application security control requirements
- Create and implement adherence measures for the Application Information Security Domain control requirements
- Evaluate compliance trends, adherence tracking and associated supporting documentation
- Develop key risk metrics (Risk appetite, KPIs, KRIs, KGIs, etc.) and track/evaluate performance against defined metrics
- Serve as Subject Matter Expert on Cyber and Vulnerability Application Domain control requirements within the Wells Fargo Information Security domains
- Develop and maintain domain governance processes and documentation related to AIS control requirements
- Maintain current knowledge of regulatory expectations and industry best practices related to application security
- Participate in other team projects or group initiatives as requested
- Collaborate with peers and partners across Wells Fargo Technology and Corporate Risk, leveraging strong relationship building skills
Note: This position can sit in any Wells Fargo core location or telecommute.
- 10+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or 10+ years of IT systems security, business process management or financial services industry experience, of which 5+ years must include direct experience in compliance, operational risk management, or a combination of both
- 3+ years of information security experience
- 3+ years of Information Security Frameworks and standards (FFIEC, NIST, ISO) experience
- Advanced Microsoft Office skills
- Excellent verbal, written, and interpersonal communication skills
- Strong analytical skills with high attention to detail and accuracy
- Ability to interact with all levels of an organization
- Ability to manage in a matrixed organization environment
- Experience working in a large enterprise environment
- Ability to identify and manage complex issues and negotiate solutions within a geographically dispersed organization
- 5+ years of COBIT experience
- Exposure to Wells Fargo Information Security Management System (Policyworks)
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC)
- Knowledge and understanding of information security principles, policies, and procedures
- Knowledge and understanding of project management methodologies, processes, and tools
- Ability to present complex material in a digestible, consumable manner to all levels of management
- Ability to work effectively, as well as independently, in a team environment
- Experience conducting root cause analysis for data-driven process-related improvements
- Strong organizational, multi-tasking, and prioritizing skills
- Knowledge and understanding of banking or financial services industry
Other Desired Qualifications
- Knowledge and understanding of Information Technology governance and Information Security risk and compliance processes such as; policies, control standards/requirements, risk management concepts
- Knowledge and understanding of web and mobile software security vulnerabilities such as the OWASP Top 10 web/mobile Risks
- Ability to travel up to 20% of the time
All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.
Relevant military experience is considered for veterans and transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.