Sr Manager, Security Analytics & Operations Lead

Your opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

Job Responsibilities: Responsible for managing the full lifecycle of incident response activities, including detection, investigation, mitigation, and post-incident reviews. Identify patterns of behavior indicative of potential insider threats and collaborate with stakeholders to mitigate risks. Develop and manage escalation processes, ensuring timely and efficient communication with key stakeholders, including legal, HR, and executive teams, as necessary. Ensure incidents are properly escalated and managed according to company policy and industry best practices. Perform risk assessments of insider threats, including malicious, negligent, and accidental insider actions. Recommend and implement corrective actions or risk mitigation strategies in collaboration with various business units. Work closely with security defense and operations, HR, legal, and other departments to coordinate a unified response to insider threat incidents. Prepare and present detailed reports and briefings on incident response findings to technical and nontechnical audiences. Assist in refining and maturing the insider threat program by improving detection, response processes, and escalatory pathways. Provide input to maintain and update incident response plans, playbooks, and escalation procedures to reflect evolving threats and organizational changes. Provide insights and recommendations for enhancing security awareness and training initiatives.

What you have

Job Requirements: Bachelor's in Computer Science, Computer Engineering, Engineering (any), or a related field, and 84 months of related progressive, post-bachelor's experience. Experience must include 84 months of experience involving the following: Evaluating, testing, implementing, and operationalizing large scale cybersecurity related projects at financial industry with Endpoint Detection and Response (Crowdstrike), Endpoint DLP (Trellix or McAfee), and SIEM technologies (Splunk or Phantom); Process improvements with scripting and automation (PowerShell); Evaluating, testing, implementing, and operationalizing large scale endpoint management related projects; Analyzing security logs and user patterns for risk identification and remediations; Cybersecurity related incident investigations, responses, and escalations; Cybersecurity related risk assessment, mitigation, collaboration, and communications; and Developing and managing cybersecurity-related governance, and regulatory compliance/audit processes.

We offer competitive pay and benefits. Starting compensation depends on related experience. Annual bonus and other eligible earnings are not included in the ranges above. Benefits include: 401(k) w/ company match; employee stock purchase plan; paid vacation, volunteering, 28-day sabbatical after every 5 years of service for eligible positions; paid parental leave and family building benefits; tuition reimbursement; health, dental, and vision insurance; hybrid/remote work schedule available for eligible positions (subject to Schwab’s internal approach to workplace flexibility).