1+ months

Operational Risk Consultant 4

Washington, DC
  • Job Code
Job Description


Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle. Enterprise Information Securitys (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargos infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.

The Application Security Program team is responsible for designing, implementing and managing the Wells Fargo Enterprise Application Security Program (EASP). The primary responsibilities for this position include:

  • Development and implementation of frameworks to monitor Application Security Program risk identification, review and mitigation strategies, while maintaining a balance between risk mitigation and operational efficiency
  • Support application security oversight activities by working with Application Security Champions and line of business partners to evaluate effectiveness of risk reduction goals
  • Assist in building out effective governance of new controls (i.e. Cloud, WAF) and embedding them into first and second line governance processes
  • Provide leadership in the coordination and implementation of Information Security Domain control validation initiatives with cross functional business partners
  • Identify and assess application security related risks to understand how they impact effectiveness or efficiency of the program
  • Identify key program risk metrics (e.g. KPIs, KRIs, KCIs) to measure program effectiveness and performance
  • Enhance First Line of Defense (FLoD) Application Security Program governance and oversight capabilities
  • Enhance and sustain Enterprise Application Security Program practice and governance documentation, ensuring compliance with document retention policy
  • Provide consulting with business units or other key program stakeholders to ensure program components meet business needs and align to corporate risk management expectations
  • Maintain current knowledge of regulatory expectations related to application security and understanding how they impact the Application Security Domain
  • Providing guidance and coaching to less experienced staff
  • Support building out of a data mart/reporting solution to enable monitoring of sustained execution of key security practices

Wells Fargo & Company (NYSE: WFC) is a diversified, community-based financial services company. Founded in 1852 and headquartered in San Francisco, Wells Fargo provides banking, insurance, investments, mortgage, and consumer and commercial finance through our many locations, ATMs, the internet (wellsfargo.com) and mobile banking. To learn more, Wells Fargo perspectives are also available at Wells Fargo Blogs and Wells Fargo Stories.

*Open to any location in the Wells Fargo footprint

Required Qualifications

  • 6+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or 6+ years of IT systems security, business process management or financial services industry experience, of which 3+ years must include direct experience in compliance, operational risk management, or a combination of both
  • 1+ year of risk management and mitigation experience
  • 3+ years of information security experience
  • 3+ years of information technology experience
  • 6+ years of risk and regulatory compliance experience

Desired Qualifications

  • Advanced Microsoft Office skills
  • Excellent verbal, written, and interpersonal communication skills
  • Strong analytical skills with high attention to detail and accuracy
  • Ability to interact with all levels of an organization
  • 1+ year of change management experience
  • Experience developing, implementing and monitoring a risk-based compliance program to assure compliance with federal, state, agency, legal and regulatory requirements or providing oversight to a compliance function
  • Experience reviewing testing strategies and methodologies; evaluating the adequacy and effectiveness of policies, procedures, processes, initiatives, products and internal controls; and identifying issues resulting from internal and/or external compliance examinations
  • Information Security Frameworks and standards (FFIEC, NIST, ISO) experience
  • Project management experience
  • Virtual leadership experience with ability to effectively drive results, provide feedback/direction, and manage and build relationships with leaders and team members in a geographically dispersed team environment
  • Ability to identify inefficiencies, opportunities to streamline business processes, and implement change
  • Ability to influence and build relationships with LOB stakeholders, technology CIO leadership, external service providers, and architecture teams
  • Certified Internal Auditor (CIA), Certified Information Systems Auditor, (CISA) Certification in Control Self-Assessment (CCSA), Certified Information Systems Security Professional, (CISSP) or other risk management discipline certification
  • Experience preparing security risk assessments for Wells Fargo business and 3rd party service providers
  • Meeting facilitation experience in leading discussions that result in consensus and commitment

Other Desired Qualifications
  • Experience working with internal audit and external regulators and/or experience as an auditor
  • Understanding of application security principles, models, and methodologies (e.g. Microsoft Secure SDLC, OpenSAMM, BSIMM, etc.)
  • Experience with application development (SDLC or Agile) and/or experience with application security


All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.



  • Information Technology
  • Financial Services
  • Management
  • Security / Protective Services
  • Business

Featured Jobs

Career News

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Operational Risk Consultant 4

Wells Fargo
Washington, DC

Share this job

Operational Risk Consultant 4

Wells Fargo
Washington, DC

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast