About Wells Fargo: Wells Fargo & Company (NYSE: WFC) is a diversified, community-based financial services company with $2.0 trillion in assets. Founded in 1852 and headquartered in San Francisco, Wells Fargo provides banking, insurance, investments, mortgage, and consumer and commercial finance through more than 8,500 locations, 13,000 ATMs, the internet (wellsfargo.com) and mobile banking, and has offices in 42 countries and territories to support customers who conduct business in the global economy. With approximately 273,000 team members, Wells Fargo serves one in three households in the United States. Wells Fargo & Company was ranked No. 25 on Fortune's 2017 rankings of America's largest corporations. Wells Fargo's vision is to satisfy our customers' financial needs and help them succeed financially. News, insights and perspectives from Wells Fargo are also available at Wells Fargo Stories.
Corporate Risk helps all Wells Fargo businesses identify and manage risk. Corporate Risk strives to ensure that all Wells Fargo corporate functions and lines of business soundly manage risk, comply with applicable laws and regulations, and offer products and services that meet the needs of our customers. The group provides leadership, enhances communications, assists with problem identification and solutions, and shares best practices. In addition, the group provides an enterprise-wide view of risk, assists management and our Board of Directors in identifying and monitoring risks that may affect multiple lines of business, and takes appropriate action when business activities exceed the risk tolerance of the company.
Wells Fargo is increasing its focus on technology and operational risk to ensure the company has a best-in-class, globally robust risk management framework in the second line of defense. Given the strategic importance of the Asia Pacific market, the bank is building a robust team in the area of technology risk management second-line-of-defense.
As an APAC Technology Risk Officer function representing TRMO in the region, this position will be responsible for:
Delivering and implementing the TRMO framework into the region and for embedding the understanding of IT risk in information technology and other business process impacted by technology.
Developing regional/local practices, processes, and reporting to provide independent risk management oversight and participation in critical regional programs or projects with significant technology risks.
Reviewing mitigation/remediation plans and providing advice on mitigation effectiveness and alternative mitigation approaches applicable to the region
Performing review of the work products produced locally by program/project according to risk program requirements and deadlines
Attending regional steering committees and work groups to ensure appropriate technology risk management -SLoD coverage
Capturing and escalating credible challenges
Producing regional management reporting as applicable
Integrating regional requirements to the broader TRMO program/project into technology risk management processes
Effectively collaborating with regional business partners in the first-line-of-defense and second line of defense in the establishment of new risk management processes for the specific program/project
Working with regional and other international stakeholders to ensure each has the tools, processes and expertise to effectively manage technology risks
Developing and maintaining strong working relationships with the line of business, corporate regulatory and operational risk and compliance peers
Ensuring that critical regional programs and projects remain aligned to the technology risk management strategy and functional framework
This position will play a key role in helping to implement and execute the international technology risk management program and compliance to effectively and efficiently operationalize this function. This may include the following activities:
Offer advice, best practices recommendations, and feedback in the definition of functional governance structures/processes, risk appetite/tolerances and reporting applicable to the region.
Review and assist with implementation of the appropriate industry technology risk management frameworks within the region.
Offer advice, best practices recommendations, and feedback with development and execution of regional risk assessment and control testing plans
Basic Qualifications 7+ years in compliance, operational risk, IT systems security, technology risk management, business process management or financial services, of which at least 4 years must include direct experience in technology, compliance or operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk).
Proven ability to work within a large and complex organization to build and nurture relationships with demonstrated proficiency to interface with multiple stakeholder groups to ensure successful execution to meet business goals.
Demonstrated global and/or regional information technology risk management experience in areas such as infrastructure management, network management, secure application development, information security, technology risk management and data governance.
Proven ability to understand and interpret regional and local regulations within regions and countries and aptitude to map them against corporate policies, standards, and procedures; identifying gaps and providing recommendations for mitigating gaps.
Proven experience in formulating regional policies, standards and procedures to meet minimum local regulatory compliance requirements.
Ability to translate ambiguous ideas/issues into well-defined plans/solutions; while influencing decision-making process.
Strong ability to work and collaborate with global/regional leaders and team members at all levels and across functional lines.
Excellent influencing skills to effect changes with regional leaders and business stakeholders to comply with corporate minimum standards and/or implement stringent local regulatory requirements where applicable.
3 years implementing risk management models
3 years implementing the risk management taxonomy
3 years of comprehensive implementation experience of the Risk Control Library
3 years of implementation of the evaluation of inherent and residual risk efforts
Experience in international/regional technology risk management and oversight
Proven experience in all aspects of executing and enforcing new policy, process and methodology or significant enhancement of same in a significantly complex environment.
Experience with assessing the adequacy of policies, procedures, processes, and compliance and operational controls between Corporate and International views and interpretation in a significantly large and complex organization.
Prior experience with Compliance/Operational/Technology Risk and implementing corrective actions.
Knowledge and experience with technology-related regulatory requirements.
Team members support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.