Your opportunity
At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.
The Cyber Assessments and Resilience Team is a first line of defense team positioned within the Schwab Cybersecurity Services vertical, aligned to ensure that services and applications within the Schwab Portfolio are assessed from a technology risk, cybersecurity risk, and cyber resilience perspective.
In this role, you will be a key player in the Cyber Resilience and 3rd Party Cyber Risk Management activities. You will conduct cybersecurity and technology risk assessments on third-parties that Schwab business relies on to deliver exceptional and secure services to our clients. You will partner with stakeholders to ensure that recovery plan documentation is in place for both internal and 3rd party use cases. You will quantify risk in alignment with Schwab’s Enterprise and Operational Risk Management 2nd line of defense. You will engage directly with third-parties, contract owners, and internal stakeholders to identify methods of mitigating risks associated with both the use of third-parties and the potential for cyber events including ransomware, DDOS attacks, and other attack and recovery scenarios.
What you’ll do
- Execute cyber focused risk assessments of third parties
- Evaluate the resilience footprint of critical technologies both internal and external to establish areas where recovery plan documentation is needed
- Partner with key stakeholders to ensure that recovery plan documentation, cyber vaulting requirements, and tabletop exercise requirements are well identified and documented
- Document gaps identified in assessments using the Schwab Enterprise Risk Management framework
- Provide consultative support and collaboration with business partners and third-party management stakeholders to identify enhancement opportunities to strengthen cybersecurity and resilience processes and controls
- Execute ad-hoc projects as needed
- Develop and maintain good working relationships with colleagues in other technology and risk and control functions at the firm, including Corporate Vendor Management, Technology Risk Management, Corporate Risk Management, Infrastructure & Operations, CORE Technologies, and others.
What you have
Required Qualifications
- 3-5 years’ experience in third-party cybersecurity, risk assessments, operational risk management, and/or cyber resilience
- Experience with contractual terms and conditions and the contractual impact assessments can have
- 3-5 years’ direct experience performing risk assessments independently
- 3-5 years’ direct experience developing cyber recovery plans
- Experience as a subject matter expert in third-party risk management, internal controls, financial/banking regulations, risk assessments, and mitigation strategies
- Four year degree from an accredited university with a technology or security specialization
Preferred Qualifications
- One of more of the following certifications is preferred: CISM, CISSP, CCSP, CRISC, CISA, or other standard industry certifications
- Ability to manage multiple tasks across many workstreams while prioritizing the most impactful work without constant direction
- Ability to adjust focus quickly in a fast-paced, heavy workload environment
- Experience with one or more of the following tools: ProcessUnity, Ariba Risk, Recorded Future, Risk Recon, OpenPages, Fusion Risk Management
In addition to the salary range, this role is also eligible for bonus or incentive opportunities.
What’s in it for you
At Schwab, we’re committed to empowering our employees’ personal and professional success. Our purpose-driven, supportive culture, and focus on your development means you’ll get the tools you need to make a positive difference in the finance industry. Our Hybrid Work and Flexibility approach balances our ongoing commitment to workplace flexibility, serving our clients, and our strong belief in the value of being together in person on a regular basis.
We offer a competitive benefits package that takes care of the whole you – both today and in the future:
- 401(k) with company match and Employee stock purchase plan
- Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
- Paid parental leave and family building benefits
- Tuition reimbursement
- Health, dental, and vision insurance
