Why Wells Fargo:

This is where your true career begins. We ranked #2 on the 2023 LinkedIn Top Companies list - and #1 among financial services companies - as the best workplace "to grow your career" in the U.S. At Wells Fargo, we support employees' career aspirations and growth. We're proud of our employee-welfare-centered business approach and our commitment to diversity, equity, and inclusion in the workplace.

We offer competitive salaries and one of the richest benefits packages in the industry. Our Total Rewards program focuses on wellness, work-life balance and the financial health of our employees. Our customers invest with us, we invest in you. Apply today.

About this role:

• Provide risk and control management expertise to a forward-thinking Cloud strategic vision and direction enabled by the Digital Infrastructure Strategy Program (DISP), collaborating closely with key Technology organization stakeholder to deliver upon action plans milestones (i.e., Chief Technology Office (CTO), Cloud Security, Cloud Governance, CIO application teams).
• Participate in and influence end-to-end key risk process development, control design and effectiveness evaluation, and establishing guiding principles and formal risk-based decision-making in support of Cloud transformation and risk management activities.
• Mature technology risk management strategy for Cloud based solutions, working closely with business, technology, and risk lines of defense to enable internal and external Cloud platform capabilities with required controls.
• Develop and present compelling views and conduct persuasive conversation focused on Cloud transformation and risk management activities based on Cloud strategy, with expertise in understanding business impacts of technology decisions as they relate to Cloud adoption and enablement, specifically risk management and security.
• Provide reviews on risk issue remediation plans and provides feedback on strategy, governance, measurable benefits, metrics, scope, and reasonability.
• Apply relevant risk/control/security domain and change knowledge/experience to ensure the timely and effective identification, assessment, and escalation of risks in a transparent manner.
• Assist with the implementation of corporate policies, risks and controls that are preventative in nature which can be either automated or manual and align with all risk lines of defense.
• Ensure adherence to supporting policies and standards by providing feedback, direction, and industry leading practices.
• Conduct and support risk assessments to evaluate the control environment and estimate the level and trending of inherent vs. residual risk posture by determining the effectiveness of associated controls.
• Monitor controls to identify gaps and prevent, correct, and detect operational risk issues
• Possess strong communications skills, demonstrate critical thinking capabilities, and the ability to convey complex information and ideas both simply and clearly; be able to effectively communicate and broker agreements amongst diverse, differing, competing, and/or conflicting perspectives/ priorities.
• Assist with the implementation of corporate policies, risks and controls that are preventative in nature which can be either automated or manual and align with all risk lines of defense.

• 5+ years of Risk Management or Control Management experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 4+ years of experience supporting an enterprise technology function (i.e., Infrastructure, Architecture, Software Engineering, or within a Technology Risk or Cybersecurity function with demonstrated knowledge of Technology systems, applications, infrastructure and emerging Technology and associated risks in a business environment.

• Certified in Risk & Information Systems (CRISC), Certified Internal Auditor (CIA), Certified Information Systems Auditor, (CISA) Certification in Control Self-Assessment (CCSA), Certified Information Systems Security Professional, (CISSP) or other risk management discipline certification.
• Microsoft Azure and/or Google Cloud Platform (GCP) certification a plus.
• Knowledge of Cloud service models and control requirements (i.e., Public Cloud & major Cloud Service Providers (CSP); Private Cloud (PaaS), Software as a Service (SaaS), Hybrid Cloud / Infrastructure as a Service (IaaS).
• Knowledge of Cloud deployment technologies (i.e., Kubernetes, Infrastructure as Code (IaC)).
• Demonstrated knowledge of Technology and Security risk framework - COBIT, FFIEC, NIST, ITIL, COSO, BASEL, and OCC Heightened Standards.
• Working knowledge of Cloud controls and third-party risk management frameworks, i.e., NIST AI RMF, MITRE Atlas, OWAP Top 10 for LLM, CSA CCM.
• Working knowledge of Infrastructure as a Service (IaaS) deployment technologies for Cloud.
• Working knowledge of Cloud services and tools, i.e., Services (SEDs), Security baselines, APIs, Policy implementation, i.e., Prisma, Terraform Sentinel, Google org policies.
• Working knowledge of Google Cloud platform service offerings, Generative AI use cases and associated control and hardening requirements of Gen AI services (e.g., Vector Search, Gecko Text Embedding, Gemini-pro API, Vertex AI Agent Builder, Document AI API, Vertex AI Model Garden, DialogFlow).
• Ability to document risks, security and technology control requirements in scope for Gen AI use cases, AI/ML Operational readiness, Resiliency, Data management, Secure SDLC (SSDLC), security controls (example: IAM), Model risks, Third party risks, Regulatory compliance, etc.
• Direct experience executing the Risk Control Self-Assessment (RCSA) for risk identification, risk assessment - inherent/residual, and control design.
• Direct experience with Issue Management Life Cycle and issue remediation.
• Track record of providing constructive challenge with appropriate escalation, root cause analysis and offering solution.
• Experience in assessing risk, writing issues, and developing appropriate corrective actions.
• Exposure to audit/regulatory exam requirements and experience managing technology risk remediation deliverables.
• Strong understanding of issue management, technology/risk reporting, KRI/KPI implementation, vulnerability monitoring and remediation.
• Excellent verbal, written, and interpersonal communication skills.

• This position is not eligible for Visa sponsorship.
• Ability to work on site per Wells Fargo's standard operating model in one of the listed locations (hybrid work schedule - 3 days on-site, 2 days remote).
• Ability to work additional hours as needed to meet deadlines.
• Ability to travel as needed.

• ISELIN, NJ
• CHARLOTTE, NC
• CHANDLER, AZ