Charles Schwab Sr. Manager, Risk & Maturity Assessment in Lone Tree, Colorado


Lone Tree - CO, DENR2, 9800 Schwab Way, 80124

Cameron Ellsworth


We believe that , when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.

As a company, we were established by Chuck at over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.

Our Opportunity:

In Corporate Risk Management, we provide an integrated risk management strategy that supports the delivery of predictable financial and operational performance in order to produce successful client and shareholder outcomes. We are organized around six primary functions: Bank Risk, Enterprise Risk, Information Security Risk, Market and Investment Risk, Model Risk and Operational Risk. Within each of these areas, a framework has been established to determine how much risk we are willing to accept as a firm and establish processes for identifying, evaluating, measuring, monitoring and reporting against said framework.

In support of the risk management framework, Information Security Risk Management (ISRM), creates and monitors the implementation of risk based policies to enhance the firm’s controls and security countermeasures with respect to the use of information and technology. The Risk and Maturity Assessment group conducts our annual Risk Assessment (RA), ensures compliance with Policy across the organization and articulates information security risk profile which shapes and influences the Firm’s Cyber Security strategy. Additionally, the R&MA team performs a biennial maturity and annual FFIEC Cybersecurity Assessment Maturity assessment to identify the Firm’s maturity and establish internal functional maturity targets as part of the broader ERM framework.

What you’ll do:

  • Directly manage a team of 4-6 analysts to perform Information Security risk and maturity assessments to include at a minimum, NIST and FFIEC.

  • Maintain and update the strategic risk assessment roadmap to reflect continuous improvements to mature the space and support the business needs

  • Create and maintain a maturity assessment roadmap integrating third part maturity assessments, FFIEC Cybersecurity Assessment tool (CAT) and Enterprise Risk Management Maturity assessments.

  • Analyze resulting data to identify key trends, root causes and assist in the creation of Risk Assessment reports.

  • Monitor, update and provide consultation on information security issues for information security technology assets.

  • Partner with a variety of Technology organization teams, as well as risk-mitigation groups such as Corporate Security, Global Security Organization, the Online Security Team, and Security Technology and Operations.

  • Support additional projects and tasks related to Information Security based on business needs and the regulatory environment.

  • Active participant of the Security Findings Governance Board.

  • Provide day to day management of a small team of risk assessment professionals

  • Develop risk and maturity assessment roadmap in support of the business needs, regulatory obligations and industry frameworks.

What you have:

  • At least 7 years of experience as an Information Security practitioner, with increasing leadership responsibility for both people and projects.

  • In depth knowledge of IS Risk Assessment methodologies such as ISO 27005, DREAD or FAIR, and IS control frameworks such as ISO 27001/27002, PCI DSS, and/or NIST 800-53.

  • Prior implementation of information security controls to include: network, server, desktop and cloud as well as secure software development life cycle, logical access and data protection.

  • Broad understanding of Information Security and GRC tools like Archer & Open Pages. Knowledge of content sharing tools including SharePoint.

  • Experience developing strategic program roadmaps and demonstrated success achieving the defined objectives.

  • Prior experience interacting with regulators, evaluating audit reports, network penetration test results, application security assessments and regulatory exams to determine remediation priorities and CISSP, CISA, CISM, SANS GIAC or equivalent certifications are preferred.

  • Experience interfacing with auditors in support of audits and external regulatory exam processes is required.

  • Experience in gathering requirements, documenting and assessing information for implementing information security policies and standards is required.

  • Strong interpersonal, analytical, problem-solving, influencing, prioritization, decision-making and conflict resolution skills.

  • Strong initiative; self-starter; self-directed; ability to multi-task

  • Experience in project planning, meeting facilitation for multiple groups and projects is preferred.

  • Bachelor’s degree in Computer Science or a related field plus CISSP, CISM, or equivalent certification is required.

  • Ability to effectively communicate with technical and executive audiences, both oral and written is required.

  • Experience working with ISO, NIST and COBIT frameworks. Factor Analysis of Information Risk and Carnegie Mellon Resilience Management models a plus.

  • Understanding of applicable regulatory requirements/laws such as PCI, FFIEC, GLBA, SOX, etc.

You demonstrate these behaviors:

  • Analytical Thinking: Approaching a problem by using a logical, systematic, sequential approach.

  • Building Collaborative Relationships: Ability to develop, maintain, and strengthen partnerships with others inside or outside of the organization who can provide information, assistance and support.

  • Initiative: Identifying what needs to be done and doing it before being asked.

  • Flexibility: Openness to different and new ways of doing things; willingness to modify one’s preferred way of doing things.

  • Results Orientation: Focusing on the desired end result of one’s own or one’s unit's work; setting challenging goals, focusing effort on the goals, and meeting or exceeding them.

What you’ll get:

  • Comprehensive Compensation and Benefits package

  • Financial Health: 401k Match, Employee Stock Purchase Plan, Employee Discounts, Personalized advice, Brokerage discounts

  • Work/Life Balance: Sabbatical, Paid Parental Leave, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer, Employee Matching Gifts Program

  • Everyday Wellness: Health and Lifestyle Wellness Rewards, Onsite Fitness Classes, Healthy Food Choices, Wellness Champions

  • Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships

  • Not just a job, but a career, with an opportunity to do the best work of your life

Learn more about Life@Schwab at" .

Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law. Schwab also does not discriminate against applicants or employees because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. At Schwab, we believe that every employee, through their diverse abilities and experiences, can contribute to our growth, innovation and client loyalty. We embrace diversity and are committed to providing equal opportunity to all employees and applicants. If you have a disability, and require reasonable accommodations in the application process, call Human Resources at 800-725-3535. We will be happy to assist you. Schwab will only share your accommodation request with those individuals who have a specific need to know. The request for an accommodation will not affect Schwab's hiring decisions. All other submissions should be performed online.

Job Specifications

Relocation Offered?: No

Work Schedule: Days

Languages: English - spoken

Current Licenses / Certifications: Certified Information Systems Security Professional - CISSP

Relevant Work Experience: IT-Communications/Networking-6+ yrs, Analyst/Strategy-less than 2 yrs, Regulatory, IT-Other Specialty Engineering-6+ yrs, Risk Analysis

Position Located In: CO - Lone Tree

Education: BA/BS

Job Type: Full Time

Category:Risk Management

Activation Date: Wednesday, October 3, 2018

Expiration Date: Friday, March 1, 2019

Apply Here