Cybersecurity Risk Assessor

Your opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).

The Cyber Assessments and Resilience Team is a first line of defense team within Schwab Cybersecurity Services, focused on ensuring that services and applications across Schwab’s portfolio are assessed for technology risk, cybersecurity risk, and privacy compliance.

This role will focus on conducting cybersecurity assessments, specifically evaluating cloud security controls and conducting Privacy Impact Assessments (PIAs) to safeguard client data, meet regulatory obligations, and strengthen Schwab’s cyber resilience posture. The role may also participate in other cybersecurity assessments as needed.

What You’ll Do

As a Cloud & Privacy Risk Assessment Manager, you will:

• Evaluate cloud security controls across public, private, and hybrid environments using industry frameworks (CSA CCM, CIS Benchmarks, NIST CSF).
• Conduct Privacy Impact Assessments (PIAs) for new and existing applications, ensuring compliance with GDPR, GLBA, CCPA, and other applicable regulations.
• Partner with privacy, legal, and data governance teams to identify and mitigate privacy risks in technology solutions.
• Review data flows and storage locations in cloud architectures to validate encryption, access controls, and data residency requirements.
• Maintain expertise in cloud-native security services (AWS, Azure, GCP) and emerging privacy technologies.
• Translate technical control gaps into risk-based language for remediation and executive reporting.
• Prepare detailed risk assessment reports and deliver executive-level presentations outlining cloud and privacy risk posture, trends, and remediation status.
• Perform continuous monitoring of identified gaps and provide regular updates to senior management.
• Drive automation initiatives for cloud control validation and PIA workflows.
• Contribute to the development of cloud and privacy risk metrics for dashboards and regulatory reporting.
• Advocate and promote awareness of cloud security and privacy risks across business and technology teams.

What You’re Good At

• Building strong relationships and partnering closely with security, privacy, and technology teams across Schwab.
• Communicating complex technical and regulatory concepts in clear, actionable terms.
• Driving continuous improvement in assessment processes, reporting, and automation.
• Working independently and collaboratively in a fast-paced, results-oriented environment.

What you have

Required Qualifications

• 3–5 years of experience in information security, risk assessment, or privacy compliance, with hands-on experience in cloud security assessments and PIAs.
• Strong knowledge of cloud platforms (AWS, Azure, GCP) and associated security controls.
• Familiarity with privacy-by-design principles and data protection laws (GDPR, CCPA, GLBA).
• Expertise in information security best practices and technology risk management disciplines.
• Experience with frameworks such as CSA CCM, ISO 27001, and NIST CSF.
• Working knowledge of software development practices and technologies.
• Ability to develop and present risk metrics and executive dashboards.
• Excellent analytical and technical skills; able to research problems, determine root causes, and propose solutions.
• Experience using collaboration platforms such as MS SharePoint, PowerBI, PowerAutomate, and Jira.
• Bachelor’s Degree in Computer Science or related discipline.
• Relevant certifications or ability to obtain: CISSP, CCSP, CIPT, CISM, or CRISC.

Preferred Qualifications

• Experience with cloud compliance automation tools.
• Knowledge of data residency and cross-border data transfer requirements.
• Familiarity with privacy-enhancing technologies.