Lead Technology Risk Officer - Application Domain, SDLC and Application Engineering

Wells Fargo & Company•Charlotte, NC

6d•$119,000 - $187,000•Hybrid

About The Position

The Application Risk Domain Officer operates within Technology Risk Management (TRM), part of Corporate Risk, providing independent second line oversight across application domains. The role is part of the Information Security and Application Risk Domain Team, which performs domain level evaluation and produces evidence based views of how application conditions contribute to enterprise risk exposure. The role engages with Technology, including Tech Operations, CIO organizations, to provide challenge and inform risk based decisions. Outputs from this role support enterprise risk views provided to senior management, risk committees, and regulators. The Application Risk Domain Officer (P4) serves as the second line oversight lead across assigned domains and is a deeply technical individual contributor who provides second-line risk oversight across modern software engineering environments and has responsibility across the application risk domain. This role focuses on secure SDLC execution, application delivery controls, engineering standards, and the technical risks that arise throughout design, development, testing, deployment, and change management activities. The individual in this role must be able to engage application engineering teams with confidence, identify control weaknesses in complex delivery environments, and translate technical observations into clear, actionable risk insights. The ideal candidate brings strong practitioner knowledge of application development and delivery processes, combined with experience in technology risk, controls, or related oversight functions.

Requirements

5+ years of Technology Risk experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education.

Nice To Haves

5+ years of experience spanning software engineering, DevSecOps, platform engineering, cloud engineering, application security, with direct experience in technology risk, technology controls, or second-line risk oversight in complex technological environments.
Strong knowledge of software development lifecycle practices, including requirements, design, coding, testing, deployment, release management, and production support.
Experience assessing or supporting controls related to application development, secure coding, change management, defect management, access control, release readiness, and production governance.
Ability to review technical documentation, system designs, development artifacts, and engineering evidence to identify potential control weaknesses and risk exposures.
Ability to work effectively with engineering and risk stakeholders in complex situations to support meaningful risk mitigation outcomes.
Practical understanding of how analytics and AI tools can support risk identification, analysis, visualization, and decision making in complex technology environments.
Experience performing risk assessments or oversight activities in application engineering or software delivery environments.
Strong analytical, problem-solving, and communication skills with the ability to translate technical details into clear recommendations and actions.
Background in software engineering, application development, application security, quality engineering, or DevSecOps.
Knowledge of AI-assisted development or analytics use cases relevant to software engineering and risk oversight.
Experience in financial services, highly regulated environments, or large enterprise technology organizations.
Knowledge of secure SDLC principles, common application security risks, software delivery controls, and risk or control frameworks relevant to application engineering.
Familiarity with development tools and platforms such as GitHub, GitLab, Jenkins, Azure DevOps, ticketing systems, test automation tools, or cloud-based engineering platforms.
Relevant certifications such as CISA, CRISC, CISSP, CSSLP, cloud certifications, or similar credentials.

Responsibilities

Provide second-line oversight and credible challenge across application engineering and SDLC practices, including requirements management, application design, secure coding, testing, deployment, change control, and defect remediation.
Assess application development processes and control implementations to identify key technology risks related to code quality, security, resiliency, release readiness, segregation of duties, and production change governance.
Review application architectures, development workflows, and engineering evidence to evaluate whether controls are appropriately designed and operating effectively within the software lifecycle.
Partner with application engineering, information security, architecture, and control teams to support consistent risk management practices across SDLC activities and engineering initiatives.
Analyze issues identified through assessments, incidents, control testing, or thematic reviews and convert technical findings into clear risk statements, remediation guidance, and prioritized actions.
Apply advanced analytics and AI tools to support risk assessments, trend analysis, and insight generation across SDLC and application engineering processes.
Identify recurring control gaps, process inefficiencies, and risk patterns in development and release practices, and recommend practical solutions that improve operational effectiveness.
Support the development of metrics, reporting, and visualizations that help stakeholders understand risk themes, control performance, and remediation progress.
Provide leadership in the defined domain of SDLC and application engineering risk by sharing expertise, helping refine standards, and contributing to broader technology risk initiatives.