Head of APAC Technology Risk Oversight & Compliance
Wells Fargo Bank
March 12, 2018
The Technology Risk Management Oversight organization is responsible for establishing the strategic direction and management of Wells Fargo's enterprise technology risk management program, including developing, approving and maintaining the technology risk management framework. The International Technology Risk Oversight & Compliance (ITROC) is TRMO's group leading the Second-Line of Defense technology risk management oversight in regions and locations outside of the United States.
ITROC's mission is to develop and advance an independent international technology risk management strategy, govern the associated program/s in regions to align with the corporate risk framework, and provide exceptional technology risk management oversight to the International Group Risk Officer (I-GRO) Team, the regions, and Enterprise Global Services (EGS). Our goal is to attract, develop, retain, and motivate the most talented people - those who care and who work together as partners across business units and functions. We value and promote diversity and inclusion in every aspect of our business and at every level of our organization. This function will be responsible for maintaining a strong technology risk culture, formulating technology risk appetite and tolerances that aligns to the enterprise's technology risk appetite, and for establishing/maintaining a program to identify, assess, measure, monitor, control and report on significant enterprise technology risks. Consistent with other programs overseen by Corporate Risk, the International Technology Risk program provides second-line-of-defense oversight (SLOD) to ensure an independent, integrated, and holistic view of Wells Fargo technology risks. Given the strategic importance of the international markets, the bank is building a robust team in the area of technology risk management globally. Accordingly, WFB is looking to hire an exceptionally accomplished individual to lead the International Technology Risk Management Oversight & Compliance for Asia Pacific, second-line of defense, focused in local jurisdictions, regulations, and compliance.
This role will have the accountability and responsibility for providing independent oversight and credible challenge of the first-line of defense technology risk-taking and risk management plans and decisions of the regional technology teams in the Asia Pacific region. Specifically, this individual will be responsible for:
Delivering and implementing the TRMO framework into the region and for embedding the understanding of IT risk in information technology,
Developing regional practices, processes, templates, and reporting to provide independent risk management oversight and participation in critical enterprise programs or projects with significant technology risks.
Analyzing regional business and technology requirements against the proposed solutions to determine technology risk levels, control weaknesses and to evaluate the risk of solutions not meeting requirements
Reviewing mitigation/remediation plans and providing advice on mitigation effectiveness and alternative mitigation approaches applicable locally to the region and in alignment with the enterprise framework
Attending regional steering committees and work groups to ensure appropriate technology risk management coverage
Issuing, capturing and escalating credible challenges
Producing management reporting as applicable
Integrating learnings and maturity opportunities across technology risk domains into existing technology risk management processes (e.g. risk assessments)
Effectively collaborating with regional business partners in the first-line-of-defense (FLOD) and second line of defense (SLOD) in the establishment of new risk management processes
Working with regional stakeholders to ensure each has the tools, processes and expertise to effectively manage technology risks
Developing and maintaining strong working relationships with the line of business, corporate regulatory, operational risk and compliance peers in region
Ensuring that regional critical programs and projects remain aligned to the enterprise technology risk management strategy and functional framework
Examples of strategic initiatives for which Technology Risk Management Oversight provides independent risk management coverage is SDLC, Third-Party Risk Management, BCP & Availability, Incident Management, and regulatory technology compliance. Key activities include review and credible challenge of technology solutions, risks/mitigation plans, project status reporting and technology risk domain artifacts used as part of the regulatory reporting process.
10+ years in compliance, operational risk, technology risk management, IT systems security, business process management or financial services, of which at least 6 years must include direct experience in technology, compliance or operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk).
International / Regional Experiences dealing with local rules, laws, and regulations
Other Desired Qualifications
Proven ability to work within a large and complex organization to build and nurture relationships with demonstrated proficiency to interface with multiple stakeholder groups
Proven ability to understand and interpret international and local regulations within regions and countries and aptitude to map them against Corporate policies, standards, and procedures; identifying gaps and providing recommendations for mitigating gaps.
Proven experience in formulating international policies, standards and procedures to meet minimum local regulatory compliance requirements.
Excellent influencing skills to effect changes within local and global leaders and business stakeholders to comply with Corporate minimum standards
Proven ability to cultivate relationships and collaborate with multiple stakeholders, including business leaders, legal, audit and multiple US and non-US regulators.
Team members support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.