Charles Schwab Technical Director, Cyber Threat Risk Management in Lone Tree, Colorado


Lone Tree - CO, DENR2, 9800 Schwab Way, 80124

Brian Parker


We believe that , when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.

As a company, we were established by Chuck at over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.

Our Opportunity:

In Corporate Risk Management (CRM), we provide an integrated risk management strategy that supports the delivery of predictable financial and operational performance in order to produce successful client and shareholder outcomes. We are organized around six primary functions: Bank Risk, Enterprise Risk, Information Security Risk Management, Market and Investment Risk, Model Risk and Operational Risk. Within each of these areas, we develop a framework for how much risk we are willing to accept as a firm and establish processes for identifying, evaluating, measuring, monitoring and reporting against that framework. In Information Security Risk Management (ISRM), we support that framework across information and technology to protect client assets, client information and firm assets.

Our ISRM’s Cyber Threat Risk Management team is seeking a seasoned Technical Director. In a second line of defense capacity, you will have responsibility for implementing and governing the firm’s Cybersecurity Framework. You will work in a cross-functional team in the creation and oversight of firm policies and strategic plans to enhance our capabilities in managing emerging threats from both internal and external sources. This is an individual contributor Director role.

What you’ll do:

  • Provide oversight of policy compliance across platforms, applications, products, and projects

  • Assess ongoing adherence to policies, security standards, and best practices by conducting recurring and ad-hoc risk assessments

  • Collaborate with technology and business teams to foster the adherence to security standards and best practices

  • Validate and enhance strategies to collect, monitor, identify and respond to threats and vulnerabilities within a defined risk-appetite

  • Communicate project strategies and deliverables to key stakeholders

  • Mature the firm’s risk-based monitoring approach that supports the threat management strategy across organizations

  • Collaborate with all levels of leadership within various Information Security groups and external business units

  • Provide knowledge of the security threat landscape relevant to web application development, patching, threat monitoring, and response technologies; stay abreast of emerging threats and risks

  • Apply previous metrics development experience to define and report against key security performance indicators

  • Addressing regulatory requests from applicable examiners and auditors

What you have:

  • 5+ years’ experience in Information Security and Technology (including network, mainframe, and host security) with expertise in the areas of threat intelligence, incident management and response, and vulnerability management

  • 5+ years’ experience in performing risk assessments, testing IT security requirements against systems, and quantifying risk to management

  • BS degree in related software development field (CIS, Computer Science, etc.)

  • Ability to demonstrate an in-depth knowledge of incident response program execution and best practices

  • Proven background in building effective processes to reduce risk

  • An understanding of information security measures both preventative and detective (e.g., authentication mechanisms, access control, firewalls, network segmentation, content filtering, whitelisting/blacklisting, intrusion detection systems, log correlation, data loss prevention, vulnerability management, etc.)

  • Experience with the implementation of information security best practices for key areas such as network controls, data confidentiality, and applications development

  • Demonstrated track record of collaborating with multiple stakeholders in a technological risk assessment program

  • Excellent communication skills and ability to articulate technical risk information across all levels of the organization

  • Experience in the evaluation of audit reports, network penetration test results, application security assessments, and regulatory exams to identify vulnerabilities and threats, assess risks, and determine remediation priorities

  • An understanding of information security frameworks, standards and industry documentation (e.g., ISO27002, NIST 800-53, COBIT, OWASP, SANS Top 20)

  • An understanding of relevant information security regulations (e.g., SOX, PCI, Financial regulations, HIPAA, GLBA, NACHA, Data Privacy)

  • CISSP, CISSP-ISSAP, SANS GIAC, or equivalent certifications

What you’ll get:

  • Comprehensive Compensation and Benefits package

  • Financial Health: 401k Match, Employee Stock Purchase Plan, Employee Discounts, Personalized advice, Brokerage discounts

  • Work/Life Balance: Sabbatical, Paid Parental Leave, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer, Employee Matching Gifts Program

  • Everyday Wellness: Health and Lifestyle Wellness Rewards, Onsite Fitness Classes, Healthy Food Choices, Wellness Champions

  • Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships

  • Not just a job, but a career, with an opportunity to do the best work of your life

Learn more about Life@Schwab at" .

Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law. Schwab also does not discriminate against applicants or employees because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. At Schwab, we believe that every employee, through their diverse abilities and experiences, can contribute to our growth, innovation and client loyalty. We embrace diversity and are committed to providing equal opportunity to all employees and applicants. If you have a disability, and require reasonable accommodations in the application process, call Human Resources at 800-725-3535. We will be happy to assist you. Schwab will only share your accommodation request with those individuals who have a specific need to know. The request for an accommodation will not affect Schwab's hiring decisions. All other submissions should be performed online.

Job Specifications

Relocation Offered?: No

Work Schedule: Days

Languages: English - spoken

Current Licenses / Certifications: Certified Information Systems Security Professional - CISSP

Relevant Work Experience: IT-Change Management/Release Management-6+ yrs, Financial Services-6+ yrs, IT-Communications/Networking-6+ yrs, IT-Distributed and Web Development-6+ yrs, IT-Management/Technical Project Mgmt-6+ yrs, IT-Mainframe (Systems Prog/App Dev)-6+ yrs, Regulatory, Banking-6+ yrs, Risk Analysis, IT-Other Specialty Engineering-6+ yrs, Compliance

Position Located In: CO - Lone Tree

Education: BA/BS

Job Type: Full Time

Category:Risk Management

Activation Date: Thursday, May 17, 2018

Expiration Date: Sunday, July 1, 2018

Apply Here