Department Overview :
Corporate Risk enables all Wells Fargo businesses to identify and manage risk. The team focuses on several key risk areas, including credit risk, operational risk, market risk, reputation risk, and compliance risk.
The Technology & Information Security Risk Oversight (TISRM) team is an Independent Risk Management (IRM) function within the Corporate Risk Group.
TISRM is accountable for Operational risk oversight of the front lines : Wells Fargo Technology, and oversight across the enterprise for technology risk, information security risk, information management risk
Objectives include :
Overseeing front line Technology and Information Security risk management team adherence to the Wells Fargo Risk Management Framework
Develop and enhance independent risk management oversight function to provide an independent view of the risks within the technology and information security environment
Review and challenge adequacy and efficiency of the front line controls
Maintaining an independent view of the Company’s aggregate and material technology and information security risk
Identifying and providing appropriate operational risk coverage for the organizations in scope and their risk-taking activities
Enabling timely, informed and efficient operational risk identification, escalation, reporting, and decision-making
Conduct independent risk management reviews and identify control expectations with primary focus on technology and information security processes / applications.
Identify operational risk issues and assign risk ratings consistent with established policies and standards.
Evaluate the adequacy and effectiveness of applicable policies, procedures, processes, systems and internal controls.
Perform gap analysis on policy requirements for risk types aligned to various operational and technology processes.
Develop, implement, and support an effective control review and challenge process to provide transparency, accountability and escalation of control effectiveness.
Consult with frontline partners and other independent risk management teams to open issues related to control failures.
Validate / evaluate appropriateness, completeness, effectiveness and sustainability of corrective actions taken to address situations defined as issues.
Review for consistency and thoroughness, and suggest improvements for better resiliency.
Provide leadership and guidance to impacted stakeholders around control framework requirements aligned to technology and information security control implementation.
Required Qualifications :
15+ years of experience in risk assessment, independent risk management, control evaluation, risk reporting and issue management on various technology risks, inclusive of but not limited to, information security risk, information management risk.
Industry recognized certification such as CISM / CISA / CRISC / CISSP.
Good to have working knowledge of COBIT framework with an emphasis on measuring control effectiveness and risk assessments.
Desired Qualifications :
Advanced Microsoft Office skills.
Excellent verbal, written and interpersonal communication skills.
Ability to challenge for material areas of improvement and articulate risk impact
Strong analytical skills with high attention to detail and accuracy.
Ability to interact with all levels of an organization.
Ability to present complex material in a digestible, consumable manner to all levels of management.
Market Skills and Certifications
Other desirable skills experience
Broad knowledge of operational risks including technology and information security risk and the issues faced by financial institutions today.
Strong knowledge on enterprise risks, i.e. front office and middle office processes / controls would be considered as an added advantage.
Proven experience with managing technology risk issues.
Experience developing risk metrics and trending reports.
Ability to synthesize data from a variety of sources and deliver results quickly.
Strong organization and detail-oriented skills, with proven ability to manage and prioritize work to meet deadlines despite frequent interruptions.
Highly proactive, able to work both independently and within a collaborative team oriented environment using sound judgment in decision-making.
Demonstrated ability to work effectively with virtual and / or geographically dispersed teams.