Head of APAC Technology Risk First Line of Defense
Wells Fargo Bank
February 6, 2018
About Wells Fargo: Wells Fargo & Company (NYSE: WFC) is a diversified, community-based financial services company with $2.0 trillion in assets. Founded in 1852 and headquartered in San Francisco, Wells Fargo provides banking, insurance, investments, mortgage, and consumer and commercial finance through more than 8,500 locations, 13,000 ATMs, the internet (wellsfargo.com) and mobile banking, and has offices in 42 countries and territories to support customers who conduct business in the global economy. With approximately 273,000 team members, Wells Fargo serves one in three households in the United States. Wells Fargo & Company was ranked No. 25 on Fortune's 2017 rankings of America's largest corporations. Wells Fargo's vision is to satisfy our customers' financial needs and help them succeed financially. News, insights and perspectives from Wells Fargo are also available at Wells Fargo Stories.
This role will have accountability for providing technology risk management as the Head of APAC Technology First Line of Defense ("FLOD"). The environment continues to be one of heightened standards, raised risk consciousness and regulatory requirements. The model through which team members deliver risk programs and oversight is evolving. This role is created in alignment with the new comprehensive First Line of Defense risk structure for Enterprise Information Technology. As the first line of defense, this role assures real risk reduction within the APAC region, consistent with the Wells Fargo Vision & Values and risk appetite.
The APAC Head of Technology FLOD Risk Manager will lead the planning and execution of critical FLOD risk functions, in alignment with the Corporate Risk Model and EIT Risk Target Operating Model. Accountabilities of the APAC Head of Technology FLOD Risk Manager and team include:
Develop, implement and support a Technology Risk Framework in alignment with Wells Fargo Risk Management Framework
Develop, implement and support APAC regional technology risk strategic plan and roadmap
Document risk(s) within established and new line of business products/services and shared services IT processes/products/services
Evaluate risks and prioritize risks and remediation work
Identify & Assess:
Conduct and support risk assessments that evaluate the technology application/infrastructure environment and estimate the level and trends of inherent risk, determine the effectiveness of associated controls and the level and trends of residual risk
Be proactive identifying technology risks within APAC and across internal and external events
Control & Mitigate:
Design and implement effective and proactive action plans that appropriately mitigate risks in a sustainable manner and define Key Risk Indicators to track impact
Operate controls in an effective manner to mitigate risks and deliver IT value
Execute the related compliance process (e.g. Audits, CICATs, SOX) and IT Policy Management & Exceptions
Monitor & Report:
Monitor controls to identify gaps and prevent, correct, detect operational risk issues
Identify, measure, monitor, support and complete EIT risk management training, communication, and outreach programs
Integrate continuous improvement with metrics and monitoring
Support Virtuous Circle of risk management
Review and Verification:
Assuring strategic and foundational risk attributes are comprehensively included in pre, during and post analysis
Ongoing reviews to identify anomalies, exceptions and outliers that could lead to additional risk events
Verifying risk management standards, requirements and documented risk reduction attributes are applied
Provide oversight and governance for APAC technology audit interactions across EIT. Establish alignment with regional audit teams, EIT ORM Divisional teams and EIT Central Risk Audit coordination.
Manage the coordination of APAC technology audit activity, provide oversight and support preparation for upcoming exams, identify emerging issues and trends, work with regional audit services to establish on going interaction over the course of the audit lifecycle
Ensure issues identification and management response coordination handoffs are appropriately handled.
Provide oversight and governance for APAC regulatory engagements. Establish alignment with regional regulatory compliance teams, EIT central compliance team and second line of defense teams.
Manage the coordination of APAC technology regulatory activities, provide oversight and support for preparation of upcoming exams, identify emerging issues and trends, work with regional compliance teams to establish on going interaction over the course of the regulatory engagement.
Extensive experience in APAC regulatory management, compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or extensive experience of IT systems security, business process management or financial services industry experience, of which a high proportion must include direct experience in APAC regulatory management, compliance, operational risk management, or a combination of both
7+ years of management experience
Other Desired Qualifications:
Extensive experience leadership within APAC Technology Risk Management in a large financial services organization or service provider that implemented these services for financial services organizations
Extensive experience supporting APAC Regulatory Exams, Audits and other technology control related assessments
Strong and proven of management experience with risk control frameworks (NIST, FFEIC, COBIT, ITIL,COSO)
Certifications that support business or risk related knowledge/experience (FINRA, PMP, CRISC, CFE, CISSP, CIA, etc...)
Broad and significant knowledge of technology with emphasis in enterprise solutions provided for APAC regional subsidiary large U.S. financial institution and the associated challenges, risks and required controls inherent in a complex environment, including knowledge of SDLC, Vendor and third party, BCP, PMO, change management, problem and incident management, SOX/SOC, access management, asset management, configuration, compliance, information security, vulnerability, audit and others.
Exceptional leadership capability; leads by example, fosters trust and is aligned with the Banks vision and values Senior risk professional with proven "c" level communication skill set
Advanced Microsoft Office skills
Excellent verbal, written, and interpersonal communication skills
Strong analytical skills with high attention to detail and accuracy
Ability to articulate complex concepts in a clear and concise manner
Experience in multiple areas of APAC and U.S. based regulatory compliance, including risks and issues related to data privacy and general banking regulations of the OCC, FRB, CFPB, FINRA and other U.S. and APAC based regulations and laws.
Demonstrated "enabler" philosophical approach to risk management that "gets to yes" with real solutions that meet all stakeholder requirements
Proven prior experience in comprehensive risk ownership and accountability for the risk profile positioning
Track record of providing constructive challenge with appropriate issue escalation and offering solution
Strong ability and experience working with and collaborating with leaders and team members at all levels, across functional lines and between regional and U.S. based enterprise organizations.
Demonstrated experience in building, leading, developing and retaining a team of managers, strong technical experts and high performing professionals in geographically disbursed environments
Team members support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.