Sep 14, 2019
Job Description At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you. Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargo's more than 70 million global customers. The Wells Fargo Technology Control (Risk Management) Team is responsible for driving the execution and comprehensive view of risk across Wells Fargo Technology and the firm by instilling a risk management culture where businesses are accountable for understanding and managing their risk. Technology Risk Management is organized around shared and divisional responsibilities to provide first-line-of-defense risk management support to drive the execution of the Technology Risk Management Program. What we are looking for: We are seeking an experienced Operational Risk Consultant to join our team and assist in developing and driving the Access Control Risk Program. This position will engage with the multiple risk and control stakeholders / lines of defense across Wells Fargo Technology and the enterprise as a whole to enable a strong risk management practice and capabilities. This position will focus on the review and validation of Access Control risks and program deliverables, supporting artifacts, and to provide guidance and testing to ensure controls and governance are effective to manage risk. Areas of focus include, but are not limited to: risk and control identification and testing, issue management, Policy & procedure evaluation, and regulatory and industry standards. This role will focus on application development. This role has horizontal view across work streams and can provide insights to thematic issues that span work streams. Key Responsibilities/Accountabilities: Our environment continues to be one of the heightened standards, raised risk consciousness, and regulatory requirements. As part of the First Line of Defense, this role provides leadership support to ensure that Wells Fargo Technology is accountable for risks associated with its activities, current and emerging risk identification, measurement, assessment, control, mitigation, monitoring and reporting. Responsibilities of this position include, but are not limited to: • Responsible for developing, implementing and monitoring a Access Control risk-based program to identify, assess and mitigate any operational risk that arises from inadequate or failed internal processes, people, systems or external events, while maintaining a balance between risk mitigation and operational efficiency. • Responsibilities include, but are not limited to, thoroughly understanding the implementation process, creating the implementation plan, identifying and documenting process gaps, facilitate meetings to monitor progress, and to track and report progress of the implementation. • May provide technical support for systems security-related issues. Implements testing strategies and methodologies; evaluates the adequacy and effectiveness of policies, procedures, processes, initiatives, products and internal controls; identifies operational risk issues; advises management on risk ratings and evaluates ratings against established policy standards. • Reports findings and drafts recommendations and corrective actions to mitigate risk to operational risk and business line management; consult with business to develop corrective action plans and effectively manage change. • Coordinates production of periodic operational risk performance reports for senior management, including trend analysis and recommendations. • Perform data analysis to comprise monthly 4box reports for senior management. These reports outline specific areas of access and provide insight into problem areas, opportunities for improvements, and current metrics. • Coordinate all changes within the access control space to ensure there are no gaps within the provisioning/certification processes. • Author and maintain supporting process documentation. Create/modify documentation that supports the access management role in this particular area of access. • Identify training opportunities; support ongoing education/training with user managers on current provisioning/certification processes. May provide input to the development of training materials and delivers training • Implements testing strategies and methodologies; evaluates the adequacy and effectiveness of policies, procedures, processes, initiatives, products and internal controls; identifies operational risk issues; advises management on risk ratings and evaluates ratings against established policy standards. • Support oversight of Application, Active Directory, TopSecret, Privileged Access for Wholesale Banking Technology • Support Wells Fargo Audit Services inquiries and remediation initiatives. • Support Access Certification Tool Deprovisioning Oversight and Testing • Ability to support User Access data analysis initiatives • Develops testing strategies and methodologies; evaluates the adequacy and effectiveness of policies, procedures, processes, systems and internal controls; analyzes business and/or systems changes to determine impact; identifies and assesses operational risk issues and assigns risk ratings consistent with established policy standards. • May lead and provide guidance to less experience specialists/consultants. • Possess strong communications skills, demonstrate critical thinking capabilities, and the ability to convey complex information and ideas both simply and clearly; be able to effectively communicate and broker agreements amongst diverse, differing, competing, and/or conflicting perspectives/priorities. Required Qualifications 2+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both 2+ years of experience in one or a combination of the following: additional compliance, additional operational risk management, IT systems security, business process management or financial services industry experience; or a BS/BA degree or higher in business or a related field 3+ years of Technology Risk Management experience Desired Qualifications Intermediate Microsoft Office skills Excellent verbal, written, and interpersonal communication skills Strong analytical skills with high attention to detail and accuracy Ability to interact with all levels of an organization Program management experience Experience communicating with business partners and project managers Knowledge and understanding of Information Technology audit and risk management Certified Internal Auditor (CIA), Certified Information Systems Auditor, (CISA) Certification in Control Self-Assessment (CCSA), Certified Information Systems Security Professional, (CISSP) or other risk management discipline certification Strong knowledge of technology with emphasis on the following: development operations, Software Development Lifecycle (SDLC), (including quality assurance, problem and incident management, configuration management, application infrastructure services (e.g. middleware), platform management, information security architecture, IAM (identity and access management), enterprise architecture, cloud, third party hosted solutions, application risk assessments, information management, enterprise data, CRM services, and books and records) 4+ years of audit experience, IT experience or a combination of both Experience interacting with Senior technology leaders 4+ years of project management experience supporting large scale technology projects (includes business requirements, risk analysis, project planning, resource planning, risk management, testing and implementation Experience assessing the adequacy of policies, procedures and processes (includes compliance and operational controls within a large complex organization) Experience with tracking, monitoring and implementing corrective actions or information security exceptions for Operational Risk or a combination of both. Experience with technology related regulatory requirements and frameworks including: FFIEC, COBIT, COSO, NIST, ITIL Other Desired Qualifications • Experience in evaluating the adequacy and effectiveness of policies, procedures and • Experience in review and development of risk ratings. • IT audit or audit consulting experience • Identification and evaluation of Technology risks and controls, including supporting technology processes. • Experience with control evaluation and testing that including documentation of testing and reporting results. • Experience developing and/or evaluation of technology governance programs, policies, standards and procedures. • Knowledge of cloud technologies and related industry control standards. • Experience in assessing risk, writing issues, and developing appropriate corrective actions. • Demonstrated negotiation skills, especially with difficult topics when partnering with senior management. This includes the willingness and ability to question decisions, understand direction and escalate issues, where necessary. • Demonstrated experience with both strategic and tactical approaches to risk management. • Ability to synthesize data from a variety of sources and deliver results quickly. Disclaimer All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act. Relevant military experience is considered for veterans and transitioning service men and women. Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.
Chandler, AZ, USA