Senior Lead Operational Risk Officer | Technology Risk Management

About this role:

Wells Fargo is seeking a Senior Lead Operational Risk Officer within Technology Risk Management. You'll provide second line oversight of cybersecurity risk management practices across the enterprise, ensuring alignment with regulatory expectations, internal risk frameworks, and industry standards. Learn more about career areas and lines of business at wellsfargojobs.com.

In this role, you will:

• Evaluate and Challenge (For one or more of the areas listed below):
  • Cyber Incident Response Oversight: Including classification, investigation, escalation, containment, recovery, and closure to ensure timely and effective handling of cybersecurity events.
  • Infrastructure security: Including networks, workspace, and data stores.
  • Application security: Including pen testing, application threat modeling and application security testing
  • Identity and Access Management Oversight: Including authentication, authorization, privileged access, remote access, and segregation of duties.
  • Information Protection Oversight: Including data leakage prevention, information classification, encryption, and disclosure controls to ensure sensitive data is adequately protected.
  • Security Monitoring Oversight: Including the effectiveness of security event monitoring, log collection, dashboard governance, and threat actor analysis to ensure proactive detection and response capabilities.
  • Vulnerability Management Oversight: Including lifecycle of vulnerability management including discovery, identification, monitoring, remediation, and reporting to ensure timely mitigation of technical risks.
  • Cyber Threat Intelligence and Adversary Hunting: Including threat intelligence is effectively gathered, analyzed, and used to inform defenses against emerging threats and adversary tactics.
• Risk Reporting and Communication: Deliver clear, actionable insights and reporting on cybersecurity risk exposures to senior management, risk committees, and regulatory bodies.
• Stakeholder Engagement: Collaborate with first-line cybersecurity teams, technology, compliance, legal, and internal audit to ensure a cohesive and effective cybersecurity risk management approach.

• 7+ years of Operational Risk experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education.

• Deep understanding of cybersecurity frameworks (e.g., NIST CSF, ISO 27001, MITRE ATT&CK) and incident response methodologies.
• Strong knowledge of identity and access management (IAM) principles, tools, and governance practices.
• Expertise in data protection, encryption standards, and information classification.
• Experience with security operations, including SIEM, log management, and threat detection technologies.
• Expertise with vulnerability management tools, scanning methodologies, and remediation processes.
• Knowledge of cyber threat intelligence, adversary behavior analysis, and proactive threat hunting techniques.
• Proven ability to assess and challenge cyber risk controls and influence remediation strategies.
• Strong communication, analytical, and leadership skills with experience engaging senior stakeholders and regulators.
• Experience in a second line of defense or independent cybersecurity risk oversight function is highly desirable.

• This position currently offers a hybrid work schedule.
• Ability to travel domestic and international.
• Ability to work at a posted location.

• 401 S Tryon St - Charlotte, North Carolina
• 401 W Las Colinas Blvd - Irving, Texas
• 600 S 4th St - Minneapolis, Minnesota
• 1150 W Washington St - Tempe, Arizona
• 800 S Jordan Creek Pkwy - West Des Moines, Iowa