Charles Schwab Managing Director, Application Risk Management in Westlake, Texas


Westlake - TX, TX2050R, 2050 Roanoke Road, 76262-9616

Julie Rulis


We believe that , when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.

As a company, we were established by Chuck at over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.

Our Opportunity:

In Corporate Risk Management (CRM), we provide an integrated risk management strategy that supports the delivery of predictable financial and operational performance in order to produce successful client and shareholder outcomes. We are organized around six primary functions: Bank Risk, Enterprise Risk, Information Security Risk Management, Market and Investment Risk, Model Risk and Operational Risk. Within each of these areas, we develop a framework for how much risk we are willing to accept as a firm and establish processes for identifying, evaluating, measuring, monitoring and reporting against that framework. In Information Security Risk Management, we support that framework across information and technology to protect client assets, client information and firm assets.

The Managing Director, Application Risk Management (ARM) acts as a second line of defense function and is responsible for a) proactively identifying, measuring, assessing and reporting application risk exposure, b) define the application risk management policy, oversee and assess adherence to policy, and report maturity progress to management, and c) assessing ongoing adherence to security standards and best practices by conducting recurring and ad-hoc risk assessments on platforms and applications.

What you’ll do:

  • Defining risk-centric policies for application risk management. Partner with development and business teams to assure policy compliance is communicated and path forward is understood

  • Conducting policy oversight, collaborating with business and development teams to document risk management requirements, assess application design and architecture for compliance with published standards, and perform risk assessments where appropriate

  • Maintain and evolve the measurement of KPI’s/KRI’s to monitor risk reduction

  • Assess the application risk management space on a periodic basis to evolve the strategy to adapt to emerging threats and capabilities

Provide Effective Challenge & Policy Oversight

  • Develop and articulate secure application risk management strategies that continuously monitor and improve the security of customer-facing and internally-facing applications. Effectively challenge 1st line of defense roadmaps to continuously improve responses to the changing risk landscape

  • Provide enterprise-wide and channel-specific, potentially transformative and high-impact, strategic direction for business unit application risk management needs

  • Collaborate with business and technology teams to create and maintain application risk management policies and standards reflecting the firm’s risk appetite and industry best practices to assure robust controls

Provide credible risk assessments and independent reporting

  • Liaison with product management and technology to assure risk management requirements are considered throughout the project lifecycle and across the portfolio

  • Conduct oversight on identified vulnerabilities and remediation activities and provide reporting to business, technology and risk management leaders. Provide support to keep mitigation plans on track for timely delivery

  • Participate in defining, executing, and maturing the Secure Software Development Lifecycle (SSDLC)

  • Lead discussions with business units to review and approve mitigation strategies for vulnerabilities and areas of non-compliance with information security policy and standards

  • Work with internal auditors and regulators to articulate our application risk management framework, execution progress, and how application-level cybersecurity risks are managed at Schwab

Build and Maintain Relationships

  • Align with senior stakeholders regarding application and information security risks to the business units

  • Partner with risk, business and technology leaders to identify key issues, trade-offs and impacts to planned investments and projects

  • Serve as the trusted advisor to the business on application risk management matters

  • Work closely with technology and business teams to establish acceptable risk thresholds and perform assessments against the firm’s established risk appetite and approved thresholds

What you have:

  • Bachelor’s degree plus CISSP, CISM, or equivalent certification is preferred

  • 10+ years’ experience in the Information Security field preferred

  • Direct experience working within Application Security, Development and/or Information Security Risk Management required

  • Experience with authoring, maintaining, and implementing IS Policies and Standards

  • Experience working with ISO/NIST frameworks

  • Understanding of applicable regulatory requirements/laws such as PCI, FFIEC, GLBA, SOX, etc.

  • Ability to effectively communicate with technical and executive audiences; both oral and written is required

  • Experience interfacing with auditors in support of audits and external regulatory exam processes is required

  • Experience in gathering requirements, documenting and assessing information for implementing information security policies and standards is required

  • Strong interpersonal, analytical, problem-solving, influencing, prioritization, decision-making and conflict resolution skills

  • Strong initiative; self-starter; self-directed; ability to multi-task

  • Experience in project planning, meeting facilitation for multiple groups and projects is preferred

What you’ll get:

  • Comprehensive Compensation and Benefits package

  • Financial Health: 401k Match, Employee Stock Purchase Plan, Employee Discounts, Personalized advice, Brokerage discounts

  • Work/Life Balance: Sabbatical, Paid Parental Leave, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer, Employee Matching Gifts Program

  • Everyday Wellness: Health and Lifestyle Wellness Rewards, Onsite Fitness Classes, Healthy Food Choices, Wellness Champions

  • Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships

  • Not just a job, but a career, with an opportunity to do the best work of your life

Learn more about Life@Schwab at" .

Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law.

Job Specifications

Relocation Offered?: No

Work Schedule: Days

Languages: English - spoken

Current Licenses / Certifications: None

Relevant Work Experience: Risk Analysis, IT-Other Specialty Engineering-6+ yrs, Product Development-6+ yrs

Position Located In: AZ - Phoenix, TX - Westlake

Education: BA/BS

Job Type: Full Time

Category:Information Technology

Activation Date: Monday, August 14, 2017

Expiration Date: Sunday, October 1, 2017

Apply Here