Senior Lead Business Resiliency Exercise Consultant

Job description

**About this role:**

Wells Fargo is seeking a seasoned and strategic exercise professional with a proven track record in designing, executing, and evaluating high-impact enterprise exercises.

This role emphasizes a comprehensive approach to operational resilience, with a focus on Cybersecurity, Enterprise Critical Service/Products, and Third-Party Provider (TPP) risk.

We are looking for an innovative exercise leader who can integrate business, technology, and operational requirements into enterprise-wide exercises that rigorously test and enhance critical capabilities, decision-making, response readiness, and recovery strategies.

This senior-level practitioner will be responsible for developing and executing a scalable, enterprise-aligned exercise framework that addresses systemic risks across cyber threats, critical business services, and third-party dependencies.

The role includes ownership of the end-to-end coordination and delivery of these exercises as part of the Enterprise Resiliency Exercise Office’s (EREO) broader mission to strengthen the organization’s resilience posture.

**In this role, you will:**

+ Lead the design and execution of enterprise-wide cyber and operational resilience exercises, ensuring alignment with the company’s strategic objectives.

This includes developing and facilitating cyber incident simulations, tabletop exercises, and cross-enterprise crisis scenarios that test critical technology platforms, enterprise-critical services/products, and decision-making under pressure.
+ Develop and implement a comprehensive exercise framework that integrates cybersecurity, enterprise-critical services/products, and third-party provider (TPP) risk domains to validate business continuity and operational resilience capabilities across the enterprise.
+ Own the end-to-end lifecycle of enterprise exercises, including design, development, facilitation, and evaluation, with a focus on high-impact scenarios that test systemic risk exposure and organizational readiness across cyber, enterprise-critical services/products, and third-party ecosystems.
+ Drive strategic planning and maturity roadmap development to continuously enhance the organization’s resilience posture, including the validation of continuity capabilities for services delivered by internal teams and external third parties, with a strong emphasis on cybersecurity and enterprise-critical operations.
+ Design and manage Master Scenario Event Lists (MSELs), injects, control elements, and evaluation criteria for operations-based exercises that simulate real-world disruptions across cyber, business, and third-party domains.
+ Facilitate cross-functional, discussion-based exercises involving key stakeholders such as Enterprise Business Resiliency Leadership, Resiliency Leads, Business Owners, Line of Business Relationship Managers, Supplier Management, and external service providers, with scenarios that span cyber threats, enterprise-critical services, and third-party dependencies.
+ Lead post-exercise analysis and debriefs, guiding participants in identifying gaps, vulnerabilities, and key findings, and translating these into actionable recommendations across cyber, enterprise-critical, and third-party domains.
+ Produce high-quality, executive-level facilitation guides, briefings, and supplemental materials using Microsoft Office tools (Word, PowerPoint, etc.)
+ Generate comprehensive After-Action Reports (AARs) that capture lessons learned, strategic insights, and prioritized recommendations to strengthen enterprise resilience across cybersecurity, critical services/products, and third-party operations.
+ Present findings and strategic recommendations to senior leadership, highlighting opportunities for investment and improvement across cyber, operational, and third-party domains.
+ Ensure timely delivery and quality of all exercise documentation and artifacts, meeting internal standards and regulatory expectations.
+ Lead follow-up workshops or targeted exercises to address critical findings and reinforce resilience capabilities across cyber, enterprise-critical services/products, and third-party providers.
+ Analyze exercise outcomes to identify enterprise-wide resilience risks, and proactively inform enhancements to cybersecurity, critical service, and TPP resilience strategies.
+ Serve as a trusted advisor to business and technology leaders, providing insights and recommendations that drive performance and resilience across the enterprise, with a focus on cyber, enterprise-critical, and third-party domains.
+ Support Risk and Control Self-Assessments (RCSAs) by identifying and evaluating risks and controls related to cyber, operational, and third-party resilience.
+ Respond to internal audits and regulatory inquiries related to enterprise exercises, ensuring transparency and compliance with resilience standards across cyber, enterprise-critical services/products, and third-party testing.
+ Lead the resolution of complex business execution challenges, delivering scalable, long-term solutions that enhance the effectiveness of the enterprise exercise program across all three domains.
+ Provide strategic direction and thought leadership in the development of a robust, cross-organizational exercise capability that spans internal operations, cybersecurity, enterprise-critical services/products, and third-party dependencies.
+ Facilitate decision-making and implementation of exercise strategies through regular engagement with cross-functional teams and leadership forums.
+ Engage with stakeholders across all levels of the organization, serving as a subject matter expert in enterprise resilience, cybersecurity preparedness, and third-party risk management.
+ Contribute to the development of a strategic scenario library, ensuring alignment with emerging threats, evolving business priorities, and regulatory expectations across cyber, enterprise-critical, and third-party domains.

**Required Qualifications:**

+ 7+ years of Business Execution, Implementation, or Strategic Planning experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education.

**Desired Qualifications:**

+ Advanced academic credentials with extensive experience leading enterprise-wide initiatives in **cybersecurity** , **business continuity** , and **resiliency** , especially in environments involving **third-party dependencies** and **enterprise-critical services/products** .
+ Proven leadership in the **financial services sector** , with deep expertise in managing **cybersecurity and business continuity exercises** that span internal functions and **third-party providers** supporting **enterprise-critical services/products** .
+ Demonstrated success in assessing and managing **risk and control frameworks** across complex ecosystems, including those involving **third-party relationships** , **enterprise-critical services/products** , and **cybersecurity vulnerabilities** .
+ Strategic change agent with a history of driving transformation across large organizations, aligning **cybersecurity and resiliency goals** with business priorities and **third-party risk landscapes** .
+ Extensive experience in designing and executing **large-scale exercises** that simulate disruptions to **enterprise-critical services/products** , incorporating **cybersecurity threats** and **third-party failure scenarios** .
+ Deep understanding of the **financial services industry** , including regulatory expectations and operational interdependencies with **third-party providers** and **critical service/product delivery** .
+ Demonstrable expertise in the **design, facilitation, and coordination** of complex exercises involving senior leaders across business functions and external **third-party stakeholders** , with a focus on **cybersecurity and operational continuity** of **enterprise-critical services/products** .
+ Exceptional communicator with the ability to tailor messaging for executive audiences, technical teams, and external stakeholders, especially in high-stakes scenarios involving **third-party risk** and **cybersecurity incidents** affecting **enterprise-critical services/products** .
+ Proven ability to operate effectively in fast-paced, dynamic environments, exercising independent judgment in developing methodologies and evaluation criteria for enterprise-wide impact.
+ Deep familiarity with industry-standard exercise methodologies, including **Homeland Security Exercise and Evaluation Program (HSEEP)** , **NIST SP 800-84** , and **FFIEC Business Continuity Management** , with practical application to **third-party and cybersecurity scenarios** involving **enterprise-critical services/products** .
+ Track record of building and scaling exercise programs that address high-priority threats and risks to **enterprise-critical services/products** , including those delivered by **third-party providers** and vulnerable to **cybersecurity threats** .
+ Experience in developing, implementing, and monitoring **exercise program controls and performance metrics** , ensuring alignment with enterprise risk appetite and regulatory requirements.

**Job Expectations:**

+ Candidate must be based out of Wells Fargo, Charlotte, Brigham Building location (Ballantyne).

and will be required to work in the office location (Charlotte), as per organization’s In Office Adherence / Return to Office (RTO) at a minimum of 3 days per week.
+ Ability to work weekends supporting an exercise, if needed.
+ Deliver high quality, strategic work in accordance with aggressive timelines.
+ Demonstrate and support processes and controls that govern our work.
+ Build trust and rapport with colleagues across all levels of the organization.
+ Be an effective advocate for your team.
+ Team player who is great at execution, proactively collaborates across the organization, and possesses strong influencing skills.
+ The individual is agile, proficient in navigating complex organizations.

The exercise practitioner should have experience across the following key exercise disciplines:

· **Business Continuity Planning Methodologies** : Business Impact Analysis (BIA), Risk Assessment, and Recovery Strategy Development.

· **Cyber Security:** Advanced knowledge and insights of cyber security fundamentals and industry guidance.

Technical cyber exercise design, development, and execution.

· **Operational Resilience:** Experience with and vast knowledge of Bank of England’s 2019 Discussion Paper that refers to the ability of a firm to prevent, adapt to, respond to, recovery from, and learn from operational resilience, including Scenario Analysis testing and execution.

· **Communications:** Proven technical and business writer that can create exercise materials and content, such as an After-Action Report, which is in strict compliance with regulatory standards.

Strong verbal communication skills with the ability to effectively covey ideas, build rapport with enterprise stakeholders, and synthesize complex information into easily digestible formats for exercise participant consumption.

· **TPP Service Provider (TPP) Exercises:** Experience designing, executing, and evaluating TPSP exercises as a component of enterprise critical services/products focused exercises.

Experience should include TPSP engagement and inclusion of the TPSP in exercises.

· **Exercise Scenario Development:** Proficiency crafting realistic scenarios that simulate disruptions to enterprise business products, considering both internal and external threats.

· **Exercise Documentation:** Ability to create comprehensive exercise documentation, including exercise plans, participant orientation, injects, AARs and executive level briefings.

· **Functional Exercises:** Capability to organize and execute functional exercises that simulate the activation of business continuity plans and recovery procedures in a controlled environment.

· **Tabletop Exercises:** Experience in conducting tabletop exercises, which involve discussion-based scenarios to assess preparedness and decision-making capabilities.

· **Post-Exercise Evaluation:** Expertise in conducting thorough post-exercise evaluations, including gathering feedback, analyzing performance, and identifying lessons learned to inform future improvements.

· **Regulatory Compliance:** Knowledge of relevant regulatory requirements and industry standards governing business continuity planning and exercise requirements, such as FFIEC, DHS HSEEP, NIST, etc.

A thorough understanding of financial institution’s laws, rules, and regulations.

· **Cross-Functional Collaboration:** Experience in collaborating with cross-functional teams, including IT, operations, risk management, and compliance, to ensure holistic exercise planning and execution.

· **Professional Certification:** DRII Certified Business Continuity Professional or Department of Homeland Security Exercise and Evaluation Program Master Exercise Practitioner or related certifications aligned with exercises, project management, or communications.

**CBCI or CBCP industry certification** from The BCI, UK or DRII, USA.

**Posting End Date:**

24 Oct 2025
**_*Job posting may come down early due to volume of applicants._**

**We Value Equal Opportunity**

Wells Fargo is an equal opportunity employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company.

They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions.

There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities.

Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.

**Applicants with Disabilities**

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo (https://www.wellsfargojobs.com/en/diversity/disability-inclusion/) .

**Drug and Alcohol Policy**

Wells Fargo maintains a drug free workplace.

Please see our Drug and Alcohol Policy (https://www.wellsfargojobs.com/en/wells-fargo-drug-and-alcohol-policy) to learn more.

**Wells Fargo Recruitment and Hiring Requirements:**

a.

Third-Party recordings are prohibited unless authorized by Wells Fargo.

b.

Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.

**Req Number:** R-498698

Required Skill Profession

Other General