Why Wells Fargo:
This is where your true career begins. We ranked #2 on the 2023 LinkedIn Top Companies list – and #1 among financial services companies – as the best workplace “to grow your career” in the U.S. At Wells Fargo, we support employees’ career aspirations and growth. We’re proud of our employee-welfare-centered business approach and our commitment to diversity, equity, and inclusion in the workplace.
We offer competitive salaries and one of the richest benefits packages in the industry. Our Total Rewards program focuses on wellness, work-life balance and the financial health of our employees. Our customers invest with us, we invest in you. Apply today.
About this role:
Wells Fargo is seeking a Lead Control Management Officer to join its Cloud Control Management team. This First Line of Defense team provides business risk and control management support for Cloud technology platform and enablement activities led by the Chief Technology Office (CTO) organization at Wells Fargo. This role will focus on technology and security risk management for Cloud IT services and supporting operational processes and controls in an environment that maintains heightened standards and risk awareness. As part of the front line, this role provides leadership support to ensure that Technology line of business stakeholders supporting Cloud are accountable for risks with associated activities. Due diligence activities include control design assessment and gap identification, control effectiveness testing, issue management of corrective actions and policy exceptions, identification of current and emerging technology and security risks, proactive monitoring, and reporting, etc. Crucial to this role are diligence, strong organizational skills, communication skills, and the ability to collaborate with stakeholders across CTO, Cybersecurity, CIO application teams in support of Cloud technologies at Wells Fargo.
In this role, you will:
Provide risk and control management expertise to a forward-thinking Cloud strategic vision and direction enabled by the Digital Infrastructure Strategy Program (DISP), collaborating closely with key Technology organization stakeholder to deliver upon action plans milestones (i.e., Chief Technology Office (CTO), Cloud Security, Cloud Governance, CIO application teams).
Participate in and influence end-to-end key risk process development, control design and effectiveness evaluation, and establishing guiding principles and formal risk-based decision-making in support of Cloud transformation and risk management activities.
Mature technology risk management strategy for Cloud based solutions, working closely with business, technology, and risk lines of defense to enable internal and external Cloud platform capabilities with required controls.
Develop and present compelling views and conduct persuasive conversation focused on Cloud transformation and risk management activities based on Cloud strategy, with expertise in understanding business impacts of technology decisions as they relate to Cloud adoption and enablement, specifically risk management and security.
Provide reviews on risk issue remediation plans and provides feedback on strategy, governance, measurable benefits, metrics, scope, and reasonability.
Apply relevant risk/control/security domain and change knowledge/experience to ensure the timely and effective identification, assessment, and escalation of risks in a transparent manner.
Assist with the implementation of corporate policies, risks and controls that are preventative in nature which can be either automated or manual and align with all risk lines of defense.
Ensure adherence to supporting policies and standards by providing feedback, direction, and industry leading practices.
Conduct and support risk assessments to evaluate the control environment and estimate the level and trending of inherent vs. residual risk posture by determining the effectiveness of associated controls.
Monitor controls to identify gaps and prevent, correct, and detect operational risk issues
Possess strong communications skills, demonstrate critical thinking capabilities, and the ability to convey complex information and ideas both simply and clearly; be able to effectively communicate and broker agreements amongst diverse, differing, competing, and/or conflicting perspectives/ priorities.
Assist with the implementation of corporate policies, risks and controls that are preventative in nature which can be either automated or manual and align with all risk lines of defense.
Required Qualifications, US:
5+ years of Risk Management or Control Management experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
4+ years of experience supporting an enterprise technology function (i.e., Infrastructure, Architecture, Software Engineering, or within a Technology Risk or Cybersecurity function with demonstrated knowledge of Technology systems, applications, infrastructure and emerging Technology and associated risks in a business environment.
Desired Qualifications:
Certified in Risk & Information Systems (CRISC), Certified Internal Auditor (CIA), Certified Information Systems Auditor, (CISA) Certification in Control Self-Assessment (CCSA), Certified Information Systems Security Professional, (CISSP) or other risk management discipline certification.
Microsoft Azure and/or Google Cloud Platform (GCP) certification a plus.
Knowledge of Cloud service models and control requirements (i.e., Public Cloud & major Cloud Service Providers (CSP); Private Cloud (PaaS), Software as a Service (SaaS), Hybrid Cloud / Infrastructure as a Service (IaaS).
Knowledge of Cloud deployment technologies (i.e., Kubernetes, Infrastructure as Code (IaC)).
Demonstrated knowledge of Technology and Security risk framework – COBIT, FFIEC, NIST, ITIL, COSO, BASEL, and OCC Heightened Standards.
Working knowledge of Cloud controls and third-party risk management frameworks, i.e., NIST AI RMF, MITRE Atlas, OWAP Top 10 for LLM, CSA CCM.
Working knowledge of Infrastructure as a Service (IaaS) deployment technologies for Cloud.
Working knowledge of Cloud services and tools, i.e., Services (SEDs), Security baselines, APIs, Policy implementation, i.e., Prisma, Terraform Sentinel, Google org policies.
Working knowledge of Google Cloud platform service offerings, Generative AI use cases and associated control and hardening requirements of Gen AI services (e.g., Vector Search, Gecko Text Embedding, Gemini-pro API, Vertex AI Agent Builder, Document AI API, Vertex AI Model Garden, DialogFlow).
Ability to document risks, security and technology control requirements in scope for Gen AI use cases, AI/ML Operational readiness, Resiliency, Data management, Secure SDLC (SSDLC), security controls (example: IAM), Model risks, Third party risks, Regulatory compliance, etc.
Direct experience executing the Risk Control Self-Assessment (RCSA) for risk identification, risk assessment - inherent/residual, and control design.
Direct experience with Issue Management Life Cycle and issue remediation.
Track record of providing constructive challenge with appropriate escalation, root cause analysis and offering solution.
Experience in assessing risk, writing issues, and developing appropriate corrective actions.
Exposure to audit/regulatory exam requirements and experience managing technology risk remediation deliverables.
Strong understanding of issue management, technology/risk reporting, KRI/KPI implementation, vulnerability monitoring and remediation.
Excellent verbal, written, and interpersonal communication skills.
Job Expectations:
This position is not eligible for Visa sponsorship.
Ability to work on site per Wells Fargo's standard operating model in one of the listed locations (hybrid work schedule - 3 days on-site, 2 days remote).
Ability to work additional hours as needed to meet deadlines.
Ability to travel as needed.
Posting Locations:
ISELIN, NJ
CHARLOTTE, NC
CHANDLER, AZ
The Technology Control Functions adhere to a location strategy; therefore, your candidacy may be determined based on your current location. Remote work locations are not available for these roles, so if you are not in a location listed on the posting, you must commit to relocation within an agreed upon timeframe.
Posting End Date:
24 Nov 2024
*Job posting may come down early due to volume of applicants.
We Value Diversity
At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.
Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.
Applicants with Disabilities
To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo.
Drug and Alcohol Policy
Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.
Wells Fargo Recruitment and Hiring Requirements:
a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.