Cybersecurity Compliance

Pay range: USD $145,000.00 - $160,000.00 / Year

Your opportunity

The Cybersecurity Regulatory & Compliance role is a unique position that will help support Schwab's Bank Trust Services, Schwab Asset Management, Workplace Financial Services, and the International Affiliates in Hong Kong, Singapore and the United Kingdom from an information security and technology risk standpoint. This individual contributor will be part of the Technology Risk & Cybersecurity Compliance (TRACC) team under Schwab Cybersecurity Services (SCS) and will serve as a cybersecurity ambassador to the aforementioned business units (BUs) to ensure cybersecurity is appropriately managed in accordance with firmwide cybersecurity practices. As a risk management professional, this individual is proactive in identifying, assessing, monitoring, and managing cybersecurity and technology risks across these business units. In addition, this person will help enforce established policies, standards, procedures, and controls designed to manage risk; monitor compliance with applicable regulatory requirements; and educate business unit employees on such policies and procedures.

• Foster and manage relationships with key stakeholders within the various BUs listed above, as well as subject matter leads within the Schwab Technology Services organization to clearly communicate cyber requirements.
• Recommend risk reduction steps to be implemented and maintained through policies, standards, procedures, frameworks and controls.
• Identify strengths and weaknesses in the program as they relate to information security, business resiliency and compliance frameworks.
• Document, formulate and enforce information security improvements that balance risk with business operations.
• Provide consultative services related to security risk and controls, security architecture, and security design through collaboration with cybersecurity and other technology teams.
• Occasionally attend meetings and/or respond to inquiries outside normal business hours (in line with the UK, Hong Kong and/or Singapore business hours).
• From a PCI compliance standpoint, interact with various technical and application groups, business groups, subject matter experts, and key stakeholders to drive vulnerability remediation efforts, identify and collect evidence, and oversee compliance with PCI guidelines.
• Provide, as needed, any audit, regulatory, or incoming due diligence-related support including presentation of Information Security topics during exams, assessments, and incoming due diligence questionnaires.

• Bachelor's Degree in Computer Science, Information Systems or other related fields.
• Familiarity with Financial Industry Technology and Cybersecurity risk frameworks such as the FFIEC IT Handbooks, NIST, COBIT, SOC 1/2, PCI-DSS.
• Knowledge and familiarity with a broad range of IT and information security products and technologies such as Network Security, Cryptography, Identity and Access Management, Vulnerability Management, Logging and Monitoring, Cloud Platforms, and Application Security.
• Experience with GRC (Governance, Risk and Compliance) solutions.
• Experience with risk metrics and executive dashboards.
• Ability to independently analyze and determine if a suite of controls will adequately reduce inherent risks to acceptable levels.
• Proven ability to manage Technology and Security risk assessments.
• Persistence, consistent attention to detail, and ability to meet deadlines.
• Exceptional communications skills; to be able to inform and persuade both verbally and in the written format.
• Ability to understand properly designed and effectively operating IT controls.
• Experience establishing and continuously improving executive-level reporting and presentations outlining cyber metrics, cyber risks, risk velocity/trending, and status of defined action plans.
• Cybersecurity expertise to support business unit execution of business plans and technology roadmaps, including translation of business requirements into technology/cybersecurity requirements and vice-versa.
• Understanding of key BU challenges and ability to advise on practical and cost-effective solutions to help mitigate cybersecurity risks/concerns.
• Experience performing continuous monitoring and tracking of open security conditions and status, and provide regular risk updates to senior management.
• Ability to collaborate on key security projects/initiatives, such as incident management, threat modeling, vulnerability management, application security, access management, data security, cloud security, third party assessments, etc.
• Ability to assist with resolution of cybersecurity findings related to the BU's internal audit or regulatory examinations.
• Experience with monitoring security incident trends to identify opportunities for incident reduction and leveraging threat intelligence to develop proactive cybersecurity initiatives at the BU level.
• Relevant certifications or ability to obtain information security certifications such as CISSP, CCSP, CISA, CISM or CRISC.
• Candidates with IT Audit and financial regulatory experience preferred.
• Designation as a PCI Internal Security Assessor (ISA) and/or PCI Professional (PCIP) preferred.

• 401(k) with company match and Employee stock purchase plan
• Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
• Paid parental leave and family building benefits
• Tuition reimbursement
• Health, dental, and vision insurance