Charles Schwab Managing Director, Application Risk Management in Westlake, Texas
Westlake - TX, TX2050R, 2050 Roanoke Road, 76262-9616
We believe that , when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.
As a company, we were established by Chuck at http://www.aboutschwab.com/about/leadership/charles_schwab over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.
In Corporate Risk Management (CRM), we provide an integrated risk management strategy that supports the delivery of predictable financial and operational performance in order to produce successful client and shareholder outcomes. We are organized around six primary functions: Bank Risk, Enterprise Risk, Information Security Risk Management, Market and Investment Risk, Model Risk and Operational Risk. Within each of these areas, we develop a framework for how much risk we are willing to accept as a firm and establish processes for identifying, evaluating, measuring, monitoring and reporting against that framework. In Information Security Risk Management, we support that framework across information and technology to protect client assets, client information and firm assets.
The Managing Director, Application Risk Management (ARM) acts as a second line of defense function and is responsible for a) proactively identifying, measuring, assessing and reporting application risk exposure, b) define the application risk management policy, oversee and assess adherence to policy, and report maturity progress to management, and c) assessing ongoing adherence to security standards and best practices by conducting recurring and ad-hoc risk assessments on platforms and applications.
What you’ll do:
Defining risk-centric policies for application risk management. Partner with development and business teams to assure policy compliance is communicated and path forward is understood
Conducting policy oversight, collaborating with business and development teams to document risk management requirements, assess application design and architecture for compliance with published standards, and perform risk assessments where appropriate
Maintain and evolve the measurement of KPI’s/KRI’s to monitor risk reduction
Assess the application risk management space on a periodic basis to evolve the strategy to adapt to emerging threats and capabilities
Provide Effective Challenge & Policy Oversight
Develop and articulate secure application risk management strategies that continuously monitor and improve the security of customer-facing and internally-facing applications. Effectively challenge 1st line of defense roadmaps to continuously improve responses to the changing risk landscape
Provide enterprise-wide and channel-specific, potentially transformative and high-impact, strategic direction for business unit application risk management needs
Collaborate with business and technology teams to create and maintain application risk management policies and standards reflecting the firm’s risk appetite and industry best practices to assure robust controls
Provide credible risk assessments and independent reporting
Liaison with product management and technology to assure risk management requirements are considered throughout the project lifecycle and across the portfolio
Conduct oversight on identified vulnerabilities and remediation activities and provide reporting to business, technology and risk management leaders. Provide support to keep mitigation plans on track for timely delivery
Participate in defining, executing, and maturing the Secure Software Development Lifecycle (SSDLC)
Lead discussions with business units to review and approve mitigation strategies for vulnerabilities and areas of non-compliance with information security policy and standards
Work with internal auditors and regulators to articulate our application risk management framework, execution progress, and how application-level cybersecurity risks are managed at Schwab
Build and Maintain Relationships
Align with senior stakeholders regarding application and information security risks to the business units
Partner with risk, business and technology leaders to identify key issues, trade-offs and impacts to planned investments and projects
Serve as the trusted advisor to the business on application risk management matters
Work closely with technology and business teams to establish acceptable risk thresholds and perform assessments against the firm’s established risk appetite and approved thresholds
What you have:
Bachelor’s degree plus CISSP, CISM, or equivalent certification is preferred
10+ years’ experience in the Information Security field preferred
Direct experience working within Application Security, Development and/or Information Security Risk Management required
Experience with authoring, maintaining, and implementing IS Policies and Standards
Experience working with ISO/NIST frameworks
Understanding of applicable regulatory requirements/laws such as PCI, FFIEC, GLBA, SOX, etc.
Ability to effectively communicate with technical and executive audiences; both oral and written is required
Experience interfacing with auditors in support of audits and external regulatory exam processes is required
Experience in gathering requirements, documenting and assessing information for implementing information security policies and standards is required
Strong interpersonal, analytical, problem-solving, influencing, prioritization, decision-making and conflict resolution skills
Strong initiative; self-starter; self-directed; ability to multi-task
Experience in project planning, meeting facilitation for multiple groups and projects is preferred
What you’ll get:
Comprehensive Compensation and Benefits package
Financial Health: 401k Match, Employee Stock Purchase Plan, Employee Discounts, Personalized advice, Brokerage discounts
Work/Life Balance: Sabbatical, Paid Parental Leave, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer, Employee Matching Gifts Program
Everyday Wellness: Health and Lifestyle Wellness Rewards, Onsite Fitness Classes, Healthy Food Choices, Wellness Champions
Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships
Not just a job, but a career, with an opportunity to do the best work of your life
Learn more about Life@Schwab at http://www.aboutschwab.com/careers/lifeatschwab/" .
Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law.
Relocation Offered?: No
Work Schedule: Days
Languages: English - spoken
Current Licenses / Certifications: None
Relevant Work Experience: Risk Analysis, IT-Other Specialty Engineering-6+ yrs, Product Development-6+ yrs
Position Located In: AZ - Phoenix, TX - Westlake
Job Type: Full Time
Activation Date: Monday, August 14, 2017
Expiration Date: Sunday, October 1, 2017