The Schwab Vendor TechnologyRisk Management (VTRM) Sr. Manager will be a key member of the Vendor TechnologyRisk Management team. This position is responsible for creation, implementation, monitoring and enhancements for program components of the Schwab Vendor TechnologyRisk Management program. The main objective for this position is to ensure the protection of Schwab sensitive information that a Vendor may access, process and/or store while providing services for or on behalf of Schwab. The VTRM Sr. Manager will assist the Managing Director of Vendor TechnologyRisk Management within Information Security Risk Management in day-to-day operations to ensure that the requirements of the Schwab Information Security Policy are carried out for any technology functions delegated to Schwab vendors, or for the protection of Schwab sensitive information entrusted to vendors, and to ensure that partner organizations such as the Vendor Management Office (VMO) and the Office of Corporate Counsel (OCC) are adequately supported in their efforts to conduct oversight of vendors.
What you’ll do:
Key job responsibilities of the Schwab (VTRM) Sr. Manager will include:
- Manage a small team to perform Vendor Information Security assessments leveraging NIST & ISO framework controls.
- Effectively manage vendor risk through identification, communication, mitigation and remediation activities thru Information Security vendor assessments which include scheduling and conducting vendor Information Security assessments (questionnaires, third party securityauditreports, onsite assessments, etc.).
- Serve as the responsible subject matter expert on vendor cybersecurityrisk which includes;
- -Leading risk identification, quantification, and management efforts
- -Providing risk evaluation and assessment of likelihood and impact of security findings, vulnerabilities and exceptions.
- Document findings and work with the Schwab Business Owners to resolve findings through remediation plans or seek Non-Compliance Acceptance approvals. Validate evidence from vendor, before findings are closed.
- Coordinate Information Security incident managementevents, incident data collection, remediation activities and management reporting of vendor security incidents.
- Identify and escalate changes in State and Federal legislation and regulations that will affect Information Security policy, standards and procedures.
- Identify opportunities for improving the vendor Information Security risk posture as well as Schwab’s vendor risk management processes, including expanded monitoring, KPI tracking, etc.
- Partner with Schwab Legal for inclusion/negotiation of appropriate Information Security contractlanguage within vendor agreements (new, renewal and amendments).
- Participate in planning and strategy discussions around program development and management priorities including generating ideas, identifying trends and developing recommendations to shape strategy and objectives.
- Develop and cultivate partnerships with functional and vendor-facing business units across the Charles Schwab enterprise.
- Other duties and special projects as assigned.
You demonstrate these behaviors:
- Analytical Thinking: Approaching a problem by using a logical, systematic, sequential approach.
- Building Collaborative Relationships: Ability to develop, maintain, and strengthen partnerships with others inside or outside of the organization who can provide information, assistance and support.
- Initiative: Identifying what needs to be done and doing it before being asked.
- Flexibility: Openness to different and new ways of doing things; willingness to modify one’s preferred way of doing things.
- Results Orientation: Focusing on the desired end result of one’s own or one’s units work; setting challenging goals, focusing effort on the goals, and meeting or exceeding them.
- Committed to Excellence: Sets ever-increasing standards for performance, holding self and others accountable.
What you have:
- A Bachelor’s degree.
- 8+ years of IT and/or Information Security experience in large, highly-regulated organizations, with increasing leadership responsibility for both people and projects.
- 5+ years of IT securityexperience, in securityrisk and compliance assessments for applications, infrastructure, and vendor / third parties, review of technical security requirements, review, approve and track security exceptions and remediation.
- 3+ years of Vendor Security Oversight experience, specific to technology vendors and service providers.
- Broad understanding of Information Security and GRC tools like Archer & Open Pages. Knowledge of content sharing tools including SharePoint.
- Exhibit strong relationship management and interpersonal skills.
- Project management skills, with a track record of execution across multiple functions.
- Excellent written and oral communication skills, including being able to synthesize data, develop recommendations, and influence partners.
- Strong interpersonal, analytical, problem-solving, influencing, prioritization, decision-making and conflict resolution skills
- Mature understanding of information security “best practices” including principles, security protocols and standards.
- Strong critical thinking skills; ability to quickly comprehend problems, develop hypotheses, draw logical conclusions, develop solutions, and respond accordingly.
- Proven history of being a self-starter, ability to multi-task, proactively identifying problems, determining pragmatic solutions, identifying and obtaining needed resources, and executing with little or no supervision.
- Advanced Information Security certification (CISSP, CTPRP or equivalent is preferred, but CISM, CEH, or similar certifications are also useful)
- The following qualifications are strongly preferred:
- Financial Services experience
What you’ll get:
- Comprehensive Compensation and Benefits package
- Financial Health: 401k Match, Employee Stock Purchase Plan, Employee Discounts, Personalized advice, Brokerage discounts
- Work/Life Balance: Sabbatical, Paid Parental Leave, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer, Employee Matching Gifts Program
- Everyday Wellness: Health and Lifestyle Wellness Rewards, Onsite Fitness Classes, Healthy Food Choices, Wellness Champions
- Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships
- Not just a job, but a career, with an opportunity to do the best work of your life