Operational Risk Consultant 4
At Wells Fargo, our vision is to satisfy all our customers’ financial needs and help them succeed financially. In this role, you will help us deliver on our vision and build lifelong relationships with our customers. You also will demonstrate leadership through contributing to a company culture that supports customers in achieving their financial goals, team members in developing their careers, and communities in continuing to thrive. As part of a team that serves one in three American households, you will play a vital role in living our commitment to the highest ethical standards and maintaining the valued trust of our customers and communities.
With approximately 13,700 team members, Wells Fargo Virtual Channels (WFVC) serves Wells Fargo consumer and small business customers through various channels — digital (online, mobile, and social) and contact center (phone, email, and correspondence). WFVC’s vision is to pioneer the next generation of financial services and provide the best virtual experiences, anytime, anyhow, and anywhere. Over 32 million customers use our digital channels to manage their financial lives, and our customer-facing contact centers support approximately 450 million customer contacts annually. Whether our customers connect with us online or by phone, email, or in writing, WFVC is positioned to satisfy our customers’ financial needs 24 hours a day, 7 days a week.
The Wells Fargo Virtual Channels Group (WFVC) Security is seeking a senior level Operational Risk Consultant to provide security risk assessments on all of their Internet/Mobile and Contact Center phone banking platforms. The WFVC Security Group reports into the WFVC Risk and Compliance Group and provides security planning and security strategy to the Internet/Mobile and Contact Center Businesses and Technology Group supporting wellsfargo.com and phone banking. WFVC is the driving creative and technical force behind Wellsfargo.com. WFVC helps customers realize their financial needs by delivering the world’s most innovative e-banking and e-commerce services, capabilities and alliances.
This is an exciting opportunity to work with the team, analyzing security needs for WFVC platforms, applications and other security processes. This is also an opportunity to get exposure to leading-edge technologies in the mobile and social media platforms.
- Develops and implements risk-based programs to identify, assess and mitigate operational risk associated with inadequate or failed internal processes or controls, people, systems or external events – while maintaining balance appropriate to risk mitigation against operational efficiency
- Works with WFVC business units, infrastructure and development to provide operational risk expertise and consulting for projects and initiatives
- Provide systems security consulting on complex issues
- Evaluates the adequacy and effectiveness of policies, procedures, processes, systems and internal controls; analyzes business and/or system changes to determine impact, identifies and assesses operational risk issues and assigns risk ratings consistent with established policy standards
- Consults on secure architectural design. Design and develop testing strategies, methodologies and analyses
- Assesses and identifies security and operational risk issues of 3rd party vendor environment and services used by the business
- Consults with business to develop corrective action plans and effectively manage change
- Reports findings and develops business cases to influence senior management on the need for controls to mitigate risk
- Articulates risk and complex technical issues to enable WFVC to understand and accept Information Security risk
- Works across WFVC and with LOB partners to ensure that risk is properly analyzed and captured and works toward effective mitigation and control programs
- Interfaces with the Enterprise Information Service (EIS) Group
- Identify training opportunities; design/coordinate the development of training materials; deliver or coordinate training delivery
- Provide guidance to less experienced consultants
Preferred Locations: 401 S. Tryon St, Charlotte,NC ; 333 Market St, San Francisco, CA; Others locations may be considered
- 6+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or 6+ years of IT systems security, business process management or financial services industry experience, of which 3+ years must include direct experience in compliance, operational risk management, or a combination of both
- Advanced Microsoft Office skills
- Excellent verbal, written, and interpersonal communication skills
- Strong analytical skills with high attention to detail and accuracy
- Ability to interact with all levels of an organization
- 4+ years of information security experience
- Knowledge and understanding of information security risk assessment procedures, risk mitigation or remediation
- Experience evaluating security risks related to mobile devices, tablets, and social media
- Experience preparing security risk assessments for Wells Fargo business and 3rd party service providers
- Knowledge and understanding of application security planning and security architecture
- Knowledge and understanding of security technologies and concepts including identity management, single sign on, directory services, role based access control, cryptographic algorithms, mutual authentication and certificate management
- Knowledge and understanding of Wells Fargo risk platforms, such as Security Planning & Assessment of Risks/Controls (SPARC), Configuration Management Database (CMDB), Information Services Application Inventory (ISAI), Vendor Management System of Record (VSMOR), Third Party Information Management Systems (TRIMS), Control Review Assessment System Plus (CRAS+), or Centralized Issue and Corrective Action Tracking (CICAT)
- Ability to articulate issues, risks, and proposed solutions to various levels of staff and management
- Knowledge and understanding of TCP/ IP (Transmission Control Protocol/Internet Protocol)
- Information Security Tools Development Unix and Windows experience
- Knowledge and understanding of internet, mobile, and tablet technology
- Knowledge and understanding of Java
- Knowledge and understanding of .net
- Ability to identify and evaluate trends, isolate root cause, and provide swift/thorough resolution
- Experience consulting with internal clients and business
- Ability to work independently
- Ability to work and influence successfully within a matrix environment and build effective business partnerships with all levels of team members
- Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important
- Certified Information Systems Security Professional (CISSP)
Other Desired Qualifications
- Previous experience in preparing security risk assessments at Wells Fargo
- Previous experience in integrating cryptographic controls in application system designs
NC-Charlotte: 401 S Tryon St – Charlotte, NC
CA-SF-Financial District: 333 Market St – San Francisco, CA
All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.
Relevant military experience is considered for veterans and transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.
0012525 CORP RISK/CORPORATE RISK
Meet Some of Wells Fargo's Employees
Business Online Banking Specialist Representative
Veiongo secures Wells Fargo’s online business banking transactions and customer subscriptions and manages customer-care issues, including password sign-ins, account verifications, and document authorizations.
Back to top