Head of APAC Technology First Line of Defense

  • Competitive
  • Hong Kong
  • Permanent, Full time
  • Wells Fargo Bank
  • 11 Feb 19

The role will lead the planning and execution of critical First Line of Defense risk functions, in alignment with the Corporate Risk Model and Enterprise Information Technology Risk Target Operating Model.

About Wells Fargo

Wells Fargo & Company (NYSE: WFC) is a diversified, community-based financial services company with $2.0 trillion in assets. Founded in 1852 and headquartered in San Francisco, Wells Fargo provides banking, insurance, investments, mortgage, and consumer and commercial finance through more than 8,500 locations, 13,000 ATMs, the internet (wellsfargo.com) and mobile banking, and has offices in 42 countries and territories to support customers who conduct business in the global economy. With approximately 273,000 team members, Wells Fargo serves one in three households in the United States. Wells Fargo & Company was ranked No. 25 on Fortune’s 2017 rankings of America’s largest corporations. Wells Fargo’s vision is to satisfy our customers’ financial needs and help them succeed financially. News, insights and perspectives from Wells Fargo are also available at Wells Fargo Stories.

The Enterprise Information Technology (EIT) team leads technology for one of the highest market cap financial services institutions in the world


  • Develop, implement and support a Technology Risk Framework
  • Develop, implement and support APAC regional technology risk strategic plan and roadmap
  • Document risk(s) within established and new line of business products/services
  • Evaluate and prioritize risks and remediation work

Identify & Assess:

  • Conduct and support risk assessments that evaluate the technology application/infrastructure environment and estimate the level and trends of inherent risk, determine the effectiveness of associated controls and the level and trends of residual risk
  • Identify technology risks within APAC and across internal and external events

Control & Mitigate:

  • Design and implement action plans that appropriately mitigate risks and define Key Risk Indicators to track impact
  • Operate controls to mitigate risks and deliver IT value
  • Execute the related compliance process (e.g. Audits, CICATs, SOX) and IT Policy Management & Exceptions

Monitor & Report:

  • Monitor controls to identify gaps and prevent, correct, detect operational risk issues
  • Identify, measure, monitor, support and complete EIT risk management training
  • Integrate continuous improvement with metrics and monitoring
  • Support Virtuous Circle of risk management

Review and Verification:

  • Assuring strategic and foundational risk attributes are included in pre, during and post analysis
  • Ongoing reviews to identify anomalies, exceptions and outliers that could lead to additional risk events
  • Verifying risk management standards, requirements and documented risk reduction attributes

Audit Interaction

  • Provide oversight and governance for APAC technology audit interactions across EIT 
  • Establish alignment with regional audit teams, EIT ORM Divisional teams and EIT Central Risk Audit coordination
  • Manage the coordination of APAC technology audit activity, provide oversight and support preparation for upcoming exams
  • Ensure issues identification and management response coordination handoffs are handled

Regulatory Management

  • Provide oversight and governance for APAC regulatory engagements Establish alignment with regional regulatory compliance, EIT central compliance and second line of defense teams.
  • Manage the coordination of APAC technology regulatory activities, provide oversight and support for preparation of upcoming exams, identify emerging issues and trends and work with regional compliance teams
  • Provide APAC regulatory subject matter expertise, guide regulatory engagement


  • Extensive experience in APAC regulatory management, compliance, operational risk management (includes audit, legal, credit risk, market risk, or the management of a process or business with accountability for compliance or operational risk), or a combination of both; or extensive experience of IT systems security, business process management or financial services industry experience, of which a high proportion must include direct experience in APAC regulatory management, compliance, operational risk management, or a combination of both
  • 7+ years of management experience

Desirable Qualifications

  • Extensive experience leadership within APAC Technology Risk Management in a large financial services organization or service provider that implemented these services for financial services organizations
  • Extensive experience supporting APAC Regulatory Exams, Audits and other technology control related assessments
  • Strong and proven of management experience with risk control frameworks (NIST, FFEIC, COBIT, ITIL, COSO)
  • Certifications that support business or risk related knowledge/experience (FINRA, PMP, CRISC, CFE, CISSP, CIA, etc...)
  • Broad and significant knowledge of technology with emphasis in enterprise solutions provided for APAC regional subsidiary large U.S. financial institution and the associated challenges, risks and required controls inherent in a complex environment, including knowledge of SDLC, Vendor and third party, BCP, PMO, change management, problem and incident management, SOX/SOC, access management, asset management, configuration, compliance, information security, vulnerability, audit and others.
  • Exceptional leadership capability; leads by example, fosters trust and is aligned with the Banks vision and values Senior risk professional with proven “c” level communication skill set
  • Ability to articulate complex concepts in a clear and concise manner
  • Experience in multiple areas of APAC and U.S. based regulatory compliance, including risks and issues related to data privacy and general banking regulations of the OCC, FRB, CFPB, FINRA and other U.S. and APAC based regulations and laws.
  • Proven ability and prior experience in generating a business value proposition and justification for risk consideration and input at new product & service inception
  • Demonstrated “enabler” philosophical approach to risk management that “gets to yes” with real solutions that meet all stakeholder requirements
  • Proven prior experience in comprehensive risk ownership and accountability for the risk profile positioning
  • Track record of providing constructive challenge with appropriate issue escalation and offering solution
  • Strong ability and experience working with and collaborating with leaders and team members at all levels, across functional lines and between regional and U.S. based enterprise organizations.
  • Demonstrated experience in building, leading, developing and retaining a team of managers, strong technical experts and high performing professionals in geographically disbursed environments