Information Security Cyber Risk Assessment Specialist

Your Opportunity

What you are good at

• Working with all levels, including senior leadership.
• Balancing multiple concurrent assessment projects to mitigate risk and promote improvement of the control environment.
• Identifying control gaps requiring remediation and working collaboratively with other Schwab disciplines to implement improvements.
• Developing and executing effective and efficient processes and assessment plans for key Schwab controls.
• Gathering evidence to support testing teams assessing control effectiveness.
• Communicating results to process and control owners.
• Assisting management with developing and documenting achievable and sustainable action plans to remediate identified control gaps.
• Providing risk and control consulting services to partners across Schwab Cybersecurity Services.
• Providing domain expertise as a participant on Schwab improvement initiatives or in response to ad hoc requests.
• Assisting with development of clear and concise risk and control reporting.
• Assisting with regulatory exam preparation exercises (readiness assessments), in-flight exam evidence gathering/tracking, and review of presentation decks intended for regulatory exam teams

What you have

• 5+ years of relevant experience in the disciplines of information security, risk assessment activities, IT audit, and/or information security compliance with strong hands-on experience in security risk assessments.
• Proven ability to manage Security Risk Assessments
• Bachelor’s degree in related discipline required, advanced degree preferred.
• Relevant certifications preferred (CISA, CRISC, CISSP, CISM, CCSA or other risk & control disciplines)
• Knowledge and familiarity with a broad range of IT and information security products and technologies such as Network Security, Cryptography, Identity and Access Management, Vulnerability Management, Logging and Monitoring, Cloud Platforms, and Application Security
• Knowledge and familiarity of the FFIEC IT Handbook (specifically, the booklets on Information Security, Outsourcing Technology Services, Supervision of Technology Service providers, and Architecture, Infrastructure, and Operations), including fundamental information security experience
• Ability to understand properly designed and effectively operating IT controls.
• Ability to clearly document control objectives and design efficient tests of controls.

• Most Schwabbies have the opportunity to voluntarily work in the office or at home based on their preference, through the remainder of 2021.
• When the firm is ready to fully return to the office, employees will have the flexibility of a hybrid work environment, spending some time working remote and sometime in the office.
• Employees and managers can discuss and decide what works best for them, with additional flexibility available based on their role, business needs, and individual circumstances.

• Subject to change as Schwab is continually evaluating the current environment in order to best care for the safety and well-being of our employees.