Charles Schwab Sr. Analyst, Vendor Technology Risk Management in Westlake, Texas
Westlake - TX, TX2050R, 2050 Roanoke Road, 76262-9616
We believe that , when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.
As a company, we were established by Chuck at http://www.aboutschwab.com/about/leadership/charles_schwab over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.
Through Clients’ Eyes: https://www.youtube.com/watch?v=Qkic76FWat8
The Information Security Risk Management (ISRM) team is responsible for the development and maintenance of Charles Schwab’s Information Security program, including the Information Security Policy, which is periodically reviewed and approved by the Board, the creation and execution of the information security strategy, and the implementation of the information security framework. The team is also responsible for various security assurance and consulting services including testing of applications and systems for vulnerabilities, conducting risk and compliance assessments, performing security compliance assessments for vendors, and providing information security requirements and reviews for legal contracts.
The Schwab Vendor Technology Risk Management (VTRM) Sr. Analyst will be a key member of the Vendor Technology Risk Management team. This position is responsible for the program management and enhancement of the Schwab Vendor Technology Risk Management program. The main objective for this position is to ensure the protection of Schwab sensitive information that a Vendor may access, process and/or store while providing services for or on behalf of Schwab. The VTRM Sr. Analyst will assist the Managing Director of Vendor Technology Risk Management within Information Security Risk Management in day-to-day operations to ensure that the requirements of the Schwab Information Security Policy are carried out for any technology functions delegated to Schwab vendors, or for the protection of Schwab sensitive information entrusted to vendors, and to ensure that partner organizations such as the Vendor Management Office (VMO) and the Office of Corporate Counsel (OCC) are adequately supported in their efforts to conduct oversight of vendors.
What you’ll do:
The Schwab VTRM Sr. Analyst plays the key role in vendor controls review/recommendation, vendor selection recommendation, contract language negotiation, vendor deficiency management, vendor cyber incident management and vendor Information Security oversight program enhancement. These responsibilities are a critical component in enabling Schwab to evolve its vendor security oversight program, enhancing visibility of Information Security and reducing information security risk for Schwab clients. The Schwab Sr. VTRM Analyst partners closely with Corporate Vendor Management, Schwab Legal and Business Vendor Owners to ensure information security program/practice compliance of Schwab vendors.
Key job responsibilities of the Schwab (VTRM) Sr. Analyst will include:
Serve as the responsible subject matter expert on vendor cyber security risk which includes:
leading risk identification, quantification, and management efforts, and
Providing risk evaluation and assessment of likelihood and impact of security findings, vulnerabilities and exceptions.
Drive all aspects of Information Security vendor assessments which include scheduling and conducting vendor Information Security assessments (i.e. questionnaires, third party security audit reports, onsite assessments, etc.).
Assess completed questionnaires and supporting materials to ensure vendor’s responses are complete and meet Schwab expectations.
Identify deficiencies and vulnerabilities associated with the Vendor Information Security Oversight program.
Document findings and work with Schwab Corporate Vendor Management and Schwab Business Owners to resolve findings through remediation plans or, alternatively, by seeking Non-Compliance Acceptance approvals.
Escalate issues associated with vendors, as needed.
Assess remediation plans and non-compliance acceptances across multiple business lines where Information Security standards compliance cannot be achieved.
Validate evidence from vendor, before findings are closed.
Coordinate Information Security incident management events, incident data collection, remediation activities and management reporting of vendor security incidents.
Identify and escalate changes in State and Federal legislation and regulations that will affect Information Security policy, standards and procedures.
Identify opportunities for process improvements to deliver increasing operational efficiency in the processes.
Identify opportunities for improving the vendor Information Security risk posture as well as Schwab’s vendor risk management processes, including expanded monitoring, KPI tracking, etc.
Support internal education and best practices sharing with peers and colleagues, as well as vendor education & awareness, as needed.
Partner with Schwab Legal for inclusion/negotiation of appropriate Information Security contract language within vendor agreements (new, renewal and amendments).
Participate in planning and strategy discussions around program development and management priorities including generating ideas, identifying trends and developing recommendations to shape strategy and objectives.
Develop and cultivate partnerships with functional and vendor-facing business units across the Charles Schwab enterprise.
Develop compelling presentations and supporting communication to a range of audiences.
Perform other duties and special projects, as assigned.
What you have:
A Bachelor’s degree
8+ years of IT and/or Information Security experience in large, highly-regulated organizations.
5+ years of IT security experience, in security risk and compliance assessments for applications, infrastructure, and vendor / third parties, review of technical security requirements, review, approve and track security exceptions and remediation.
3+ years of Vendor Security Oversight experience, specific to technology vendors and service providers.
Exhibit strong relationship management and interpersonal skills.
Project management skills, with a track record of execution across multiple functions.
Excellent written and oral communication skills, including being able to synthesize data, develop recommendations, and influence and persuade partners.
Strong analytical and problem-solving skills with the ability to identify opportunities and execute to meet strategic objectives.
Mature understanding of information security “best practices” including principles, security protocols and standards.
Strong critical thinking skills; ability to quickly comprehend problems, develop hypotheses, draw logical conclusions, develop solutions, and respond accordingly.
Proven history of being a self-starter: proactively identifying problems, determining pragmatic solutions, identifying and obtaining needed resources, and executing with little or no supervision.
Advanced Information Security certification (CISSP, CTPRP or equivalent is preferred, but CISM, CEH, or similar certifications are also useful)
The following qualifications are strongly preferred:
- Financial Services experience
What you’ll get:
Everyday Wellness: Healthy Rewards, Onsite Fitness Classes, Healthy Choices, Wellness Champions
Financial Fitness: 401k Match, Employee Discounts, Personalized advice, Brokerage discounts
Work/Life Balance: Sabbatical, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer
Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships
Not just a job, but a career, with an opportunity to do the best work of your life
Learn more about Life@Schwab at http://www.aboutschwab.com/careers/lifeatschwab/" .
Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law.
Relocation Offered?: No
Work Schedule: Days
Languages: English - spoken
Current Licenses / Certifications: None
Relevant Work Experience: IT-Other Specialty Engineering-2-5 yrs, IT-Management/Technical Project Mgmt-6+ yrs, IT-Management/Technical Project Mgmt-2-5 yrs, Regulatory, Risk Analysis, IT-Other Specialty Engineering-6+ yrs
Position Located In: TX - Austin, TX - Westlake
Job Type: Full Time
Activation Date: Monday, August 7, 2017
Expiration Date: Wednesday, November 1, 2017