View Job

Operational Risk Manager 3 - Info Sec Control Testing Manager

Wells Fargo | Portland OR 97299 USA | Full Time | Posted: 07/12/2019

Job Descriptiontop

Job Description

At Wells Fargo, we want to satisfy our customers’ financial needs and help them succeed financially. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

Corporate Risk helps all Wells Fargo businesses identify and manage risk. The team focuses on several key risk types, including conduct, credit, financial crimes, information security, interest rate, liquidity, market, model, operational, regulatory compliance, reputation, strategic, and technology risk.
The group provides leadership, enhances communications, assists with problem identification and solutions, and shares best practices. In addition, the group provides an enterprise-wide view of risk, assists management and our Board of Directors in identifying and monitoring risks that may affect multiple lines of business, and takes appropriate action when business activities exceed the risk tolerance of the company.

Within Wells Fargo Compliance, the Enterprise Testing group is responsible for establishing and maintaining a consolidated Enterprise Testing program at the corporate level. Enterprise Testing is responsible for developing a common methodology and standards, providing governance and oversight, executing testing; and conducting horizontal reviews.  Testing and validation teams are responsible for implementing the Enterprise Testing methodology and standards, and executing group-specific testing.

The Information Protection, Technology and Data T&V team within Enterprise Testing  is responsible for planning and executing testing and validation reviews in accordance with Independent Monitoring, Testing, and Validation Policy and Procedures.

The Information Protection, Technology and Data T&V is seeking a candidate who will be responsible for the oversight and execution of testing reviews for Enterprise Information Security

The Operational Risk Manager 3 will focus on management of a team of testing professionals in the execution of Information Security testing in accordance with the Independent Monitoring, Testing, and Validation Policy and Enterprise Testing Operating Procedures. This leader will be responsible for strategic test plan development, ensuring proper scope and coverage, and credibly challenging business partners in order to provide quality test results that improve business practices. This individual will also have responsibility for managing project communications / reporting to leadership and will manage a broad range of professional relationships and key contacts across the enterprise.

This position reports directly to: the Head of Enterprise Information Security Testing. 

Other key responsibilities include (but are not limited to):

  • Management of control testing to independently assess Front Line (business) adherence to Enterprise Information Security (EIS) Policy MRs and to evaluate effectiveness of processes, controls, or activities related to information security on a predefined, risk-based frequency.
  • Ensuring test coverage and strategy is in accordance with required policies and procedures and provides comprehensive coverage of regulatory requirements, and related risks and controls.
  • Ensure consistency in execution, and maintenance of a current testing schedule, including supervision and input in review scoping, monitoring progress of reviews and reporting on the results.
  • Establish and manage targeted reviews (including horizontal reviews) to independently assess new, emerging, or significant information security risks based on an ad-hoc or pre-defined frequency.
  • The activities performed by the Information Protection, Technology and Data T&V team will test compliance with the Information Security policy requirements and assist in the identification of security risks and aggregate findings, coordinating with other independent review programs  (e.g. DIGG, EC&O, TRMO, EIS) to ensure holistic enterprise coverage with minimal overlap.
  • Collaborate with other risk SMEs and T&V Groups across Corporate Risk and Enterprise Risk & Controls to develop coverage strategies taking into account new/updated regulatory guidance, standards, policies, etc. and in order to illustrate a comprehensive view on process and control effectiveness for the business.
  • Report findings and provide recommendations to stakeholders.
  • Participate in key initiatives and projects that impact Testing and Validation
  • Facilitate an efficient and valued testing review process.
  • Lead and inspire the Testing team and attract, develop, retain and maintain appropriate staff levels.

As a Team Member Manager, you are expected to achieve success by leading yourself, your team, and the business. Specifically you will:

  • Lead your team with integrity and create an environment where your team members feel included, valued, and supported to do work that energizes them.
  • Accomplish management responsibilities which include sourcing and hiring talented team members, providing ongoing coaching and feedback, recognizing and developing team members, identifying and managing risks, and completing daily management tasks.

Required Qualifications

  • 8+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or 8+ years of IT systems security, business process management or financial services industry experience, of which 4+ years must include direct experience in compliance, operational risk management, or a combination of both
  • 3+ years of management experience

Desired Qualifications

  • Advanced Microsoft Office skills
  • Excellent verbal, written, and interpersonal communication skills
  • Strong analytical skills with high attention to detail and accuracy
  • Ability to articulate complex concepts in a clear manner
  • Experience creating, executing, and documenting compliance testing
  • Experience reviewing testing strategies and methodologies; evaluating the adequacy and effectiveness of policies, procedures, processes, initiatives, products and internal controls; and identifying issues resulting from internal and/or external compliance examinations
  • Virtual leadership experience with ability to effectively drive results, provide feedback/direction, and manage and build relationships with leaders and team members in a geographically dispersed team environment
  • Ability to prioritize work, meet deadlines, achieve goals, and work under pressure in a dynamic and complex environment
  • Exposure to Wells Fargo Information Security Management System (Policyworks)
  • Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO)
  • Leadership experience including; coaching, training, and mentoring
  • Experience with Wells Fargo risk systems such as Shared Risk Platform (SHRP), Risk and Control Self-Assessment (RCSA), or Control Risk Analysis System (CRAS+)

Other Desired Qualifications
  • Compliance and/or  Operational risk testing within Information security  that includes Knowledge and understanding of security technologies and concepts including Encryption, Application Security, Mobile and Cloud Computing, Authentication, and DDOS Attacks
  • Experience hiring team members,  coaching, developing, and conducting performance reviews with direct reports
  • Experience evaluating effectiveness of processes, controls, or activities related to information security on a predefined, risk-based frequency
  • Experience assessing test scope, test scripts, as well as executing, and documenting testing
  • Experience providing “credible challenge” to business partners when necessary, with the ability to lead through influence
  • Understanding of Wells Fargo Ops Risk management policies and programs
  • Experience assessing and consulting around risk, compliance testing, or audit

One or more of the following certifications is desired:

  • Certified Information Systems Auditor (CISA)
  • Certified Internal Auditor (CIA)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)



All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

Job Detailstop

Location Portland, OR, 97299, United States
Categories Quality Assurance/Safety

Location Maptop

Contact Informationtop

Contact Name -
How to apply Employer provided a link where your application will be accepted. Click on the link below and follow instructions.
Apply Click Here (apply to job)
Job Code 5497305-4

Featured Employers - view all