Senior IT Risk Manager, Identity & Access Management

Your opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

In Technology Risk Management (TRM), a part of Corporate Risk Management (CRM), we partner with technology and business teams who are implementing technologies and processes to ensure the risks associated with the use of these are identified and managed. We do this to ensure we meet our corporate risk appetite, following an established framework for identifying, evaluating, measuring, monitoring, and reporting that risk in order to protect client assets, client information, and firm assets. You will bring an understanding of technologies in the identity, authentication, and access management space to identify the risks associated with use of these technologies and determine if risks are sufficiently managed.

The Senior IT Risk Manager, Identity & Access Management, as a second line function, is responsible for a) proactively identifying, measuring, assessing and reporting on risks associated with managing the identity lifecycle, managing access to information resources, and authentication/authorization mechanisms b) overseeing identity and access risk management policy, assessing adherence to policy, and reporting maturity progress to management, c) assessing ongoing adherence to security standards and best practices by conducting recurring and ad-hoc risk assessments on platforms, applications, and processes and d) providing consultation/guidance to our first line partners on policy and standard requirements and best practices to reduce risk.

What you’ll do:

• Conduct policy/standard oversight; collaborate with technology and business teams to assure risks and risk management requirements are understood; assess IAM processes for compliance with published standards, regulatory requirements, and best practices; perform risk assessments and testing where appropriate.
• Identify risks, examine control portfolios (and their underlying processes), and assess whether these are designed sufficiently to and are effectively reducing risk to levels within the firm’s risk appetite.
• Assist business partners through the risk response process by documenting gaps as issues, providing input to remediation plans and/or risk acceptances, and providing oversight for the management/lifecycle of these gaps.
• Maintain and evolve the measurement of RAMMs/KPIs/KRIs to monitor risk reduction.
• Assess the IAM risk management space, including roadmaps and projects, on a periodic basis to evolve strategy to adapt to emerging threats and capabilities.
• Collaborate with technology and business teams to ensure creation of IAM policies and standards reflecting the firm’s risk appetite and best practices to ensure robust risk management.
• Work with leadership, internal auditors, and regulators to articulate our IAM risk management framework, execution progress, and how these risks are managed at Schwab.
• Exemplify professionalism and a collaborative spirit in working with fellow risk management professionals and especially with our business partners to help them understand the benefit of identifying and managing risks to support business initiatives.

We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site four days per week in the specified locations.

Applicants must be currently authorized to work in the United States on a full-time basis without employer sponsorship.

What you have

To ensure that we fulfill our promise of “challenging the status quo,” this role has specific qualifications that successful candidates should have.

Required Qualifications:

• 5+ years of experience in an Information Technology, Information Security, IT Risk Management, or Technology Audit field
• Experience working within the identity and access management technology space and a working knowledge of aspects such as provisioning, entitlements, certification, privileged access management, authentication, and other technologies in this space
• Experience with data analysis and reporting, with sharp analytical skills and strong attention to detail and accuracy
• Ability to effectively communicate with technical and executive audiences; both oral and written is required with demonstrated presentation skills
• Experience working with partners at all levels and across functional lines (audit, risk management, technology teams and business teams) to bring diverse points of view together
• Ability to work independently and proactively, with minimal guidance
• Ability to work on multiple projects simultaneously while prioritizing based on risk/business needs with effective organizational and time management skills
• Strong interpersonal, analytical, problem-solving, influencing, prioritization and conflict resolution skills
• Familiarity with audit and testing practices
• Bachelor’s degree

Preferred Competencies:

• CISSP, CISA, CISM, CRISC, or equivalent certification strongly preferred
• 3+ years of experience in a risk, supervision/controls, compliance, or audit function
• 2+ years of experience in financial services
• Knowledge of risk control frameworks such as NIST, ISO as well as regulatory and industry requirements such as FFEIC, GLBA, PCI
• Experience with GRC and Workflow tools such as IBM OpenPages or RSA Archer and Policy Tech or Policy Hub
• Experience interfacing with auditors in support of audits