IT Job Pro

Most Popular Tech Job site – Find Jobs || Post Jobs

Operationl Risk Consultant 4 – PCI Technical Risk Consultant

Des Moines, IA Wells Fargo

Job Description

At Wells Fargo, we have one goal: to satisfy our customers’ financial needs and help them achieve their dreams. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience. 


Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you. 


Corporate Risk helps all Wells Fargo businesses identify and manage risk. We focus on three key risk areas: credit risk, operational risk and market risk. We help our management and Board of Directors identify and monitor risks that may affect multiple lines of business, and take appropriate action when business activities exceed the risk tolerance of the company.

Our goal is to attract, develop, retain and motivate the most talented people – those who care and who work together as partners across business units and functions.  We value and promote diversity and inclusion in every aspect of our business and at every level of our organization.

At Wells Fargo, we invest in our people. Our diverse lines of business offer unique opportunities to expand your knowledge and advance your career.

This is an exciting opportunity to join a team and function committed to providing Wells Fargo with world-class technology risk management. The Operational Risk Group continues to build out a world-class technology risk management capability.

The Technology Risk Management Oversight organization is responsible for establishing the strategic direction and management of Wells Fargo’s enterprise technology risk management program, including developing, approving and maintaining the technology risk management framework.  This function will be responsible for maintaining a strong technology risk culture, formulating technology risk appetite and tolerances, and for establishing/maintaining a program to identify, assess, measure, monitor, control and report on significant enterprise technology risks.  Consistent with other programs overseen by Corporate Risk, the Technology Risk program provides second-line-of-defense oversight (SLOD) to ensure an independent, integrated, and holistic view of Wells Fargo technology risks.

As a team member, this position will be responsible for:

  • Developing practices, processes, templates, and reporting to provide independent PCI risk management oversight and participation in critical enterprise programs or projects with significant PCI risks.
  • Analyzing operational risk domain (e.g. information security, technology) requirements against the proposed solutions to determine risk levels, control weaknesses and to evaluate the risk of solutions not meeting requirements
  • Oversight of the integration of PCI requirements from the broader operational risk domains into existing information security and technology risk management processes (e.g. risk assessments, monitoring of controls)
  • Ensuring that critical information security programs and projects remain aligned to the PCI risk management strategy and functional framework
  • Working with information security stakeholders and other partners to ensure each has the tools, processes and expertise to effectively manage PCI risks
  • Reviewing mitigation/remediation plans and providing advice on mitigation effectiveness and alternative mitigation approaches
  •  Performing review of the work products produced across the information security functional groups/ risk domain according to program requirements and deadlines

Oversee Internal PCI Assessments:

  • Customized assessment of any apps, product, common controls, or controls not yet fully compliant
  •  Post-remediation assessment
  • Formal PCI Certification (ROC/AOC/SAQ) per Line of Business (LOB), CDE or enterprise area (may include product or app verification).
  • Internal validation of ROC/AOC/SAQ through random sampling to ensure completeness of assessments

Perform Quality Control throughout monitoring phase:

  • Monitor processes which review new applications and changes to existing technology configurations to ensure that processes are followed and enforced with required documentation. 
  •  Monitor systems and process testing including processes for new applications and technology changes to ensure gaps do not widen during remediation. 
  • Monitor remediation strategies and ensure cardholder data is protected. 
  • Review initiatives against stated objectives and requirements related to remediation.
  • Ensure authorization from relevant stakeholders who approve estimates of effort, time and cost required to remediate each gap.
  •  Partner with EIT on initiatives which drive for efficient, effective and consistent protection of confidential data
  • Capturing and escalating credible challenges

 Effectively collaborating with business partners in the first-line-of-defense (FLOD) and second line of defense (SLOD) in the establishment of new PCI risk management processes:

  •  Formal program to review & document apps and processes for their PCI readiness prior to production.
  •  Developing and maintaining strong working relationships with the line of business, operational risk and compliance peers
  • Development & Oversight of controls in the new product development process.
  •  Develop practices, processes, templates, and reporting to provide independent oversight and participation in critical enterprise programs or projects with significant PCI risks.

Required Qualifications

  • 6+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or 6+ years of IT systems security, business process management or financial services industry experience, of which 3+ years must include direct experience in compliance, operational risk management, or a combination of both

Desired Qualifications

  • Advanced Microsoft Office skills
  • Excellent verbal, written, and interpersonal communication skills
  • Strong analytical skills with high attention to detail and accuracy
  • Ability to interact with all levels of an organization

Other Desired Qualifications

•    2+ years of experience with PCI Payment Card Industry
•    Experience as Internal Security Assessor (ISA) or Qualified Security Assessor (QSA)  
•    Technical experience with complex multi-platform environment (e.g., cloud management, e-commerce, software development, etc.) 
•    Experience leading third party execution of PCI assessments. 
•    Experience in technology/information security-related guidance, frameworks and standards such as COBIT, NIST, FFIEC, ISO., etc) 
•    Excellent time management and organizational skills with the ability to engage in multiple initiatives/projects at once.
•    RSA Archer subject matter expert
•     Experience with financial services businesses, including applicable regulatory compliance requirements. 
•    Ability to create strategic messaging relevant to different audiences and business needs, and gain buy-in from business partners.
•    Proven experience quantifying and assessing risks, developing alternative solutions 
•    Experience in documentation and communication of risk and/or model issues in highly regulated marketplaces



All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

To apply for this job please visit the following URL: →