Operational Risk Officer- Information Security SWIFT Oversight

  • Full-Time
  • West Des Moines, IA
  • Wells Fargo
  • Posted 3 years ago – Accepting applications
Job Description
Job Description


Important Note:
During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume when submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as “Personal Cell” or “Cellular” in the contact information of your application.

At Wells Fargo, we are looking for talented people who will put our customers at the center of everything we do. We are seeking candidates who embrace diversity, equity and inclusion in a workplace where everyone feels valued and inspired.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

As the company's second line of defense, Corporate Risk — or Independent Risk Management — provides independent oversight of risk-taking activities. Independent Risk Management establishes and maintains Wells Fargo's risk management program and provides oversight, including challenges to and independent assessment of, the frontline's execution of its risk management responsibilities. We manage risk according to the Risk Management Framework and ensure all employees understand their individual accountability for managing risk. Corporate Risk roles depend on a variety of skills, including: Data analysis and synthesis, root cause analysis, change management, process management & execution, risk governance, risk strategy, risk identification & assessment, risk prevention, controls & mitigation, risk monitoring, reporting & escalation, risk systems & technology.

This is an exciting opportunity to join a team committed to providing Wells Fargo with world-class operational risk management. The Operational Risk Group continues to build out a world-class operational risk management capability. We are seeking superior talent to join our information security risk management oversight function to oversee the SWIFT Customer Security Program.

Expert knowledge of SWIFT industry standard and broader expertise in information security risk across multiple lines of business. Understand and comply with expectations specified in Operational Risk programs, standards and/or policies. Participate, engage, and contribute to oversight activities, as applicable, in a timely, complete, and high-quality manner. Demonstrate reliable, timely, and consistent information security risk subject matter expertise and challenge to businesses and corporate functions. Evaluate SWIFT industry requirements and ensure firm demonstrates compliance. Analyze regulatory engagements for Information security Risk impacts. Review policy exception requests and determine to endorse or challenge. Assist in review of Risk Acceptances.

This role will have the accountability and responsibility delivering multiple complex Operational Risk governance functions. Specifically, this individual will be responsible for but not limited to:

  • Review SWIFT Customer Security Program (CSP) Controls Framework published yearly and identify changes impacting the information technology/information security environment.
  • Perform Independent Risk Management (Second Line) oversight of Front Line’s program effectiveness and control design and implementation for mandatory and advisory controls.
  • Establish and execute monthly monitoring routines and conduct periodic analyses on potential gaps and risk exposure at the program and control levels.
  • Conduct oversight of Front Line’s annual attestation by reviewing controls artifacts, follow-up for additional evidence, challenge gaps in design and implementation and track gaps to closure.
  • Collaborate with internal and external stakeholders in information security, technology, and lines of business including security architects, product and control owners and assessors.
  • Provide oversight on proposed remediation plans to close controls gaps identified by internal and external stakeholders.
  • Escalate information technology/security risks in a timely fashion to address risk treatment.

Required Qualifications


  • 7+ years of experience in risk management (includes compliance, financial crimes, operational risk, audit, legal, credit risk, market risk, IT systems security, business process management) or 7+ years of financial services industry experience, of which 5+ years must include direct experience in risk management


Desired Qualifications


  • Ability to meet stringent deadlines
  • Ability to prioritize work, meet deadlines, achieve goals, and work under pressure in a dynamic and complex environment
  • Strong analytical skills with high attention to detail and accuracy
  • Strong relationship management skills
  • Advanced Microsoft Office skills
  • Ability to execute in a fast paced, high demand, environment while balancing multiple priorities
  • Excellent verbal, written, and interpersonal communication skills


Other Desired Qualifications

  • One or more of the following certifications in Information Security and/or Risk Management:
  • Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certification in Control Self-Assessment (CCSA),
  • Certified Information Systems Security Professional (CISSP), PCI Qualified Security Assessor (QSA), Certified Information Security Manager (CISM), ISO 27001 Lead Auditor, System Administration, Networking, and Security Institute (SANS), Global Information Assurance Certification (GIAC), (Society for Worldwide Interbank Financial Telecommunication (SWIFT) or other risk management discipline certification.
  • Second-line of defense oversight experience with technology / information security risk
  • Demonstrated understanding of SWIFT standards and controls
  • Experience performing information security risk assessments
  • Experience supporting, administering or engineering SWIFT applications
  • Experience implementing and supporting SWIFT services
  • Experience providing oversight and governance to SWIFT activities
  • Experience conducting monitoring activities and reporting for technology and regulatory trends to determine business impacts
  • Experience developing and delivering comprehensive report/presentations to senior management, stakeholders, and risk and management committees
  • Experience executing information security oriented operational assessments against industry standards/guidance such as COBIT, ISO 27001, NIST SP 800-53, NIST Cybersecurity Framework, PCI DSS, and/or FFIEC, SWIFT
  • Cybersecurity incidents and events investigation experience

Job Expectations


  • Ability to travel up to 15% of the time

Apply to this Job