Director, Technology Risk Management Principal

Your opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

This position is part of the Technology Risk Management (TRM) organization and reports to the Director of Availability, Capacity & Technology Operations Risk (ACTOR).In this individual contributor role, you will provide leadership for a team of technology risk oversight professionals responsible for providing independent oversight of the Firm’s IT Operations, Systems Monitoring and Alerting, Capacity Management, Batch Processing, and Backup and Recovery.

The successful candidate understands how risk management enables the business, is a decisive and strategic leader, and will have demonstrated the ability to conduct effective risk management governance and management (both strategically and tactically). They will be a team player, comfortable working across a wide range of Business entities and Corporate functions including Technology, Compliance, Legal, Operational Risk teams, Privacy, and many other partners to promote risk management practices throughout the enterprise.

Responsibilities Include

• Support leadership in the second line of defense (2LOD) team responsible for overseeing the Availability, Capacity & Technology Operations Risk (ACTOR) and related functions and providing effective challenge to the design and execution of technical and procedural controls
• Direct, mentor, and develop a team of technology, security, and risk oversight professionals
• Partner with internal SMEs to conduct data-driven, thematic risk assessments and partner with 2LOD discipline teams to conduct cross-functional risk assessments and thematic tests
• Establish influential relationships with key stakeholders; influence innovative solutions in response to constraints; and conduct challenges in a professional manner
• Oversee the evaluation of and proposed updates to existing Firm policies to reflect system availability, capacity and technology operations strategy and requirements, as appropriate
• Review, oversee and propose modification or addition as required to RCSA controls applicable to ACTOR
• Conduct industry benchmarking, regulatory requirement gathering and peer-based analysis of available controls, risk assessment methodologies and risk mitigation practices to assess for coverage gaps
• Collaborate with the first line of defense (1LOD) to manage and develop risk metrics (e.g., KRAMs and RAMMs) to continuously monitor and oversee program level risks
• Provide periodic updates, reports, and recommendations to management regarding best practices, inclusive of information security and information technology controls, risk assessments and risk remediation strategies
• Support interfaces with regulators through updates on ACTOR activities
• Apply creative problem-solving skills to broadly defined and occasionally nebulous problems
  
  

What you have

• At least 10 years of experience as an Information Security or Risk Management practitioner, with increasing leadership responsibility for both people and projects
• Proven ability to coordinate with geographically disbursed teams to drive results
• Risk management leadership and people development / mentorship experience
• Hands-on risk management and oversight experience, particularly in a financial services or highly regulated environment
• Familiarity with NIST, COBIT and related Frameworks and FFIEC IT Exam Handbook
• Understanding of applicable regulatory requirements/laws such as GDPR, PCI, FFIEC, GLBA, SOX, etc.
• Proven ability to effectively communicate with technical and executive audiences, both oral and written
• Experience interfacing with auditors in support of audits and external regulatory exam processes
• Experience in gathering requirements, documenting and assessing information for implementing controls
• Strong interpersonal, analytical, problem-solving, influencing, prioritization, decision-making and conflict resolution skills
• Strong initiative; self-starter; self-directed; ability to multi-task
• Experience in project planning, meeting facilitation for multiple groups and projects
• Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership
• Superior problem-solving, strong analytical skill, strong learning agility and willingness to embrace new challenges
• Thought leadership and ability to influence business partners
• Attention to details with strong strategic view
• Proficiency in information and data analysis to identify actionable risk and provide recommendations
• Professional certification is preferred (e.g., CISSP, CISA, CISM, CRISC, CPCB, etc.)
  
  

What’s in it for you

At Schwab, we’re committed to empowering our employees’ personal and professional success. Our purpose-driven, supportive culture, and focus on your development means you’ll get the tools you need to make a positive difference in the finance industry. Our Hybrid Work and Flexibility approach balances our ongoing commitment to workplace flexibility, serving our clients, and our strong belief in the value of being together in person on a regular basis.

We offer a competitive benefits package that takes care of the whole you – both today and in the future:

• 401(k) with company match and Employee stock purchase plan
• Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
• Paid parental leave and family building benefits
• Tuition reimbursement
• Health, dental, and vision insurance