Salary: USD $133,600 - $296,800 / Year

Your opportunity

At Schwab, you're empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us "challenge the status quo" and transform the finance industry together.

If you're passionate about providing world class client service and are seeking an opportunity where you're empowered to grow your financial services career with a diverse team, in a fast-paced collaborative work environment - this is the role for you!

The Director of Enterprise Threat and Vulnerability Management will lead the enterprise vulnerability management program. This position will be a proven technical leader capable of guiding the vulnerability detection capabilities, team building and technology evolution for the enterprise and driving the remediation process for on-premise and cloud environments. The Director is a driven technologist with deep expertise in security and vulnerability management.

• Assess, develop, and execute an enterprise-wide vulnerability management program.
• Partner with Schwab Cybersecurity Services teammates, technology owners and application teams to implement processes and technologies that reduce vulnerability exposures and help develop creative reporting mechanisms including metrics/key themes that communicate risk to leadership.
• Deliver verbal and written executive level and regulator communications of program, controls, capability, and metrics.
• Participate in development and implementation of security design & architecture principles and standards.
• Participate in the development and communication of vulnerability management, patching and configuration Standards.
• Be highly visible in the development and infrastructure communities at Schwab.
• Build and sustain good working relationships with development and infrastructure teams and involve them in the overall vulnerability management strategy.
• Conduct research to identify new attack vectors facing application, data and cloud services that can exploit patching and configuration vulnerabilities.
• Develop technical security requirements for the business and see them through the development lifecycle. Collaborate with business contacts to ensure third party cloud applications and encryption services comply with our standards, controls, policies, and principles.
• Participate in driving vulnerability management strategies and standards that support infrastructure and application security.
• Develop processes that assist management in identifying and remediating application and infrastructure security issues.
• Demonstrate a commitment to integrity, process improvement, and customer satisfaction.
• Demonstrate an ability to effectively analyze large data sets to extract meaningful trends and statistics to drive a patching and configuration remediation strategy.
• Demonstrate an ability and willingness to drive a data driven vulnerability management organization that effectively identifies, quantifies, and remediates security vulnerability risk throughout application, system, and network infrastructures.
• Identify and resolve false positive findings in results and facilitate processes to systematically address trends in detection inaccuracies and anomalies.
• Demonstrate deep technical expertise to effectively assess vulnerability risk and identify compensating controls and validation techniques to minimize security risk.

• Bachelor degree in Computer Science, Information Technology
• 10-15 years of experience in various security and technology domains
• Extensive experience in vulnerability management and patching programs, application security and development processes.
• Demonstrated knowledge of vulnerability management and patching tools with an emphasis on Qualys.
• Must have excellent verbal, written, and presentation communication skills, strong interpersonal skills and the ability to work effectively across project teams, C-Level executives, and Federal Regulators.

• Must demonstrate a keen understanding of security as a business enabler.
• CISSP certification preferred, however consideration will be given to those that have other cybersecurity certifications (CISM, CRISC, etc.) as well.

• 401(k) with company match and Employee stock purchase plan
• Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
• Paid parental leave and family building benefits
• Tuition reimbursement
• Health, dental, and vision insurance