Charles Schwab Managing Director, Risk Oversight in Phoenix, Arizona
Phoenix - AZ, PHX4701A, 4701 E Francisco Dr, 85044-5365
We believe that , when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.
As a company, we were established by Chuck at http://www.aboutschwab.com/about/leadership/charles_schwab over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.
In Corporate Risk Management (CRM), we provide an integrated risk management strategy that supports the delivery of predictable financial and operational performance in order to produce successful client and shareholder outcomes. We are organized around six primary functions: Bank Risk, Enterprise Risk, Information Security Risk Management, Market and Investment Risk, Model Risk and Operational Risk. Within each of these areas, we develop a framework for how much risk we are willing to accept as a firm and establish processes for identifying, evaluating, measuring, monitoring and reporting against that framework. In Information Security Risk Management, we support that framework across information and technology to protect client assets, client information and firm assets.
What you’ll do:
The Managing Director, Risk Oversight, as a 2 nd Line of Defense function, is responsible for evaluating information security needs on active and emerging initiatives, conducting oversight as the progress and, as needed, conducting ad-hoc risk assessments through its lifecycle. These activities will leverage your partnership with the 1 st Line of Defense to assess ongoing adherence to security requirements, regulatory guidance and the approved risk framework.
Assessing initiatives to identify information security risks to provide insights and guidance to the business and technology teams that result in an enhanced security posture.
Defining risk-centric policies, standards, and guidelines for information security risk management disciplines.
Partnering with technology and business teams to assure policy compliance is communicated and requirements are understood.
Conducting oversight, collaborating with business and development teams to document security requirements, assess application/infrastructure design and architecture for compliance across the published risk framework, policies and security standards.
Developing, maintaining and evolving KRI’s that monitor operations are within risk appetite.
Principle Duties and Responsibilities
Provide Effective Challenge & Oversight
Conduct enterprise-wide and channel-specific oversight for business unit risk management requirements.
Develop and articulate strategies that continuously monitor and improve Schwab’s information security risk management.
Challenge 1 st Line of Defense roadmaps, project plans and implementations to effectively meet the evolving risk landscape.
Collaborate with business and technology teams to create and maintain platform-focused risk management policies, standards and guidelines reflecting the firm’s risk appetite and industry best practices that reflect the requirements of the risk framework and a robust control portfolio.
Provide credible Risk Assessments and Independent Reporting
Analyze the linkage of controls across the risk framework, business unit controls and implementation to identify deficiencies and gaps.
Proactively partner with stakeholders in the 1 st line of defense to assure risk management requirements are integrated throughout the project lifecycle.
Conduct oversight on policies/standards, identified vulnerabilities and remediation activities. Provide reporting to business, technology and risk management leaders. Support delivery teams to keep mitigation plans on track for timely delivery.
Work with internal auditors and regulators to articulate the risk oversight process, execution progress, and how cybersecurity risks are managed at Schwab.
Build and Maintain Relationships
Align with senior stakeholders regarding information security risks to the business units.
Successful partnership with the 1 st Line of Defense organizations will be critical to the success of this role, as well as effective relationship with peers, audit, and regulatory staff.
Partner with risk, business and technology leaders to identify key issues, trade-offs and impacts to planned investments and projects.
Serve as the trusted advisor to the business on risk management matters.
Work closely with technology and business teams to establish acceptable risk thresholds and perform assessments against the firm’s established risk appetite and approved thresholds.
What you have:
Bachelor’s degree plus CISSP, CISM, or equivalent certification is preferred
5+ years’ experience in the Information Security field
Direct experience working within Threat Management, Application Security, Development or Risk Management required
Experience with authoring, maintaining, and implementing IS Policies and Standards
Experience working with ISO/NIST frameworks
Understanding of applicable regulatory requirements/laws such as PCI, FFIEC, GLBA, SOX, etc.
Ability to effectively communicate with technical and executive audiences; both oral and written is required
Experience interfacing with auditors in support of audits and external regulatory exam processes is required
Experience in gathering requirements, documenting and assessing information for implementing information security policies and standards is required
Strong interpersonal, analytical, problem-solving, influencing, prioritization, decision-making and conflict resolution skills
Strong initiative; self-starter; self-directed; ability to multi-task
Experience in project planning, meeting facilitation for multiple groups and projects is preferred
What you’ll get:
Comprehensive Compensation and Benefits package
Financial Health: 401k Match, Employee Stock Purchase Plan, Employee Discounts, Personalized advice, Brokerage discounts
Work/Life Balance: Sabbatical, Paid Parental Leave, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer, Employee Matching Gifts Program
Everyday Wellness: Health and Lifestyle Wellness Rewards, Onsite Fitness Classes, Healthy Food Choices, Wellness Champions
Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships
Not just a job, but a career, with an opportunity to do the best work of your life
Learn more about Life@Schwab at http://www.aboutschwab.com/careers/lifeatschwab/" .
Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law. Schwab also does not discriminate against applicants or employees because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. At Schwab, we believe that every employee, through their diverse abilities and experiences, can contribute to our growth, innovation and client loyalty. We embrace diversity and are committed to providing equal opportunity to all employees and applicants. If you have a disability, and require reasonable accommodations in the application process, call Human Resources at 800-725-3535. We will be happy to assist you. Schwab will only share your accommodation request with those individuals who have a specific need to know. The request for an accommodation will not affect Schwab's hiring decisions. All other submissions should be performed online.
Relocation Offered?: No
Work Schedule: Days
Languages: English - spoken
Current Licenses / Certifications: Certified Information Systems Auditor - CISA, Certified Information Systems Security Professional - CISSP
Relevant Work Experience: Risk Analysis
Position Located In: TX - Westlake
Job Type: Full Time
Activation Date: Friday, November 9, 2018
Expiration Date: Tuesday, December 11, 2018