Oct 18, 2019
Job Description Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume prior to submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as "Personal Cell" or "Cellular" in the contact information of your application. At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you. Corporate Risk helps all Wells Fargo businesses identify and manage risk. The team focuses on several key risk types, including conduct, credit, financial crimes, information security, interest rate, liquidity, market, model, operational, regulatory compliance, reputation, strategic, and technology risk. The group provides leadership, enhances communications, assists with problem identification and solutions, and shares best practices. In addition, the group provides an enterprise-wide view of risk, assists management and our Board of Directors in identifying and monitoring risks that may affect multiple lines of business, and takes appropriate action when business activities exceed the risk tolerance of the company. Within Wells Fargo Compliance, the Enterprise Testing group is responsible for establishing and maintaining a consolidated Enterprise Testing program at the corporate level. Enterprise Testing is responsible for developing a common methodology and standards, providing governance and oversight, executing testing; and conducting horizontal reviews. Testing and validation teams are responsible for implementing the Enterprise Testing methodology and standards, and executing group- specific testing. The Information Protection, Technology and Data T&V team within Enterprise Testing is responsible for planning and executing testing and validation reviews in accordance with Independent Monitoring, Testing, and Validation Policy and Procedures. Enterprise Testing is responsible for developing a common methodology and standards, providing governance and oversight, executing testing; and conducting horizontal reviews. Testing and validation teams are responsible for implementing the Enterprise Testing methodology and standards, and executing group- specific testing. The Operational Risk Consultant 4 will join a team of testing professionals in the execution of risk and controls testing in accordance with the Independent Monitoring, Testing, and Validation Policy and Enterprise Testing Operating Procedures. This testing team is directly responsible for testing of Records Management (Information Risk) controls which includes the associated policies, related regulatory sources, programs, controls, tools and supporting processes. This individual contributor will be responsible for test plan development, ensuring proper scope and coverage, and credibly challenging business partners in order to provide quality test results that improve business practices. This individual will also have responsibility for handling project communications / reporting to leadership and will manage a broad range of professional relationships and key contacts across the enterprise. This individual works with assigned business units and provides operational risk testing expertise and consulting for projects and initiatives with moderate to high risk. Develops testing strategies and methodologies; evaluates the adequacy and effectiveness of policies, procedures, processes, systems and internal controls; identifies and assesses operational risk issues and assigns ratings consistent with established policy standards. Consults with business to develop corrective action plans. Reports findings and drafts recommendations to mitigate risk to Enterprise Testing Leadership and business line management. Other key responsibilities include (but are not limited to ): Lead, plan and perform control testing within required timeframes and in accordance with established processes and procedures including the Operational Risk and Compliance Testing and Validation Standards Communicate major policy requirements testing process, status, and results to business and risk partners May lead larger more complex reviews than those led by less experienced specialists/consultants Design test scripts and identify accurate and complete populations for testing Evaluate and rate control design and performance Provide credible challenge and recommendations resulting from testing engagements to risk and business partners Consult with business to effectively manage change in ensuring adequate corrective actions are in place to ensure policy compliance Conduct quality reviews or peer reviews of review activity reports, work papers and supporting documents, and system data May directly manage 1-2 specialists/consultants Establish and execute targeted reviews (including horizontal reviews) to independently assess new, emerging, or significant records management front line programs and emerging risks based on an ad-hoc or pre-defined frequency. Assist in the identification of control breakdowns, unmitigated risks and aggregate findings, coordinating with other independent review programs to ensure adequate coverage and proper coordination. Collaborate with other risk SMEs and T&V Groups across Corporate Risk and Corporate Compliance to develop coverage strategies taking into account new/updated regulatory guidance, standards, policies, etc. and in order to illustrate a comprehensive view on process and control effectiveness for the business. Ensuring test coverage and strategy is in accordance with required policies and procedures and provides comprehensive coverage of regulatory requirements, and related risks and controls. Ensure consistency in execution, and maintenance of a current testing schedule, including supervision and input in review scoping, monitoring progress of reviews and reporting on the results. Design test scripts and identify accurate and complete populations for testing. Participate in key initiatives and projects that impact Testing and Validation. Required Qualifications 6+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or 6+ years of IT systems security, business process management or financial services industry experience, of which 3+ years must include direct experience in compliance, operational risk management, or a combination of both 3+ years of financial services industry experience 3+ years of experience with Governance, Risk, and Compliance (GRC) concepts 5+ years of compliance and controls testing experience Desired Qualifications Advanced Microsoft Office skills Excellent verbal, written, and interpersonal communication skills Strong analytical skills with high attention to detail and accuracy Ability to interact with all levels of an organization A BS/BA degree or higher Ability to prioritize work, meet deadlines, achieve goals, and work under pressure in a dynamic and complex environment Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) Ability to articulate complex concepts in a clear manner Solid critical thinking skills Other Desired Qualifications Experience in Audit, Compliance, Risk and Testing 2+ years of experience leading a records risk management program Professional certification as a Certified Information Professional (CIP) or Information Governance Professional (IGP) or other Information Governance-related practice area is desirable Experience with the various sub-disciplines of information governance (archiving, compliance, information management, information technology, legal and eDiscovery, privacy, records, and security) Experience with records management and information risk management control topics such as digital rights management, eDiscovery, encryption, data management Prior Big4 auditing and/or risk advisory experience Experience providing credible challenge to business partners when necessary, with the ability to lead through influence Experience with control testing strategies and methodologies; evaluating the adequacy and effectiveness of policies, procedures, processes, initiatives, products and internal controls; and identifying issues resulting from internal and/or external compliance examinations Experience creating, executing, documenting and reviewing testing work papers, risk and control analysis Working knowledge of regulatory requirements and leading practices for risk mitigation in areas such as: Information Risk, Records Retention, eDiscovery and Records Management One or more of the following certifications is desired: Certified Information Systems Auditor (CISA) Certified Internal Auditor (CIA) Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Disclaimer All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act. Relevant military experience is considered for veterans and transitioning service men and women. Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.
Philadelphia, PA, USA