Charles Schwab Managing Director, Cloud Risk Management in Phoenix, Arizona


Phoenix - AZ, PHX8040, 8040 South 48th Street, 85044

Brian Parker


We believe that , when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.

As a company, we were established by Chuck at over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.

Our Opportunity:

In Corporate Risk Management (CRM), we provide an integrated risk management strategy that supports the delivery of predictable financial and operational performance in order to produce successful client and shareholder outcomes. We are organized around six primary functions: Bank Risk, Enterprise Risk, Information Security Risk Management, Market and Investment Risk, Model Risk and Operational Risk. Within each of these areas, we develop a framework for how much risk we are willing to accept as a firm and establish processes for identifying, evaluating, measuring, monitoring and reporting against that framework. In Information Security Risk Management (ISRM), we support that framework across information and technology to protect client assets, client information and firm assets.

The Managing Director, Cloud Risk Management (CLRM) will provide oversight and risk leadership over a large and complex Cloud Risk Management program involving multiple cross-functional participants and leadership stakeholders. In this role you will manage a team responsible for the implementation and ongoing monitoring of Schwab’s Cloud Risk Management Policy, including proactively identifying, measuring, and assessing cloud risks, enforcement of standards, and development/enhancement cloud risk management capabilities. This role supports a strategic priority for Schwab by providing leadership and oversight of programmatic risk reduction activities, increasing security posture, and supporting growth of the firm’s Cloud Risk Management capabilities.

What you’ll do:

  • Manage the Cloud Risk Management team within ISRM, responsible for implementing governance and strategy, risk identification and assessments, and risk measurement and monitoring capabilities

Risk Governance & Strategy

  • Develop and implement risk-centric policies, standards, and limits related to cloud computing risks through collaboration and communication with cross-functional stakeholders

  • Partner with technology and business teams to assure policy compliance is communicated and the path forward is understood

  • Report on cloud risk management, including the communication and/or escalation of cloud risks, to cross-functional stakeholders, executive leadership members, and the appropriate Governance committees

  • Perform Independent evaluation, challenge and reporting on the effectiveness of risk reduction initiative implementations, ensuring they are achieving their stated goals

  • Develop and implement Cloud Risk Management strategy and maturity roadmaps to mitigate risk, through collaboration with Firm-wide cross-functional stakeholders

  • Implement system automation to effectively and efficiently perform cloud risk management activities

  • Partner to establish and oversee role-based cloud risk training and awareness practices

Risk Identification & Assessment

  • Independently identifies, evaluates, and reports on cloud risks faced by the Firm, the effectiveness of controls and risk mitigation strategies

  • Develops and implements the necessary processes, controls and tools to assure compliance with cloud risk policies and standards

  • Partners with existing Programs and functions (e.g. Privacy, Compliance, Operational Risk, Legal, Procurement, Technology, etc.) to incorporate cloud risk scenarios into risk identification and assessment methodology

  • Ensures integration of cloud risk identification and assessment methods into corporate-wide risk assessment tools, systems, and processes (e.g. RCSA)

  • Defines and maintains cloud-specific contract requirements, advise contract owners, and participate in cloud service provider contract negotiations with Legal, Technology, Procurement, and business partners

  • Work with first-line-defense technology partners to oversee risk mitigation and/or risk reduction activities including cutting-edge technology controls, administrative controls, and physical control implementations

  • Establish pre-production risk identification and control validation mechanisms to assure effectiveness of cloud control implementation prior to production launch/go-live

Risk Management & Monitoring

  • Develop cloud-relevant independent monitoring and due diligence framework to identify cloud risks, assess and evaluate cloud service provider controls, identify and evaluate material changes, and validate compliance with Schwab policy requirements and industry regulations

  • Partner with internal teams to define and implement enhancements to existing incident management oversight framework to account for cloud-relevant incident scenarios

  • Monitor, report, ensure appropriate escalations related to progress of cloud service provider control deficiency remediation activities

  • Develop framework to conduct the required independent oversight and validation to assure Schwab’s cloud applications, platforms, and service providers compliance with legal and regulatory requirements

  • Lead cross-functional retrospective reviews of cloud control deficiencies, and develop strategic risk reduction initiative business cases

  • Create and evolve cloud KPI/KRI’s measurements to monitor risks

  • Proactively partner with business and technology project teams to assure sustainable cloud risk mitigation and governance requirements are considered throughout the cloud deployment lifecycle

  • Conduct oversight and ongoing monitoring of Cloud Risk Management Policy and report on results to business, technology and risk management leaders

  • Work with internal auditors and regulators to articulate the cloud risk management framework, execution progress, and how these risks are managed at Schwab

Build and Maintain Relationships

  • Align with senior stakeholders regarding cloud related risks and issues to the Firm

  • Successful partnership with the 1st line of defense organizations will be critical to the success of this role, as well as effective relationship with peers, audit, and regulatory staff

  • Partner with risk, business and technology leaders to identify key issues, trade-offs and impacts to planned investments and projects

  • Serve as the trusted advisor to the business and technology partners on cloud risk management matters

  • Work closely with technology and business teams to establish acceptable risk thresholds and perform assessments against the firm’s established risk appetite and approved thresholds

What you have:

  • 15+ years’ experience in Technology, Information Security, Risk Management, Contracts, Procurement and / or Cloud Computing disciplines

  • Bachelor’s degree is required

  • Master’s degree in MIS or related discipline is highly preferred

  • Existing cloud, information security, &/or technology risk certifications (such as CCSK, CCSP, CISSP, CRISC, CISM, CISA) or willingness to obtain certifications within first year of hire, to support job responsibilities

  • Direct experience with the procurement of and/or contracting with technology service providers in cloud computing, application development, or infrastructure is required

  • Understanding of applicable legal and/or regulatory requirements/laws such as PCI, FFIEC, GLBA, SOX, etc.

  • Strong ability to effectively communicate with technical and executive audiences; both oral and written is required

  • Experience interfacing with auditors in support of audits and external regulatory exam processes is required

  • Strong interpersonal, analytical judgment, decision-making, functional and technical knowledge, business acumen, problem-solving, influencing, prioritization, and conflict resolution skills

  • Strong initiative; self-starter; self-directed; ability to multi-task

  • Experience in project planning, meeting facilitation for multiple groups and projects is preferred

What you’ll get:

  • Comprehensive Compensation and Benefits package

  • Financial Health: 401k Match, Employee Stock Purchase Plan, Employee Discounts, Personalized advice, Brokerage discounts

  • Work/Life Balance: Sabbatical, Paid Parental Leave, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer, Employee Matching Gifts Program

  • Everyday Wellness: Health and Lifestyle Wellness Rewards, Onsite Fitness Classes, Healthy Food Choices, Wellness Champions

  • Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships

  • Not just a job, but a career, with an opportunity to do the best work of your life

Learn more about Life@Schwab at" .

Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law. Schwab also does not discriminate against applicants or employees because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. At Schwab, we believe that every employee, through their diverse abilities and experiences, can contribute to our growth, innovation and client loyalty. We embrace diversity and are committed to providing equal opportunity to all employees and applicants. If you have a disability, and require reasonable accommodations in the application process, call Human Resources at 800-725-3535. We will be happy to assist you. Schwab will only share your accommodation request with those individuals who have a specific need to know. The request for an accommodation will not affect Schwab's hiring decisions. All other submissions should be performed online.

Job Specifications

Relocation Offered?: No

Work Schedule: Days

Languages: English - spoken

Current Licenses / Certifications: None

Relevant Work Experience: IT-System Administration-6+ yrs, IT-Communications/Networking-6+ yrs, Financial Services-6+ yrs, IT-Change Management/Release Management-6+ yrs, IT-Distributed and Web Development-6+ yrs, IT-Management/Technical Project Mgmt-6+ yrs, Regulatory, IT-Other Specialty Engineering-6+ yrs, Risk Analysis, Compliance

Position Located In: AZ - Phoenix

Education: BA/BS

Job Type: Full Time

Category:Risk Management

Activation Date: Sunday, May 13, 2018

Expiration Date: Saturday, June 16, 2018

Apply Here