Receive alerts when this company posts new jobs.
Operational Risk Manager 3
at Wells Fargo
At Wells Fargo, we want to satisfy our customers’ financial needs and help them succeed financially. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Corporate Risk helps all Wells Fargo businesses identify and manage risk. The team focuses on several key risk types, including conduct, credit, financial crimes, information security, interest rate, liquidity, market, model, operational, regulatory compliance, reputation, strategic, and technology risk.
The group provides leadership, enhances communications, assists with problem identification and solutions, and shares best practices. In addition, the group provides an enterprise-wide view of risk, assists management and our Board of Directors in identifying and monitoring risks that may affect multiple lines of business, and takes appropriate action when business activities exceed the risk tolerance of the company.
Within Wells Fargo Compliance, the Enterprise Testing group is responsible for establishing and maintaining a consolidated Enterprise Testing program at the corporate level. Enterprise Testing is responsible for developing a common methodology and standards, providing governance and oversight, executing testing; and conducting horizontal reviews. Testing and validation teams are responsible for implementing the Enterprise Testing methodology and standards, and executing group-specific testing.
The Information Protection, Technology and Data T&V team within Enterprise Testing is responsible for planning and executing testing and validation reviews in accordance with Independent Monitoring, Testing, and Validation Policy and Procedures.
The Information Protection, Technology and Data T&V is seeking a candidate who will be responsible for the oversight and execution of testing reviews for Enterprise Information Security
The Operational Risk Manager 3 will focus on management of a team of testing professionals in the execution of Information Security testing in accordance with the Independent Monitoring, Testing, and Validation Policy and Enterprise Testing Operating Procedures. This leader will be responsible for strategic test plan development, ensuring proper scope and coverage, and credibly challenging business partners in order to provide quality test results that improve business practices. This individual will also have responsibility for managing project communications / reporting to leadership and will manage a broad range of professional relationships and key contacts across the enterprise.
This position reports directly to: the Head of Enterprise Technology, Security, and Data Management Testing & Validation. Other key responsibilities include (but are not limited to):
- Management of control testing to independently assess Front Line (business) adherence to Enterprise Information Security (EIS) Policy MRs and to evaluate effectiveness of processes, controls, or activities related to information security on a predefined, risk-based frequency.
- Ensuring test coverage and strategy is in accordance with required policies and procedures and provides comprehensive coverage of regulatory requirements, and related risks and controls.
- Ensure consistency in execution, and maintenance of a current testing schedule, including supervision and input in review scoping, monitoring progress of reviews and reporting on the results.
- Establish and manage targeted reviews (including horizontal reviews) to independently assess new, emerging, or significant information security risks based on an ad-hoc or pre-defined frequency.
- The activities performed by the Information Protection, Technology and Data T&V team will test compliance with the Information Security policy requirements and assist in the identification of security risks and aggregate findings, coordinating with other independent review programs (e.g. DIGG, EC&O, TRMO, EIS) to ensure holistic enterprise coverage with minimal overlap.
- Collaborate with other risk SMEs and T&V Groups across Corporate Risk and Enterprise Risk & Controls to develop coverage strategies taking into account new/updated regulatory guidance, standards, policies, etc. and in order to illustrate a comprehensive view on process and control effectiveness for the business.
- Report findings and provide recommendations to stakeholders.
- Participate in key initiatives and projects that impact Testing and Validation
- Facilitate an efficient and valued testing review process.
- Lead and inspire the Testing team and attract, develop, retain and maintain appropriate staff levels.
As a Team Member Manager, you are expected to achieve success by leading yourself, your team, and the business. Specifically you will:
- Lead your team with integrity and create an environment where your team members feel included, valued, and supported to do work that energizes them.
- Accomplish management responsibilities which include sourcing and hiring talented team members, providing ongoing coaching and feedback, recognizing and developing team members, identifying and managing risks, and completing daily management tasks.
***This role may sit at any location within the Wells Fargo Corporate Risk Footprint
*** Please Note: Based on the volume of applications received, this job posting may be removed prior to the indicated close date. If you do not apply prior to the closing of this posting, we encourage you to apply for other opportunities with Wells Fargo.
Other Desired Qualifications
- Compliance and/or Operational risk testing within Information security that includes Knowledge and understanding of security technologies and concepts including Encryption, Application Security, Mobile and Cloud Computing, Authentication, and DDOS Attacks
- Knowledge of Information Security Frameworks and standards (FFIEC, NIST, ISO)
- Experience evaluating effectiveness of processes, controls, or activities related to information security on a predefined, risk-based frequency
- Experience assessing test scope, test scripts, as well as executing, and documenting testing
- Experience providing "credible challenge" to business partners when necessary, with the ability to lead through influence
- Understanding of Wells Fargo Ops Riks management policies and programs
- Experience using Wells Fargo platforms (SPARC, Policyworks, CMDB/ISAI, APPONE, VMSOR/TRIMS, CRAS+, SHRP, Remedy, etc.)
- Ability to prioritize work, meet deadlines, achieve goals, and work under pressure in a dynamic and complex environment
- Experience assessing and consulting around risk, compliance testing, or audit
- Experience hiring team members, coaching, developing, and conducting performance reviews with direct reports
- Virtual leadership experience with ability to effectively drive results, provide feedback/direction, and manage and build relationships with leaders and team members in a geographically dispersed team environment
One or more of the following certifications is desired:
- Certified Information Systems Auditor (CISA)
- Certified Internal Auditor (CIA)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
CORP RISK/CORPORATE RISK
All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.
Relevant military experience is considered for veterans and transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.