• Provide oversight to the Information Security program for a major line of business
• Coordinate Audit related activities across the organization and collaborate with the Product Owners to prioritize the work
• Provide Risk Opinion, Credible Challenge, and Recommendations through Process, Risk and Control evaluation.
• Consult with line of business on the consistent implementation of the enterprise information security model and solutions to remediate information security risks
• Act as key participant in monitoring, evaluating, and measuring the impact of decisions practiced in the Risk and Controls Area
• Monitor, measure, evaluate, and report on the impact of decisions and risk/controls to the relevant business group or functional area
• Ensure that risks to all information assets are being managed in a timely and effective manner to meet the Information Security Program requirements and the current threat landscape
• Lead complex initiatives designed to mitigate current and emerging risks with broad impact across the Data Science Organization
• Build a consolidated view of all the Risk and Controls related items in Jira within the Data Science Organization
• Act as the organizational delegate with external parties to support timeliness, appropriate response strategy, and effectiveness of communications and materials
• Develop and implement metrics and reporting to provide concise risk view in control environment health, timeliness and effectiveness of risk mitigation, and emerging risk.
• Ensure information security capabilities are included in all aspects of the company's technology architecture
• Establish strong partnership and collaboration with Wells Fargo Technology, aligned Risk Partners, Information Security, Second and Third Lines of defenses, to ensure CTO adherence to Wells Fargo Technology Policy, Compliance and external regulation requirements.
• Proactively manage the information security risk profile of line of business information assets throughout the lifecycle of the asset
• Provide vision, direction, and expertise to more experienced leadership on implementing innovative and significant business solutions that are large-scale, cross-functional, or companywide strategies
• Collaborate with relevant business group to identify current and emerging risks associated with business activities and operations, and provide guidance in developing and implementing risk-mitigating strategies
• Ensure the team has the necessary training and is keeping abreast of regulatory and compliance issues
• Identify opportunities for Process and Control improvements thru monitoring of emerging risk, changes to Technology environment, industry framework and trends.
• Educate and influence WFT for effective implementation, execution, and governance of Technology Control Framework
• Engage with all levels of professionals and managers companywide and serve as an experienced advisor to leadership
• Monitor moderately complex business specific programs, and provide risk management consulting to support the business in designing and implementing risk-mitigation strategies
• Provide Risk and Control Updates to Leadership Teams

Required Qualifications:

• 7+ years of Risk Management or Control Management experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 7 + years of Information Security experience, or equivalent demonstration through one or a combination of the following: work experience, training, military experience, education.

Desired Qualifications:

• Strong knowledge of Secure Application Development Lifecycle, Agile Methodology, Continuous Integration and Deployment, and associated Risk
• Strong knowledge of Application Lifecycle and Architecture Management, and associated Risk
• Strong knowledge of Control Framework and Control Testing
• Ability to generate, review, edit, and distribute executive level reports
• Experience working with internal and external auditors and examiners
• Experience with Issue Validation and Remediation
• Experience reviewing testing strategies and methodologies; evaluating the adequacy and effectiveness of policies, procedures, processes, initiatives, products and internal controls; and identifying issues resulting from internal and/or external compliance examination
• Ability to articulate complex concepts in a clear manner-Performing centralized governance, oversight responsibilities, and the facilitation of strategic planning for the Technology Control Framework
• Experience managing and executing information Technology risk programs that align to a Technology Business function
• Knowledge of Technology and Security risk framework – COBIT, FFIEC, NIST, ITIL, COSO, BASEL, and OCC Heightened Standards
• Certified in Risk and Information Systems Control (CRISC), Certified Internal Auditor (CIA), Certified Information Systems Auditor, (CISA) Certification in Control Self-Assessment (CCSA) or any other risk management discipline certification

Job Expectations:

• This position is not eligible for Visa sponsorship
• 100% remote work option is not available

Posting End Date:

12 Sep 2024

Job posting may come down early due to volume of applicants.

We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Applicants with Disabilities

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo.

Drug and Alcohol Policy

Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.

Wells Fargo Recruitment and Hiring Requirements:

• Third-Party recordings are prohibited unless authorized by Wells Fargo.
• Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.