Cyber Risk Analytics and Reporting

Your opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).

The Cyber Assessments and Resilience Team is a first line of defense team positioned within the Schwab Cybersecurity Services vertical, aligned to ensure that services and applications within the Schwab Portfolio are assessed from a technology risk, cybersecurity risk, and cyber resilience perspective.

The Analytics and Reporting Manager serves as a subject matter expert (SME), functioning independently to prepare and analyze data, as well as develop visualizations for reporting cybersecurity risks and operational metrics.  The individual is responsible for working with the other members of the Cyber Assessments and Resilience team to understand the data that supports internal processes, identifying where data resides, transforming the data as appropriate, and creating visualizations and dashboards.

This is a key role in assuring that cyber risks are effectively managed, Schwab client information is protected, and our client’s trust is maintained. Success in this role will require ability to exercise influence, communicate effectively, think analytically and strategically, and work collaboratively among internal and external stakeholders across multiple functions combined with strong expertise in risk management, data analysis and data visualization techniques. This is an individual contributor role.

The Analytics and Reporting Manager will be responsible for the following:

• Partner with Cyber Assessments and Resilience team members to identify meaningful metrics and reports.
• Ensure required data elements are available for reporting. Assist teams to create data elements in source systems.
• Utilize data transformation tools such as Alteryx to harvest data from source systems and prepare it for reporting needs.
• Use SQL to validate data is accurate and complete.
• Create visualizations using tools such as Tableau and Power BI.
• Identify and manage continuous improvements in various areas, including automation of data collection, leadership reporting activities, development and maintenance of risk-related information, and audit and/or regulatory areas.
• Contribute to the creation and ongoing development of security and control metrics.
• Support maturing cyber risk governance through development of standard processes and procedures.
• Advocate and promote awareness of operational gaps and cyber risks to CART leadership.

Other responsibilities include:

• Build strong relationships and partner closely with security and technology partners across Charles Schwab Corporation and its affiliates.
• Develop internal processes to increase team efficiencies and continually mature operations.
• Other risk related responsibilities as identified
• May travel minimally as needed

What you have

• 3-5 years of relevant experience in the disciplines of information security, technical risk management, third-party risk management, risk assessment activities or information security compliance.
• 2+ years of experience in data analysis, data transformation, and data visualization techniques.
• Experience using at least one of the following tools: Alteryx, Tableau, Power BI, SQL, GCP BigQuery, Power Automate, Power Application.
• Experience in developing performance or risk metrics, and executive dashboards.
• Excellent analytical & technical skills, able to research problems, determine root causes and solutions.
• Superior attention to detail and focus on quality work delivery.
• Familiar with one or more regulatory requirements and laws such as, but not limited to, PCI, Federal Financial Institutions Examinations Council, Sarbanes-Oxley Act, HIPAA, GDPR and GLBA. Additionally, experience in one or more: ISO 27001, ITIL and NIST. General understanding of the Factor Analysis of Information Risk methodology
• Working knowledge of software development practices and technologies.
• Understanding of information security or technology risks.
• Experience using collaboration platforms such as MS SharePoint, Confluence, or JIRA.
• Must be a self-starter and able to work independently, as part of a team, and lead working groups as required.
• Work ethic based on a strong desire to exceed expectations.
• Ability to work successfully in a fast-paced, results-oriented environment. Requires excellent time management skills, ability to appropriately prioritize multiple, competing demands.
• Bachelor’s Degree in Computer Science, Management Information Systems, or related discipline.
• Relevant certifications or ability to obtain information security certifications such as CISSP, CCSP, CCSK, CISM or CRISC is preferred.