Nov 19, 2019
Job Description Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume prior to submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as "Personal Cell" or "Cellular" in the contact information of your application. At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you. Corporate Risk helps all Wells Fargo businesses identify and manage risk. The team focuses on several key risk types, including conduct, credit, financial crimes, information security, interest rate, liquidity, market, model, operational, regulatory compliance, reputation, strategic, and technology risk. The group provides leadership, enhances communications, assists with problem identification and solutions, and shares best practices. In addition, the group provides an enterprise-wide view of risk, assists management and our Board of Directors in identifying and monitoring risks that may affect multiple lines of business, and takes appropriate action when business activities exceed the risk tolerance of the company. Within Wells Fargo Compliance, the Enterprise Testing group is responsible for establishing and maintaining a consolidated Enterprise Testing program at the corporate level. Enterprise Testing is responsible for developing a common methodology and standards, providing governance and oversight, executing testing; and conducting horizontal reviews. Testing and validation (T&V) teams are responsible for implementing the Enterprise Testing methodology and standards, and executing group- specific testing. The Information Protection, Technology and Data (IPTD) T&V team within Enterprise Testing is responsible for planning and executing testing and validation reviews in accordance with Independent Monitoring, Testing, and Validation Policy and Procedures. The Operational Risk Consultant 4 will join a team of testing professionals in the execution of risk and controls testing in accordance with the Independent Monitoring, Testing, and Validation Policy and Enterprise Testing Operating Procedures. This testing team is directly responsible for testing of Third-Party related risks and controls at third-party service provider locations which includes evaluating associated policies, related regulatory sources, programs, controls, tools and supporting processes. This individual contributor will be responsible for test plan development, ensuring proper scope and coverage, and credibly challenging business partners in order to provide quality test results that improve business practices. This individual will also have responsibility for handling project communications / reporting to leadership and will manage a broad range of professional relationships and key contacts across the enterprise. This individual develops testing strategies, workbooks and methodologies; evaluates the adequacy and effectiveness of policies, procedures, processes, systems and internal controls; identifies and assesses risk issues and assigns ratings consistent with established policy standards. Consults with business and third parties to develop corrective action plans. Reports findings and drafts recommendations to mitigate risk to Enterprise Testing Leadership and business line management. This position requires travel to third party locations. Other key responsibilities include (but are not limited to): Analyze vendor risk data including concentration risk, third party obligations, performance metrics and scorecards; Plan third party control assessments by developing questionnaires and analyzing existing information such as third party profiles and due diligence evaluations. Execute control testing within required timeframes and in accordance with established processes and procedures including the Operational Risk and Compliance Testing and Validation Standards Evaluate third party vendor's control infrastructure effectiveness and review evidence of controls by applying audit, compliance, security and regulatory framework knowledge and experience including, but not limited to: COBIT/NIST/ITIL/ISO 27001, Third Party Regulations (FRB/OCC) and FFIEC Third Party Risk Management requirements. Review key third party contractual obligations and major policy requirements. Identify risks related to Information Security, Technology, Data Privacy and Information Risk originated from these obligations and map such risks to expected control processes using industry frameworks such as COBIT, ITIL, ISO and NIST. Document job aids and procedures that support the successful implementation of testing activities. Gather information from a range of different sources and methods e.g. data collection, interviews, meetings, review of processes, manuals, and documentation and generate innovative ideas that challenge the status quo. Propose enhancements to support third-party risk testing processes. Work cross-functionally with team members to support and drive a collaborative team environment Design test scripts and identify accurate and complete populations for testing Evaluate and rate control design and performance Consult with business to effectively manage change in ensuring adequate corrective actions are in place to ensure policy compliance Conduct quality reviews or peer reviews of review activity reports, work papers and supporting documents, and system data Assist in the identification of control breakdowns, unmitigated risks and aggregate findings, coordinating with other independent review programs to ensure adequate coverage and proper coordination. Collaborate with other risk SMEs and T&V Groups across Corporate Risk and Corporate Compliance to develop coverage strategies taking into account new/updated regulatory guidance, standards, policies, etc. and in order to illustrate a comprehensive view on process and control effectiveness for the business. Ensuring test coverage and strategy is in accordance with required policies and procedures and provides comprehensive coverage of regulatory requirements, and related risks and controls. Ensure consistency in execution, and maintenance of a current testing schedule, including supervision and input in review scoping, monitoring progress of reviews and reporting on the results. Participate in key initiatives and projects that impact Testing and Validation. Required Qualifications 6+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or 6+ years of IT systems security, business process management or financial services industry experience, of which 3+ years must include direct experience in compliance, operational risk management, or a combination of both 5+ years of compliance and controls testing experience 4+ years of third party risk management experience 3+ years of financial services experience 2+ years of Information Security Frameworks and standards (FFIEC, NIST, ISO) experience A BS/BA degree or higher Desired Qualifications Advanced Microsoft Office skills Excellent verbal, written, and interpersonal communication skills Strong analytical skills with high attention to detail and accuracy Ability to interact with all levels of an organization Experience testing policy and procedures/control testing Other Desired Qualifications Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) Solid understanding of regulatory expectations (e.g. OCC, FRB, FDIC, NY-DFS, GDPR) for implementing a 3rd Party Risk Management Framework and the proper procedures for effective governance, monitoring and reporting Experience performing a site visit to a third party facility. Experience assessing cloud technologies such as Software as a Service (SaaS) hosted applications, Platform as a Service (PaaS), and Infrastructure as a Service deployments (IaaS). Experience performing vendor risk assessments is highly desired (experience only in vendor oversight or vendor management is not sufficient) Ability to prioritize work, meet deadlines, achieve goals, and work under pressure in a dynamic and complex environment For Testing and Validation Positions Only: One or more of the following certifications is desired: Certified Anti-Money Laundering Specialist (CAMS) Certified Financial Crimes Specialist (CFCS) Certified Information Systems Auditor (CISA) Certified Internal Auditor (CIA) Certified Public Accountant (CPA) Certified Regulatory Compliance Manager (CRCM) Certified Risk and Compliance Management Professional (CRCMP) Certified Risk Professional Program (CRP) For Testing and Validation Positions Only Job Expectations Ability to travel up to 30% of the time Disclaimer All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act. Relevant military experience is considered for veterans and transitioning service men and women. Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.
Fort Mill, SC, USA