Charles Schwab Technical Director, Cyber Threat Risk Management in Lone Tree, Colorado
Lone Tree - CO, DENR2, 9800 Schwab Way, 80124
We believe that , when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.
As a company, we were established by Chuck at http://www.aboutschwab.com/about/leadership/charles_schwab over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.
In Corporate Risk Management (CRM), we provide an integrated risk management strategy that supports the delivery of predictable financial and operational performance in order to produce successful client and shareholder outcomes. We are organized around six primary functions: Bank Risk, Enterprise Risk, Information Security Risk Management, Market and Investment Risk, Model Risk and Operational Risk. Within each of these areas, we develop a framework for how much risk we are willing to accept as a firm and establish processes for identifying, evaluating, measuring, monitoring and reporting against that framework. In Information Security Risk Management (ISRM), we support that framework across information and technology to protect client assets, client information and firm assets.
Our ISRM’s Cyber Threat Risk Management team is seeking a seasoned Technical Director. In a second line of defense capacity, you will have responsibility for implementing and governing the firm’s Cybersecurity Framework. You will work in a cross-functional team in the creation and oversight of firm policies and strategic plans to enhance our capabilities in managing emerging threats from both internal and external sources. This is an individual contributor Director role.
What you’ll do:
Provide oversight of policy compliance across platforms, applications, products, and projects
Assess ongoing adherence to policies, security standards, and best practices by conducting recurring and ad-hoc risk assessments
Collaborate with technology and business teams to foster the adherence to security standards and best practices
Validate and enhance strategies to collect, monitor, identify and respond to threats and vulnerabilities within a defined risk-appetite
Communicate project strategies and deliverables to key stakeholders
Mature the firm’s risk-based monitoring approach that supports the threat management strategy across organizations
Collaborate with all levels of leadership within various Information Security groups and external business units
Provide knowledge of the security threat landscape relevant to web application development, patching, threat monitoring, and response technologies; stay abreast of emerging threats and risks
Apply previous metrics development experience to define and report against key security performance indicators
Addressing regulatory requests from applicable examiners and auditors
What you have:
5+ years’ experience in Information Security and Technology (including network, mainframe, and host security) with expertise in the areas of threat intelligence, incident management and response, and vulnerability management
5+ years’ experience in performing risk assessments, testing IT security requirements against systems, and quantifying risk to management
BS degree in related software development field (CIS, Computer Science, etc.)
Ability to demonstrate an in-depth knowledge of incident response program execution and best practices
Proven background in building effective processes to reduce risk
An understanding of information security measures both preventative and detective (e.g., authentication mechanisms, access control, firewalls, network segmentation, content filtering, whitelisting/blacklisting, intrusion detection systems, log correlation, data loss prevention, vulnerability management, etc.)
Experience with the implementation of information security best practices for key areas such as network controls, data confidentiality, and applications development
Demonstrated track record of collaborating with multiple stakeholders in a technological risk assessment program
Excellent communication skills and ability to articulate technical risk information across all levels of the organization
Experience in the evaluation of audit reports, network penetration test results, application security assessments, and regulatory exams to identify vulnerabilities and threats, assess risks, and determine remediation priorities
An understanding of information security frameworks, standards and industry documentation (e.g., ISO27002, NIST 800-53, COBIT, OWASP, SANS Top 20)
An understanding of relevant information security regulations (e.g., SOX, PCI, Financial regulations, HIPAA, GLBA, NACHA, Data Privacy)
CISSP, CISSP-ISSAP, SANS GIAC, or equivalent certifications
What you’ll get:
Comprehensive Compensation and Benefits package
Financial Health: 401k Match, Employee Stock Purchase Plan, Employee Discounts, Personalized advice, Brokerage discounts
Work/Life Balance: Sabbatical, Paid Parental Leave, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer, Employee Matching Gifts Program
Everyday Wellness: Health and Lifestyle Wellness Rewards, Onsite Fitness Classes, Healthy Food Choices, Wellness Champions
Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships
Not just a job, but a career, with an opportunity to do the best work of your life
Learn more about Life@Schwab at http://www.aboutschwab.com/careers/lifeatschwab/" .
Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law. Schwab also does not discriminate against applicants or employees because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. At Schwab, we believe that every employee, through their diverse abilities and experiences, can contribute to our growth, innovation and client loyalty. We embrace diversity and are committed to providing equal opportunity to all employees and applicants. If you have a disability, and require reasonable accommodations in the application process, call Human Resources at 800-725-3535. We will be happy to assist you. Schwab will only share your accommodation request with those individuals who have a specific need to know. The request for an accommodation will not affect Schwab's hiring decisions. All other submissions should be performed online.
Relocation Offered?: No
Work Schedule: Days
Languages: English - spoken
Current Licenses / Certifications: Certified Information Systems Security Professional - CISSP
Relevant Work Experience: IT-Change Management/Release Management-6+ yrs, Financial Services-6+ yrs, IT-Communications/Networking-6+ yrs, IT-Distributed and Web Development-6+ yrs, IT-Management/Technical Project Mgmt-6+ yrs, IT-Mainframe (Systems Prog/App Dev)-6+ yrs, Regulatory, Banking-6+ yrs, Risk Analysis, IT-Other Specialty Engineering-6+ yrs, Compliance
Position Located In: CO - Lone Tree
Job Type: Full Time
Activation Date: Thursday, May 17, 2018
Expiration Date: Sunday, July 1, 2018