Senior Technology Risk Manager, Identity, Access, Authentication Risk Management (IAM)

Your opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

Technology Risk Management (TRM) is part of the Corporate Risk Management (CRM) department that forms the second line of defense at Charles Schwab. TRM provides challenge with partnership for the firm’s information technology, security, and resilience practices to manage risks to Confidentiality, Integrity, Availability, and Value Delivery within the Firm’s Risk Appetite. Within TRM, the Identity Access Risk Management team focuses on risks related to client authentication and internal workforce identity and access management.

The Technology Risk Manager Senior, Identity & Access Risk Management (IARM) is responsible for a) proactively identifying, measuring, assessing and reporting on risks associated with client authentication as well as internal workforce management of the identity lifecycle, access to information resources, and other authentication/authorization technology b) overseeing and assessing adherence to identity and access risk management policy and regulatory requirements, and reporting maturity progress to management, c) assessing ongoing adherence to security standards and best practices by conducting recurring and ad-hoc risk assessments on platforms and applications, both internal and cloud based, and d) providing consultation/guidance to our technology and business partners on policy and standard requirements and best practices to reduce risk. It is also the expectation that the individual will establish strong partnership with our stakeholders by building trust through their subject matter expertise and integrity of their work to influence call to action, as needed, to drive sustainable change.

Additional Responsibilities Include

• Focus on client authentication programs and technologies to protect firm customers and firm reputation.
• Effectively challenge technology roadmaps to continuously improve responses to the changing risk landscape.
• Identification of emerging risks and in the field and how those apply the firm.
• Staying informed of technology advances and determining how those can be applied to manage risk within the firm.
• Sourcing and management (oversight) of issues as well as risk and control assessment utilizing GRC tools and internal processes.
• Maintain and evolve metrics to monitor risk reduction.
• Work with internal auditors and regulators to articulate our identity and access risk management framework, execution progress, and how these risks are managed at Schwab.
  
  

What you have

Required Qualifications

• Bachelor’s degree plus CISSP, CISM, CISA, or equivalent certification is preferred
• 3 years’ experience in the Information Security field
• Experience working with authentication and authorization mechanisms, multi-factor authentication tools and strategies, identity providers, and managing privileged access risks. Working knowledge of these technologies, potential flaws and risks, and best practices to implement solutions that reduce risk.
• Knowledge of risk control frameworks such as NIST, ISO as well as regulatory and industry requirements such as GLBA, PCI, FFIEC
• Experience with data analysis and reporting
• Ability to effectively communicate with technical and executive audiences; both oral and written is required
• Experience interfacing with auditors in support of audits is required
• Experience with working with partners at all levels and across functional lines, bringing diverse points of view together
• Thrive in a constantly evolving environment and meet critical commitments under pressure
• Conduct metrics and status reporting
• Experience with GRC and Workflow tools such as IBM OpenPages or RSA Archer and Policy Tech or Policy Hub will be a plus
• Ability to work independently and proactively, with minimum guidance
• Ability to work on multiple projects simultaneously while prioritizing based on risk/business needs
• Effective organizational and time management skills
• Excellent interpersonal, written, and verbal communication skills; demonstrated presentation skills
• Sharp analytical skills and strong attention to detail and accuracy
• Strong interpersonal, analytical, problem-solving, influencing, prioritization and conflict resolution skills
• 3 years of experience in a risk, supervision/controls, compliance, or audit function
• 2 years of experience in financial services
• Experience analyzing data and preparing solutions based on sound facts and findings
• Self-starter with a can-do attitude who is capable of building relationships within a matrixed organization
  
  

Preferred Competencies

• CISSP, CISA, CISM, CRISC, or equivalent certification
  
  

What’s in it for you

At Schwab, we’re committed to empowering our employees’ personal and professional success. Our purpose-driven, supportive culture, and focus on your development means you’ll get the tools you need to make a positive difference in the finance industry. Our Hybrid Work and Flexibility approach balances our ongoing commitment to workplace flexibility, serving our clients, and our strong belief in the value of being together in person on a regular basis.

We offer a competitive benefits package that takes care of the whole you – both today and in the future:

• 401(k) with company match and Employee stock purchase plan
• Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
• Paid parental leave and family building benefits
• Tuition reimbursement
• Health, dental, and vision insurance