About Wells Fargo

Market Job Description

About the Role

Responsibilities

• Ensure all required risk related information is communicated, managed and escalated as appropriate with respect to segregation of duties, Ensure all required SoD risk related information is communicated, managed and escalated as appropriate.
• Ensure development and implementation of SoD mitigation strategies to address known gaps and deficiencies in an effective and timely manner.
• Establish strong partnership and collaboration with Wells Fargo Technology, aligned Risk Partners, Information Security, Second and Third Lines of defenses, to ensure CTO adherence to Wells Fargo Technology Policy, Compliance and external regulation requirements supporting segregation of duties, software development lifecycle (SDLC), Agile and minimum application requirement (MARs) risk domains.
• Define, design and drive implementation of risk based, measurable and sustainable Controls against Business Functionality needs, Strategic Initiatives, Issue Management, Policy, Compliance, Regulatory, and Technology Framework requirements, factoring in Automation and Efficiency.
• Identifies and assess a proactive view of risk, in coordination with CTO, cross-functionally across WFT and Business Lines, with respect to confidentiality, integrity and reliability of source code and delivery of software development mechanisms.
• Provides input into the strategic plan to cover material risk activities which includes the integration and alignment to the WFT 2022 Strategy of Speed, Change the Bank and Run the Bank activities.
• Identify opportunities for Process and Control improvements thru monitoring of emerging risk, changes to Technology environment, industry framework and trends.
• Educate and influence WFT for effective implementation, execution, and governance of Technology Control Framework
• Provide Risk Opinion, Credible Challenge, and Recommendations through Process, Risk and Control evaluation.
• Perform Control evaluation and rate controls for Design and Operational Effectiveness
• Develop and implement metrics and reporting to provide concise risk view in control environment health, timeliness and effectiveness of risk mitigation, and emerging risk.
• Provide Risk and Control Updates to CTO Leadership and CIO Teams
• Attend required partnership meetings to ensure appropriate Technology Risk Control Framework coverage and engagement to understand requirements
• Ensure that critical programs and projects remain aligned to the Technology Risk management strategy and functional framework

Market Skills and Certifications

Essential Qualifications

• University degree in Business or related discipline.
• Experience of 12 years overall with a minimum of 10 years relevant experience in a multinational financial institution or similar.
• One or more certifications like CISSP, CRISC, CISA, CISM, and CGEIT.

Desired Qualifications

• Certified Internal Auditor (CIA), Certified Information Systems Auditor, (CISA) Certification in Control Self-Assessment (CCSA), Certified Information Systems Security Professional, (CISSP) or other risk management discipline certification
• Strong knowledge in Cloud Platforms, FedRamp, and associated Risk with Cloud deployment and migration
• Strong knowledge of Secure Application Development Lifecycle, Agile Methodology, Continuous Integration and Deployment, and associated Risk
• Strong knowledge of Application Lifecycle and Architecture Management, and associated Risk
• Strong knowledge of Control Framework and Control Testing
• Ability to turn preliminary or ambiguous information, ideas, or problems into well-defined plans and solutions
• Ability to communicate effectively, in both written and verbal formats, with senior executive-level leaders
• Virtual leadership experience with ability to effectively drive results, provide feedback/direction, and manage and build relationships with leaders and team members in a geographically dispersed team environment
• Ability to organize and manage multiple priorities
• Ability to generate, review, edit, and distribute executive level reports
• Strong analytical skills with high attention to detail and accuracy
• Experience working with internal and external auditors and examiners
• Experience reviewing testing strategies and methodologies; evaluating the adequacy and effectiveness of policies, procedures, processes, initiatives, products and internal controls; and identifying issues resulting from internal and/or external compliance examinations
• Advanced Microsoft Office skills
• Excellent verbal, written, and interpersonal communication skills
• Ability to articulate complex concepts in a clear manner-Performing centralized governance, oversight responsibilities, and the facilitation of strategic planning for the Technology Control Framework
• Experience managing and executing information Technology risk programs that align to a Technology Business function
• Knowledge of Technology and Security risk framework – COBIT, FFIEC, NIST, ITIL, COSO, BASEL, and OCC Heightened Standards
• Track record of providing constructive consulting with appropriate issue escalation and offering solutions
• Strong ability and experience working with and collaborating with leaders and team members at all levels and across functional lines

We Value Diversity