- Credit Risk
- Information Security
- Market Risk
- Operational Risk
- Risk Assessment
- Risk Management
Technology Relationship Manager - Enterprise Information Security
Location: Hong KongDepartment Overview
Enterprise Information Security (EIS) is part of Wells Fargo's Corporate Risk organization. Wells Fargo views information security as enabling lines of business to mitigate information security risk in accordance with our risk appetite. Through a framework that addresses policy, process, operations, people, and technology, EIS protects our infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. Our vision is to provide Wells Fargo with world-leading cyber security risk management.
Responsible for providing information security expertise and proactive risk-based solutions to aligned business and/or applicable teams that report to aligned Information Security Leader (ISL) so that information security risks are addressed in a timely manner.
- Works closely with the Regional Risk Officer teams to proactively identify needed security practices within the business.
- Provides technical understanding of existing and emerging information security risks.
- Assists with the monitoring, reporting and tracking of EIS programs within the business.
- Provides regional and business views to aligned Information Security Leaders (ISL).
- Evaluates the appropriateness of policy exceptions and risk acceptances.
- Assists the aligned ISL with providing strategic-level consultation to managers and stakeholders regarding long and short range information security risk/requirements.
- Recommends innovations that anticipate future directions of both the business, Information Technology and Information Security.
- Understand the regional local regulatory requirements and how these regulations impact Information Security risk within the region.
- Provide coverage / support for other regions in different time zones (i.e. US timezone).
- Coordinate vulnerability assessments and provide oversight in LOBs 3rd party IS assessments for the region.
- BS/BA degree or higher in science or technology
- 6+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both;
- Or 6+ years of IT systems security, business process management or financial services industry experience, of which 3+ years must include direct experience in compliance, operational risk management, or a combination of both
- 5+ years of information security experience
- 6+ years of Information Security Frameworks and standards (FFIEC, NIST, ISO) experience
- Strong analytical skills with high attention to detail and accuracy
- Ability to interact with all levels of an organization
- Ability to influence and build relationships with LOB stakeholders, technology CIO leadership, external service providers, and architecture teams
- Knowledge and understanding of information security risk assessment procedures, risk mitigation or remediation
- Ability to articulate issues, risks, and proposed solutions to various levels of staff and management
- Virtual leadership experience with ability to effectively drive results, provide feedback/direction, and manage and build relationships with leaders and team members in a geographically dispersed team environment
- Ability to travel up to 30% of the time
Team members support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.
|Career Level||Senior (6-10 years)|