Charles Schwab Sr. Analyst, Vendor Information Security Oversight (VISO) in Westlake, Texas
Westlake - TX, TX2050R, 2050 Roanoke Road, 76262-9616
We believe that , when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.
As a company, we were established by Chuck at http://www.aboutschwab.com/about/leadership/charles_schwab over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.
Through Clients’ Eyes: https://www.youtube.com/watch?v=Qkic76FWat8
The Information Security Risk Management (ISRM) team is responsible for the development and maintenance of Charles Schwab’s Information Security program, including the Information Security Policy, which is periodically reviewed and approved by the Board, the creation and execution of the information security strategy, and the implementation of the information security framework. The team is also responsible for various security assurance and consulting services including testing of applications and systems for vulnerabilities, conducting risk and compliance assessments, performing security compliance assessments for vendors, and providing information security requirements and reviews for legal contracts.
As a Sr. Analyst of Schwab’s Vendor Information Security Office (VISO), you will play a key role in vendor review, controls, recommendations, selection, contractual language negotiation, vendor deficiency management, vendor cyber incident management and Vendor Information Security Oversight program enhancement. These responsibilities are a critical component in evolving Schwab's Vendor Security program, enhancing the visibility of Information Security and reducing information security risk for Schwab clients. You will partner closely with Corporate Vendor Management, Schwab Legal and Business Vendor Owners to ensure compliance with Schwab’s Information Security Program.
What you’ll do:
Serve as the responsible subject matter expert on vendor cyber security risk which includes: leading risk identification, quantification, and management efforts, and providing risk evaluation and assessment of likelihood and impact of security findings, vulnerabilities and exceptions.
Drive all aspects of Information Security vendor assessments which include scheduling and conducting vendor Information Security assessments (i.e. questionnaires, third party security audit reports, onsite assessments, etc.).
Assess completed questionnaires and supporting materials to ensure vendor’s responses are complete and meet Schwab expectations.
Identify deficiencies and vulnerabilities associated with the Vendor Information Security Oversight program and remediate any issues.
Document findings and work with Schwab Corporate Vendor Management and Schwab Business Owners to resolve findings through remediation plans or, alternatively, by seeking Non-Compliance Acceptance approvals.
Escalate issues associated with vendors, as needed.
Assess remediation plans and non-compliance acceptances across multiple business lines where Information Security standards compliance cannot be achieved.
Validate evidence from vendor, before findings are closed.
Coordinate Information Security incident management events, incident data collection, remediation activities and management reporting of vendor security incidents.
Identify and escalate changes in State and Federal legislation and regulations that will affect Information Security policy, standards and procedures.
Identify opportunities for process improvements to deliver increasing operational efficiency in the processes.
Identify opportunities for improving the vendor Information Security risk posture as well as Schwab’s vendor risk management processes, including expanded monitoring, KPI tracking, etc.
Support internal education and best practices sharing with peers and colleagues, as well as vendor education & awareness, as needed.
Partner with Schwab Legal for inclusion/negotiation of appropriate Information Security contract language within vendor agreements (new, renewal and amendments).
Participate in planning and strategy discussions around program development and management priorities including generating ideas, identifying trends and developing recommendations to shape strategy and objectives.
Develop and cultivate partnerships with functional and vendor-facing business units across the Charles Schwab enterprise.
Develop compelling presentations and supporting communication to a range of audiences.
Perform other duties and special projects, as assigned.
What you have:
Bachelor’s degree in Information Technology, Computer Science or related field preferred
CISSP certification preferred
Cyber Security risk experience, including risk evaluation and assessment of likelihood and impact of security findings, vulnerabilities and exceptions.
Experience identifying risk and providing technical resolution
Previous work experience that involves facilitating the controls review process and conducting security controls assessment
Vendor management oversight experience preferred
Program management experience with the ability to align project resources to successfully complete remediation plans
Resourcefulness and the ability to take ownership of assigned responsibilities; ability to exercise sound judgement when engaging other stakeholders and/or business partners
Experience with IT general controls
Experience with Information Security threats and testing methods
Experience developing recommendations and solutions for cross-enterprise resources
What you’ll get:
Everyday Wellness: Healthy Rewards, Onsite Fitness Classes, Healthy Choices, Wellness Champions
Financial Fitness: 401k Match, Employee Discounts, Personalized advice, Brokerage discounts
Work/Life Balance: Sabbatical, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer
Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships
Not just a job, but a career, with an opportunity to do the best work of your life
Learn more about Life@Schwab at http://www.aboutschwab.com/careers/lifeatschwab/" .
Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law.
Relocation Offered?: No
Work Schedule: Days
Languages: English - spoken
Current Licenses / Certifications: None
Relevant Work Experience: IT-Management/Technical Project Mgmt-2-5 yrs
Position Located In: TX - Arlington, TX - Westlake
Job Type: Full Time
Activation Date: Tuesday, May 16, 2017
Expiration Date: Saturday, July 8, 2017