See job description for details
About Wells Fargo
Wells Fargo & Company (NYSE: WFC) is a leading global financial services company headquartered in San Francisco (United States). Wells Fargo has offices in over 20 countries and territories. Our business outside of the U.S. mostly focuses on providing banking services for large corporate, government and financial institution clients. We have worldwide expertise and services to help our customers improve earnings, manage risk, and develop opportunities in the global marketplace. Our global reach offers many opportunities for you to develop a career with Wells Fargo. Join our diverse and inclusive team where you will feel valued and inspired to contribute your unique skills and experience. We are looking for talented people who will put our customers at the center of everything we do. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Market Job Description Department Overview
The Technology and Information Security Independent Risk Management (IRM) Oversight team is responsible for developing, implementing and performing Independent Risk Management reviews and challenge for the Wells Fargo technology and information security risk-based programs. This position will also be responsible to deliver the IRM functions as defined in the risk management framework covering Technology and Information Security and evidence that responsibilities are carried out with the TISRM process and procedures with legal entity, country and region specific evidence. Responsibilities
- Provide oversight over adherence to any applicable Wells Fargo technology and information security policies, controls, and programs to help ensure successful IRM Oversight and program effectiveness.
- Provide formal monitoring of Risk Appetite metrics, associated Key Risk Indictors and develop an effective independent review and challenge process of the reporting produced by the Front Line.
- Be able to use risk intelligence to identify control weaknesses and working with TISRM partners to support the effective writing of challenges to influence change and improvements to enterprise processes that impact International.
- Providing periodic Independent Risk Management risk assessment, gap analysis reviews, and challenge efforts for regional technology, information security and cyber security risk matters.
- Support in the review and challenge of scenario analysis to support the ICAAP and ILAAP requirements for the various legal entities (Same as CCAR - for International).
- Responsible for providing an independent view of risk to the IRM governance functions such as Board / Regional Risk Committees for APAC through the Head of TISRM / Head of Ops Risk.
- Ensure that the Front Line is providing the regional business partners with appropriate level of transparency for enterprise solutions that could potentially impact their operational abilities (i.e., impact of network isolation).
- Coordinate review and challenge of all regulatory responses and interactions related to Technology and Information Security, and ensuring that the responses provide are appropriate for the legal entity that is responding and that the associated evidence would be able to be produced by relevant Front Line teams
Market Skills and Certifications Requirements
- 6 to 10 years of technology and information security risk management experience, preferably within financial services industry. Of which, 3+ years must include direct experience in compliance, technology and information security risk management, operational risk management, or a combination.
- Experience with APAC regulatory expectations related to Technology and Information Security and Cyber Security in key APAC Countries - Hong Kong, Singapore, Japan, South Korea, Taiwan and China.
- Knowledge and understanding of technology and information security risk assessment or audit
- Knowledge and understanding of platform technologies including network, distributed systems, desktop computing, voice, and threat management technologies
- Knowledge and understanding of Technology and Information Security Frameworks and standards (FFIEC, NIST, ISO)
- Knowledge, skills and understanding of oversight of internal outsourcing arrangements
- Knowledge and understanding of threat analysis and assessment of potential and current information security risk/threats.
- Knowledge and understanding of audit / regulatory self-assessments
- Knowledge and understanding of Regulatory Risk and Compliance policies and programs
- Knowledge and understanding of formal governance structures, board responsibilities, and escalation through risk committees and other formal governance structures
- Knowledge and understanding of process design, modeling, and development
- Proven experience with conducting risk and process assessments
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Privacy Professional/US (CIPP/US)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
- Cisco Certified Network Associate Security (CCNA)
- Cisco Certified Network Professional Security (CCNP)
Other Desired Qualifications
- Excellent verbal, written, and interpersonal communication skills
- Ability to interact with all levels of an organization
- Advanced Microsoft Office skills
- Ability to write precise concise documents - effectively communicating challenges and expected actions
- Experience with scenario analysis in regards to loss events. Evaluating risks and determining impact and likelihood of the event occurring and providing credible challenge throughout the process.
- Strong understanding of policies, procedures, and programs to ensure appropriate and effective risk mitigation controls are in place
- Good judgement in terms of risk / issue ownership / escalation
- Concepts around internal outsourcing / regulatory oversight expectations in this model
We Value Diversity
At Wells Fargo, we believe in diversity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national or ethnic origin, age, disability, religion, sexual orientation, gender identity or any other status protected by applicable law. We comply with all applicable laws in every jurisdiction in which we operate.
Team members support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements. 66184