Head of APAC Technology Risk First Line of Defense
- Hong Kong Hong Kong Hong Kong HK
- Permanent, Full time
- Wells Fargo Bank
- 03 Aug 18 2018-08-03
Exciting opportunity to join Wells Fargo in a Regional Leadership role
Wells Fargo & Company (NYSE: WFC) is a diversified, community-based financial services company with $1.9 trillion in assets. Founded in 1852 and headquartered in San Francisco. Wells Fargo has approximately 286,000 team members in more than 35 countries and territories who support customers to conduct business in the global economy.
With more than 1,500 team members in APAC, Wells Fargo is continuously looking for opportunities to expand across the region. We serve middle market companies, large corporations and financial institutions, and capabilities include trade finance, FX, financing, capital raising & advisory and asset management. Our regional presence grew following the acquisition of GE Capital’s Commercial Distribution Finance platform in 2016.
This role will have accountability for providing technology risk management as the Head of APAC Technology First Line of Defense (“FLOD”). The environment continues to be one of heightened standards, raised risk consciousness and regulatory requirements. The model through which team members deliver risk programs and oversight is evolving. This role is created in alignment with the new comprehensive First Line of Defense risk structure for Enterprise Information Technology. As the first line of defense, this role assures real risk reduction within the APAC region, consistent with the Wells Fargo Vision & Values and risk appetite.
The APAC Head of Technology FLOD Risk Manager will lead the planning and execution of critical FLOD risk functions, in alignment with the Corporate Risk Model and EIT Risk Target Operating Model. Accountabilities of the APAC Head of Technology FLOD Risk Manager and team include:
- Develop, implement and support a Technology Risk Framework in alignment with Wells Fargo Risk Management Framework
- Develop, implement and support APAC regional technology risk strategic plan and roadmap
- Document risk(s) within established and new line of business products/services and shared services IT processes/products/services
- Evaluate risks and prioritize risks and remediation work
Identify & Assess:
- Conduct and support risk assessments that evaluate the technology application/infrastructure environment and estimate the level and trends of inherent risk, determine the effectiveness of associated controls and the level and trends of residual risk
- Be proactive identifying technology risks within APAC and across internal and external events
Control & Mitigate:
- Design and implement effective and proactive action plans that appropriately mitigate risks in a sustainable manner and define Key Risk Indicators to track impact
- Operate controls in an effective manner to mitigate risks and deliver IT value
- Execute the related compliance process (e.g. Audits, CICATs, SOX) and IT Policy Management & Exceptions
Monitor & Report:
- Monitor controls to identify gaps and prevent, correct, detect operational risk issues
- Identify, measure, monitor, support and complete EIT risk management training, communication, and outreach programs
- Integrate continuous improvement with metrics and monitoring
- Support Virtuous Circle of risk management
Review and Verification:
- Assuring strategic and foundational risk attributes are comprehensively included in pre, during and post analysis
- Ongoing reviews to identify anomalies, exceptions and outliers that could lead to additional risk events
- Verifying risk management standards, requirements and documented risk reduction attributes are applied
- Provide oversight and governance for APAC technology audit interactions across EIT. Establish alignment with regional audit teams, EIT ORM Divisional teams and EIT Central Risk Audit coordination.
- Manage the coordination of APAC technology audit activity, provide oversight and support preparation for upcoming exams, identify emerging issues and trends, work with regional audit services to establish on going interaction over the course of the audit lifecycle
- Ensure issues identification and management response coordination handoffs are appropriately handled.
- Provide oversight and governance for APAC regulatory engagements. Establish alignment with regional regulatory compliance teams, EIT central compliance team and second line of defense teams.
- Manage the coordination of APAC technology regulatory activities, provide oversight and support for preparation of upcoming exams, identify emerging issues and trends, work with regional compliance teams to establish on going interaction over the course of the regulatory engagement.
- Extensive experience in APAC regulatory management, compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or extensive experience of IT systems security, business process management or financial services industry experience, of which a high proportion must include direct experience in APAC regulatory management, compliance, operational risk management, or a combination of both
- 7+ years of management experience
Other Desired Qualifications:
- Extensive experience leadership within APAC Technology Risk Management in a large financial services organization or service provider that implemented these services for financial services organizations
- Extensive experience supporting APAC Regulatory Exams, Audits and other technology control related assessments
- Strong and proven of management experience with risk control frameworks (NIST, FFEIC, COBIT, ITIL,COSO)
- Certifications that support business or risk related knowledge/experience (FINRA, PMP, CRISC, CFE, CISSP, CIA, etc...)
- Broad and significant knowledge of technology with emphasis in enterprise solutions provided for APAC regional subsidiary large U.S. financial institution and the associated challenges, risks and required controls inherent in a complex environment, including knowledge of SDLC, Vendor and third party, BCP, PMO, change management, problem and incident management, SOX/SOC, access management, asset management, configuration, compliance, information security, vulnerability, audit and others.
- Exceptional leadership capability; leads by example, fosters trust and is aligned with the Banks vision and values Senior risk professional with proven “c” level communication skill set
- Advanced Microsoft Office skills
- Excellent verbal, written, and interpersonal communication skills
- Strong analytical skills with high attention to detail and accuracy
- Ability to articulate complex concepts in a clear and concise manner
- Experience in multiple areas of APAC and U.S. based regulatory compliance, including risks and issues related to data privacy and general banking regulations of the OCC, FRB, CFPB, FINRA and other U.S. and APAC based regulations and laws.
- Demonstrated “enabler” philosophical approach to risk management that “gets to yes” with real solutions that meet all stakeholder requirements
- Proven prior experience in comprehensive risk ownership and accountability for the risk profile positioning
- Track record of providing constructive challenge with appropriate issue escalation and offering solution
- Strong ability and experience working with and collaborating with leaders and team members at all levels, across functional lines and between regional and U.S. based enterprise organizations.
- Demonstrated experience in building, leading, developing and retaining a team of managers, strong technical experts and high performing professionals in geographically disbursed environments
Team members support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.