Manager - Operational Risk & Compliance
About Wells Fargo : Wells Fargo & Company (NYSE: WFC) is a diversified, community-based financial services company with $2.0 trillion in assets. Founded in 1852 and headquartered in San Francisco, Wells Fargo provides banking, insurance, investments, mortgage, and consumer and commercial finance through more than 8,500 locations, 13,000 ATMs, the internet (wellsfargo.com) and mobile banking, and has offices in 42 countries and territories to support customers who conduct business in the global economy. With approximately 273,000 team members, Wells Fargo serves one in three households in the United States. Wells Fargo & Company was ranked No. 25 on Fortune's 2017 rankings of America's largest corporations. Wells Fargo's vision is to satisfy our customers' financial needs and help them succeed financially. News, insights and perspectives from Wells Fargo are also available at Wells Fargo Stories.
About Enterprise Global Services :
Enterprise Global Services (EGS) enables global talent capabilities for Wells Fargo Bank NA., by supporting over half of Wells Fargo's business lines and staff functions across Technology, Operations, Risk Services and Knowledge Services. EGS operates in Hyderabad, Bengaluru and Chennai in India and in Manila, Philippines. Learn more about EGS at our International Careers website .
Department Overview: EIS supports the Wells Fargo vision, enabling customer trust through our mission to secure and protect Wells Fargo customers' information assets. It is supported by our vision to provide Wells Fargo with world-leading cyber security risk management. The goal is to enable Wells Fargo to maintain customer trust and securely meet its business objectives within our risk appetite and provide guidance to align people, processes, and technologies across the enterprise .
- Total 8 to 10 years of experience in IT / Information Security Risk management
- Minimum 8 years of experience with information security.
- Well organized with the ability to work independently and manage multiple initiatives and priorities concurrently in a professional manner.
- Excellent written and verbal communication skills.
- Working knowledge of Microsoft Word, Excel and PowerPoint.
- Experience with conducting risk assessments, assessing the adequacy of policies, procedures, processes, and compliance and operational controls.
- Information Security technical skills and knowledge to identify and understand gaps and recommend control solutions and process or design changes as appropriate.
- Analytical thinking and problem solving capabilities to ensure timely and accurate execution of the corporate Information Security Risk Assessment function
- This position requires compliance with regulatory requirements and Wells Fargo's compliance policies related to these requirements including acceptable background check investigation results. Successful candidates must also meet ongoing regulatory requirements including additional screening
- Extreme focus on detail and knowledge of some or all of the following information control areas.
- Physical and Environmental Security
- Information Security Management
- Asset management
- Information classification and handling
- Media handling
- Third Party Security Management
- Incident Management
- Audit and Compliance
- Change and Vulnerability Management
- Human Resources Security and Training
- Security in software development
- System Development and Testing
- Network Security Configuration and Management
- Systems Monitoring and Logging
- Systems Security Configuration and Management
- Access Control
- Mobile Computing and Remote Access
- Business Continuity Planning
- Application Architecture and Security
Market Skills and Certifications
- Ability to work with complex teams; have global experience, specifically US banks
- Ability to communicate technical concepts to non-technical audiences and the ability to achieve results through prolific communication skills.
- Comfortable with making and presenting recommendations to a wide audience of stakeholders
- Industry recognized information security certification such as CISSP, Security +, CISA.
- Strong knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices.
- Information Security Risk Assessments and Consulting
- Provides information security consultation for all aspects of information security compliance policy, risk management and remediation.
Co-ordinates, participates in and reviews some aspects of information security risk assessment
- Conduct pre risk assessment meetings for information gathering as part of the information security risk assessments
- Consult with the business to develop remediation plans for identified risks.
- Manage the coordination of other assessment activities including code reviews, site reviews, penetration tests and other internal risk assessments.
- High risk action plans - Manage the coordination of implementation of the recommended remediation plans and strategies and the follow-up activities to ensure closure of high/medium risk action plans.
- Review technology releases impacting the organization against risk assessments and identify potential risk posture changes.
- Optimizes information security risk awareness and influences leaders in strategies to mitigate the risks. Pro-actively informs and influences stakeholders on net new or on material changes to an asset to influence control decisions.
- Coordinates with vendor manager on 3rd party assets to manage information security risks.
- Proven ability to support broad and evolving requirements in a timely and effective manner.
- Strong communication skills (written and verbal) to effectively present information across multiple types of stakeholders.
- Extremely well organized with the ability to manage and meet multiple requirements concurrently.
- Demonstrated ability to work with team members, actively lead projects/discussions, work through problems and reach decisions that are in the best interest of the Company and customers.
- Producing management reporting as applicable
- Contribute to group work streams and/or department-wide initiatives as needed.
- Contribute in the Information Security Metrics reporting as required by stakeholders.
- Demonstrate an understanding of key information security controls and key risk indicator (KRI) and able to gather the relevant security data from different teams and systems and support in the preparation of Executive commentary reports.
- Collate relevant information from Technology Asset and Application Inventory and Access Control System Security Vulnerability and Patch, Data Loss Prevention Statistics and Technology Security Plan and Risk Issues.
Back to top