In Schwab Cybersecurity Services (SCS), Office of CISO, we provide platforms, services, and security operations capabilities which enable the firm to produce successful client and shareholder outcomes securely and safely. Securing our IT assets, data, and access to applications is the core of who we are and what we do. We ensure only the appropriate entities have access to IT resources and that we adhere to best practices and standards to ensure a safe and compliant environment is maintained. We deliver and manage comprehensive Identity and Access Management (IAM) services in the areas of Provisioning/De-provisioning, Directory, Highly Privileged Accounts, Access Governance, Single Sign On, Analytics, API Management and certifications.
The IAM Program has an opening for a Senior Security Specialist to drive and oversee audit and regulatory compliance related activities, responding to internal and external audits, regulatory exams, and third party reviews, providing evidences, tracking findings and developing compliance and remediation solutions. The individual will work with the IAM teams to develop strategy and roadmap addressing regulatory and compliance requirements and findings. The Senior Security Specialist will partner with Information Security Risk Management (ISRM), Operational Risk Management (ORM), the Technology Risk & Controls (TRAC) Team and other control groups on the coordination of plan and resolution for findings.
What you’ll do:
Work with various Audit, Compliance and Assessment teams and programs to identify, assess and mitigate operational risks, evaluating the adequacy and effectiveness of the platform, standards, procedures, processes, and internal controls.
Oversee adherence to applicable Security Controls, Policies and Standards; partner with business owners and technology groups to synchronize plans to remediate gaps
Provide IAM leadership and oversight in supporting the execution of audit, risk, and control assessments.
Balance multiple concurrent audit and assessment projects and driving execution of those programs to mitigate risk and promote improvement of the risk and control environment.
Develop and maintain annual schedule and objectives by working with various audit, assessment and risk control teams.
Fulfill evidence requests, track findings and drive resolution and closure for findings.
Identify controls requiring enhancement and work collaboratively with IAM teams to develop roadmap and implement improvements in line with corporate standards, applicable regulations, and/or best practice frameworks.
Proactively identify controls requiring attention or strengthening and work collaboratively with other Schwab disciplines to implement improvements in line with corporate standards, applicable regulations, and/or best practice frameworks.
Coordinate with teams to develop and document achievable and sustainable action plans to remediate identified control weaknesses.
Provide risk and control management consulting services and subject matter expertise as a participant on Schwab improvement initiatives or in response to ad hoc requests.
Produce clear and concise risk and control reporting.
What you have:
Bachelor’s degree in Computer Science or a related field plus CISSP, CISM, or equivalent certification is preferred.
8+ years of relevant experience in the disciplines of information security, risk assessment activities, audit, and compliance.
Direct experience working with auditors in support of audits and external regulatory exam processes is required.
Experience working within IAM is required.
Technical capability to access multiple systems and gather evidence data to prove compliance is required.
Experience working with ISO/NIST frameworks.
Understanding of applicable regulatory requirements/laws such as PCI, FFIEC, GLBA, SOX, etc.
Working knowledge of the regulatory environment that financial institutions must operate within.
Ability to independently analyze and determine if a suite of controls will adequately reduce inherent risks to acceptable levels.
Ability to effectively communicate with technical and executive audiences, both oral and written is required.
Strong initiative; self-starter; self-directed; ability to multi-task.
Effectively working in cross-functional team environment.
Additional Salary Information: Outstanding benefits including paid sabbatical, 401K match and yearly bonus. Relocation expenses are negotiable.
Internal Number: 20180316-1851
About Charles Schwab
We believe that, when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.
As a company, we were established by Chuck over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.