Technology and Information Security Senior Lead Operational Risk Officer, APAC

Department Overview

The Technology and Information Security Independent Risk Management (IRM) Oversight team is responsible for developing, implementing and performing Independent Risk Management reviews and challenge for the Wells Fargo technology and information security risk-based programs. This position will also be responsible to deliver the IRM functions as defined in the risk management framework and evidence that responsibilities are carried out with the operational risk process and procedures with legal entity, country and region. Even though the primary focus covers Technology and Information Security, the expectation is for the position to cover related operational risk stripes, such as Data Management Risk, Information Management Risk, etc.

Responsibilities

• Provide oversight over adherence to any applicable Wells Fargo technology, information security, data and information management risk policies, controls, and programs to help ensure successful IRM Oversight and program effectiveness.
• Provide formal monitoring of Risk Appetite metrics, associated Key Risk Indictors and develop an effective independent review and challenge process of the reporting produced by the Front Line.
• Be able to use risk intelligence to identify control weaknesses and working with global IRM partners to support the effective writing of challenges to influence change and improvements to enterprise processes that impact International.
• Providing periodic Independent Risk Management risk assessment, gap analysis reviews, and challenge efforts for APAC.
• Support in the review and challenge of scenario analysis to support the ICAAP and ILAAP requirements for the various legal entities (Same as CCAR - for International).
• Responsible for providing an independent view of risk to the IRM governance functions such as Board / Regional Risk Committees for APAC through the Head of Ops Risk.
• Ensure that the Front Line is providing the regional business partners with appropriate level of transparency for enterprise solutions that could potentially impact their operational abilities.
• Coordinate review and challenge of all regulatory responses and interactions related to Technology, Information Security, Information Management and Data Management risks, and ensure that the responses provide are appropriate for the legal entity that is responding and that the associated evidence would be able to be produced by relevant Front Line teams.
• Support the Head of APAC Ops Risk to guide more junior team members and execute enterprise-wide operational risk programs.

Requirements

• 6 to 10 years of technology and information security risk management experience, preferably within financial services industry. Of which, 3+ years must include direct experience in compliance, technology and information security risk management, operational risk management, or a combination.
• Experience with APAC regulatory expectations related to Technology, Information Security, Cyber Security, Data Management and Information Management in key APAC Countries - Hong Kong, Singapore, Japan, South Korea, Taiwan and China.

Desired Qualifications

• Knowledge and understanding of technology and information security risk assessment or audit
• Knowledge and understanding of platform technologies including network, distributed systems, desktop computing, voice, and threat management technologies
• Knowledge and understanding of Technology and Information Security Frameworks and standards (FFIEC, NIST, ISO)
• Knowledge, skills and understanding of oversight of internal outsourcing arrangements
• Knowledge and understanding of threat analysis and assessment of potential and current information security risk/threats.
• Knowledge and understanding of audit / regulatory self-assessments
• Knowledge and understanding of Regulatory Risk and Compliance policies and programs
• Knowledge and understanding of formal governance structures, board responsibilities, and escalation through risk committees and other formal governance structures
• Knowledge and understanding of process design, modeling, and development
• Proven experience with conducting risk and process assessments

Desired License/Certifications:

Certified in Risk and Information Systems Control (CRISC)

Certified Information Privacy Professional/US (CIPP/US)

Certified Information Security Manager (CISM)

Certified Information Systems Auditor (CISA)

Certified Information Systems Security Professional (CISSP)

Cisco Certified Network Associate Security (CCNA)

Cisco Certified Network Professional Security (CCNP)

Other Desired Qualifications

• Excellent verbal, written, and interpersonal communication skills
• Ability to interact with all levels of an organization
• Advanced Microsoft Office skills
• Ability to write precise concise documents - effectively communicating challenges and expected actions
• Experience with scenario analysis in regards to loss events. Evaluating risks and determining impact and likelihood of the event occurring and providing credible challenge throughout the process.
• Strong understanding of policies, procedures, and programs to ensure appropriate and effective risk mitigation controls are in place
• Good judgement in terms of risk / issue ownership / escalation
• Concepts around internal outsourcing / regulatory oversight expectations in this model

We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.