We believe that, when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.
As a company, we were established by Chuck over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.
The Technical Director of Cloud Security will be a cloud security technical expert with deep knowledge of secure development practices, as well as knowledge of public/private/hybrid cloud infrastructures, security controls and implementation strategies – with a focus on identity, access, and authentication technologies and practices. This position will be a proven technical leader capable of driving unified securityarchitectures for the enterprise, and the adoption of well designed, architected and secure cloud environments. A Technical Director is a driven, self-starter individual contributor and team-player, reporting to the Managing Director of Security Design.
What you’ll do:
- Develop and sustain an enterprise-wide security model for technologies, with a focus on cloud that spans preventative and detective controls.
- Specifically, focus on the design and integration of identity, authentication and authorization technologies and principles within a hybrid cloud environment.
- Partner with Schwab Cybersecurity Services teammates to implement processes and technologies that reduce Cloud Security deficiencies, and help develop creative reporting mechanisms including metrics/key themes that communicate risk to business owners and leadership.
- Participate in development and implementation of security design & architecture principles and standards.
- Participate in the development and communication of Cloud Security & Development Standards and Training.
- Be highly visible in the development and infrastructure communities at Schwab.
- Build and sustain good working relationships with development and infrastructure teams, and involve them in the overall application and cloud Security Technology strategy.
- Work with and influence business contacts in regards to technology controls, risk mitigation techniques related to application and cloud security.
- Participate in defining secure application design practices, secure coding practices, and leveraging appropriate technology solutions, controls and practices as needed.
- Conduct research to identify new attack vectors facing applications and cloud services. Serve as a core team member of the Security Design team.
- Develop technical security requirements for the business, and see them through the development lifecycle. Collaborate with business contacts to ensure 3rd party applications comply with our standards, controls, policies and principles.
- Participate in driving data protection strategies and standards that support application and cloud security.
- Provide attentive security consulting including design, reviews and recommendations for various IT projects and initiatives.
- Develop processes that assist management in identifying and remediating application and cloud security issues.
- Demonstrate a commitment to integrity, process improvement, and customer satisfaction.
What you have:
- 7-10 years of experience in various security and technology domains
- Extensive experience in developing securityarchitecture solutions for financial environments is a major plus
- Subject matter expertise in identity, authentication and authorization principles
- Fluent in application security and development processes.
- Experience designing and developing distributed applications leveraging service-oriented architecture (SOA) principles is preferred.
- Technology Experience: Past experience with security lifecycle processes for software development is expected. Exposure to platforms such as Microsoft .NET, Java and the J2EE Environment, strong understanding of cryptographic algorithms and principles, PKI, strong understanding of networking fundamentals, addressing, tcp/ip, protocol and network analysis. Familiarity with common application protocols. Experienced level familiarity with http, https, SSL, and the proper implementation of each.
- Must have excellent verbal, written, and presentation communication skills, strong interpersonal skills and the ability to work effectively across project teams.
- Must demonstrate a keen understanding of security as a business enabler.
- CISSP or SANS - GIAC certification preferred, however consideration will be given to those that have certifications in technology platforms (Oracle, Microsoft, Redhat, etc.) as well.
- Bachelordegree in Computer Science, Information Technology or equivalent practical experiencerequired