Operational Risk Consultant 5
At Wells Fargo, we want to satisfy our customers’ financial needs and help them succeed financially. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargo’s more than 70 million global customers.
The Consumer Group Information Security Leader Team provides security planning and security strategy to the Wells Fargo Virtual Channels (WFVC) Internet/Mobile, Contact Center business, and Technology groups supporting wellsfargo.com and phone banking. The ORC 5 responsibilities include evaluating and providing solutions to remediate and manage technical security risks for Virtual Channels platforms like Internet/mobile banking and social media with large or complex scoped projects/initiatives.
WFVC is the driving creative and technical force behind wellsfargo.com. WFVC helps customers realize their financial needs by delivering the world's most innovative e- banking and e-commerce services, capabilities and alliances. WFVC serves Wells Fargo consumer and small business customers through various channels — digital (online, mobile, and social) and contact center (phone, email, and correspondence).
This is an exciting opportunity to work with the team, analyzing security needs for WFVC platforms, applications and other security processes. This is also an opportunity to get exposure to leading-edge technologies in the mobile and social media platforms.
- Develops and implements risk-based programs to identify, assess and mitigate operational risk associated with inadequate or failed internal processes or controls, people, systems or external events - while maintaining balance appropriate to risk mitigation against operational efficiency
- Works with WFVC business units, infrastructure and development to provide information security risk expertise and consulting for projects and initiatives
- Provide systems security consulting on complex issues
- Evaluates the adequacy and effectiveness of policies, procedures, processes, systems and internal controls; analyzes business and/or system changes to determine impact, identifies and assesses operational risk issues and assigns risk ratings consistent with established policy standards
- Consults on secure architectural design. Design and develop testing strategies, methodologies, and analyses
- Participates in the risk assessment process and identifies security and operational risk issues of 3rd party vendor environment and services used by the business
- Consults with the business to develop corrective action plans and effectively manage change
- Reports findings and develops business cases to influence senior management on the need for controls to mitigate risk
- Articulates risk and complex technical issues to enable WFVC to understand and accept Information Security risks
- Works across WFVC and with LOB partners to ensure that risk is properly analyzed and captured and works toward effective mitigation and control programs
- Interfaces with the Line of Business and Enterprise Information Technology (EIT) group
- Identify training opportunities; design/coordinate the development of training materials; deliver or coordinate training courses
- Provide guidance to less experienced consultants
Preferred Locations: 401 S. Tryon St, Charlotte, NC; 333 Market St, San Francisco, CA; Others locations may be considered
- 10+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or 10+ years of IT systems security, business process management or financial services industry experience, of which 5+ years must include direct experience in compliance, operational risk management, or a combination of both
- 4+ years of information security experience
- Advanced Microsoft Office skills
- Excellent verbal, written, and interpersonal communication skills
- Strong analytical skills with high attention to detail and accuracy
- Ability to interact with all levels of an organization
- Knowledge and understanding of internet, mobile, and tablet technology
- Knowledge and understanding of information security risk assessment procedures, risk mitigation or remediation
- Experience evaluating security risks related to mobile devices, tablets, and social media
- Experience preparing security risk assessments for Wells Fargo business and 3rd party service providers
- Knowledge and understanding of application security planning and security architecture
- Knowledge and understanding of security technologies and concepts including identity management, single sign on, directory services, role based access control, cryptographic algorithms, mutual authentication and certificate management
- Knowledge and understanding of Wells Fargo risk platforms, such as Security Planning & Assessment of Risks/Controls (SPARC), Configuration Management Database (CMDB), Information Services Application Inventory (ISAI), Vendor Management System of Record (VSMOR), Third Party Information Management Systems (TRIMS), Control Review Assessment System Plus (CRAS+), or Centralized Issue and Corrective Action Tracking (CICAT)
- Ability to articulate issues, risks, and proposed solutions to various levels of staff and management
- Knowledge and understanding of TCP/ IP (Transmission Control Protocol/Internet Protocol)
- Information Security Tools Development Unix and Windows experience
- Knowledge and understanding of technical application development
- Ability to identify and evaluate trends, isolate root cause, and provide swift/thorough resolution
- Experience consulting with internal clients and business
- Ability to work independently
- Ability to work and influence successfully within a matrix environment and build effective business partnerships with all levels of team members
- Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important
- Certified Information Systems Security Professional (CISSP)
Other Desired Qualifications
- Previous experience in preparing security risk assessments at Wells Fargo
- Previous experience in integrating cryptographic controls in application system designs
CA-SF-Financial District: 333 Market St - San Francisco, CA
NC-Charlotte: 401 S Tryon St - Charlotte, NC
- All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.
- Relevant military experience is considered for veterans and transitioning service men and women.
- Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.