Manager, Security Analytics & Operations

Your opportunity

At Schwab, you’re empowered to do impactful, meaningful work protecting client information and critical business data. Our Data Protection program combines strong technical controls with disciplined operational processes to secure data in motion, data in use, and data at rest across the enterprise.

This role is a senior technical individual contributor responsible for directly owning and executing privileged access, credential vaulting, and database access security controls. You will serve as the technical owner for non‑human identity (NHI) credential security and administrative database MFA enforcement. The role blends hands‑on technical execution with operational coordination to ensure controls are consistently implemented, operating as intended, and meeting audit and regulatory expectations across both on‑prem and cloud environments. A key focus is minimizing credential exposure through automated vaulting, enforcing non‑interactive authentication for NHIs, and streamlining secure credential injection—empowering developers and application teams to adopt modern identity practices with minimal friction while materially reducing risk from static, shared, or locally stored credentials.

Core Responsibilities:

• Directly own and execute privileged access and database access security controls, including PAM enforcement and administrative MFA remediation, with minimal supervision

• Oversee and validate database access onboarding, enforcement, and ongoing access hygiene

• Own enforcement and remediation of administrative database MFA, including identification, tracking, and resolution of gaps and exceptions

• Lead hands‑on credential remediation activities, including:

• Identification and cleanup of orphaned privileged accounts in Safeguard

• Retirement of orphaned, shared, hard‑coded, and API‑based credentials

• Reduction of long‑lived and locally stored secrets

• Drive adoption of automated credential vaulting as the standard access pattern for non‑human identities

• Design, implement, and validate secure credential injection patterns for applications and services

• Enforce non‑interactive authentication patterns for NHIs and remove unnecessary interactive login paths

• Lead execution and validation of migrations from local or static credentials to certificate‑based or other managed authentication mechanisms

• Own end‑to‑end operational workflows for onboarding NHIs into PAM platforms and tracking completion across dependent teams

• Serve as the primary technical escalation point for PAM, credential, and database access issues

• Partner with database, identity, infrastructure, and application teams to remediate access and authentication gaps

• Maintain operational runbooks, technical documentation, and control evidence to support audits and ongoing compliance readiness

• Provide clear technical updates, metrics, and risk summaries to management and audit stakeholders

What you have

Required Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience)

• 8+ years of experience in cybersecurity, identity, or infrastructure security roles

• 1 year of Schwab technology domain experience gained as a current or recent contractor or employee 

• Experience coaching or guiding an operational team

• Hands-on experience with Privileged Access Management platforms (e.g., Safeguard or equivalent)

• Strong understanding of credential lifecycle management, vaulting, and access remediation

• Practical experience enforcing MFA for privileged or administrative access

• Strong knowledge of database access models and privileged account risks

• Demonstrated ability to independently own technical controls end to end while coordinating execution across teams

• Strong written and verbal communication skills for technical and leadership audiences

Preferred Qualifications

• Proven ability to execute and sustain security improvements within complex technical ecosystems and matrixed organizational structures

• Demonstrated effectiveness working across infrastructure, identity, database, and application teams to drive coordinated outcomes

• Strong practical knowledge of information security controls and their operational application in enterprise environments

• Working familiarity with certificate‑based authentication, workload identity, and service‑to‑service authentication models

• Hands‑on experience reducing credential sprawl and modernizing access patterns in large, legacy environments

• Experience supporting audit and regulatory requirements such as FFIEC, PCI, or comparable control frameworks

• Industry‑recognized security certification (e.g., CISSP or equivalent) preferred