Operational Risk Consultant 3

Wells Fargo & Company (NYSE: WFC) is a diversified, community-based financial services company with $1.9 trillion in assets. Founded in 1852 and headquartered in San Francisco, Wells Fargo provides banking, insurance, investments, mortgage, and consumer and commercial finance through more than 8,600 locations, 13,000 ATMs, the internet (wellsfargo.com) and mobile banking, and has offices in 36 countries and territories to support customers who conduct business in the global economy.

The qualified individual will perform a variety of tasks to support the corporate Business Process Risk Management (BPRM) Assurance Program requirements, ranging from process identification and risk scoring to effectiveness testing and reporting.

The qualified individual will assist in the identification of processes performed by the business and the risk rating of those processes, provide support during process review meetings with business management, and develop and/or update process flowcharts and corresponding risk and control linkage tables. As part of this, the individual will proactively analyze the processes, risks and controls to identify potential enhancements, as well as identify existing assurance activities associated with the processes performed by the business. The individual will work closely with his/her supervisor, the operational risk manager and other members of the assurance team to incorporate this information into the development of an operational risk testing framework and schedule for all three businesses. This will include development of efficient and effective testing strategies and methodologies in accordance with policies and standards, including identifying and developing monitoring strategies by way of existing systems and reporting tools, and performing ongoing monitoring and assurance of key controls and processes by way of such tools – all of which can be used to develop metric reporting of key risk indicators (KRIs), key performance indicators (KPIs), and key control indicators (KCIs). Once the operational risk testing framework is developed, this position will be responsible for executing various assurance activities. Whether through detailed (transactional) testing, quality assurance reviews, periodic reviews, ongoing monitoring, etc. the individual will be responsible for evaluating the adequacy and effectiveness of key internal controls related to established operational risk processes; completing assessments of internal controls to identify and mitigate any operational risk that arises from inadequate or failed internal processes, people, systems or external events; and reporting operational control issues. To be successful in this role the candidate must be have the ability to effectively collaborate and communicate with business management and the operational risk officers (OROs) that support the businesses. While performing assurance duties the qualified individual should demonstrate professional skepticism, but also maintain a “no surprises” environment with business partners, peers, and other key stakeholders by fostering an environment of open communication. This individual must develop credibility with the business and influence business management with respect to operational risk management and controls; and present testing results in an objective/unbiased manner and write opinions reflecting relevant facts that lead to logical conclusions. Additional required skillsets include: scoping, identifying testing populations, selecting testing samples, executing test steps, interviewing team members, reviewing reports and other data that serve as, or support controls that mitigate operational risk(s), identifying exceptions/findings, making recommendations, effectively partnering and negotiating with business management in the development of corrective actions, documenting reviews in standardized work papers, and preparing final reports. These activities must be completed in accordance with internal and corporate policies and standards and timeframes.

**Required Qualifications** * 2+ years of experience in compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both * 2+ years of experience in one or a combination of the following: additional compliance, additional operational risk management, IT systems security, business process management or financial services industry experience; or a BS/BA degree or higher in business or a related field **Desired Qualifications** * Ability to work independently * Ability to interact with all levels of an organization * Excellent verbal, written, and interpersonal communication skills * Intermediate Microsoft Office skills * Strong analytical skills with high attention to detail and accuracy **Other Desired Qualifications** * 1+ years monitoring/testing experience (e.g. auditing, control testing, assurance/monitoring of operational controls) * Ability to develop flowcharts that depict internal business processes (i.e. proficiency with Visio) as well as develop corresponding risk/control linkage tables * A solid understanding of commercial lending and securities businesses (CBG, GIB and WFS) * Experience using internal risk platform/systems including RCSA, CRAS+ and CICAT * An understanding of the corporate Business Process Risk Management (BPRM) policy and procedures, Corporate Risk Management Programs (CRMPs) and Major Policy Requirements (MPRs) **Job Expectations** Ability to travel 25% or more of the time