Sr Manager - Cyber Resilience Planning

Your opportunity

The Cyber Assessments and Resilience Team is a first line of defense team positioned within the Schwab Cybersecurity Services vertical, aligned to ensure that services and applications within the Schwab Portfolio are assessed from a technology risk, cybersecurity risk, and cyber resilience perspective.

The Senior Manager, Cybersecurity Resilience plays a pivotal individual contributor role for the team. They will partner with technology leaders across the firm to ensure understanding of our Key Business Transactions and Important Business Processes, and what our capabilities to withstand impact during cybersecurity attacks like ransomware, DDoS, etc.  Additionally, this person will be responsible for understanding and ensuring recovery strategies, cyber vaulting, and recovery planning is well documented and understood. A large part of this role is based upon performing resilience assessments to establish our current risks and controls in place with a strong subject matter expertise in the assigned business and transaction areas. The ideal candidate will combine deep expertise in cybersecurity, strong cross functional negotiation capabilities, and hands-on experience with a range of modern risk and resilience concepts, including vaulting, recovery planning, and architectural resilience.

This is a key role in assuring that cyber risks are effectively managed and cyber resilience is adequately planned for. This helps build comfort that Schwab’s most critical applications both remain resilient, and are designed and implemented in the most resilient fashion to ensure our client’s trust is maintained. Success in this role will require ability to exercise influence, communicate effectively, think strategically, and work collaboratively among internal and external stakeholders across multiple functions combined with strong expertise in risk management discipline and security and technology controls best practices.

What you’ll do:

• Lead, mentor, and influence other professionals across the firm at varying levels of authority, fostering a culture of continuous improvement, collaboration, and resilience capabilities.
• Serve as the primary point of contact for information related to cyber resilience for business and technology partners while collaborating with stakeholders in procurement, the resilience program team, architecture and engineering, and third-parties.
• Support the implementation, configuration, and resiliency of platform technologies essential to the continuity of key business transactions and the risk management lifecycle
• Lead efforts on reporting and metrics from the various platforms in use between the different types of resilience activities to ensure the firm understands the risks while maintaining operational maturity of the resilience programs
• Effectively communicate with senior leadership and provide status updates on significant initiatives and aggregate reporting across the program
• Provide consultative support and collaborate with business partners and third-party management stakeholders to identify enhancement opportunities to strengthen third-party resilience processes and controls
• Coordinate with the risk management oversight groups on the development of risk metrics to management committees
• Assist with gathering data and providing information during Internal Audit Reviews and Regulatory Examinations for Operational Risk Management and Third-Party Risk Management
• Develop and maintain a good working relationship with colleagues in other risk and control functions, including Technology Risk Management, Operational Resilience Governance, Corporate Vendor Management, and Third Party Risk Management among other Corporate Risk Management teams
• Maintain up-to-date knowledge of the evolving threat landscape, regulatory requirements, and industry best practices for resilience.
• Execute ad-hoc projects as needed

What you have

• Bachelor’s degree in Information Security, Computer Science, or a related field
• 5+ years’ experience in third-party risk management, information security risk management, audit, oversight, SOX testing, operational risk management, or similar role
• Demonstrated experience negotiating information security terms and conditions, managing third-party security risks, and understanding cybersecurity assessments in general
• Independent judgment with strong analytical and risk assessment skills
• Once or more of the following certifications preferred:  CISM, CISSP, CRISC, CISA, PMP
• Strong organization skills with ability to work independently and with a team, prioritize and manage multiple initiatives and succeed in a fast-paced, heavy workload environment
• Strong written and verbal communication skills with a proven track record of building effective working relationships with internal and external business partners and senior leaders
• Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001, SOC 2) and regulatory landscapes.
• Proven leadership experience with the ability to motivate and inspire teams.
• Strong analytical and problem-solving skills, with a commitment to high-quality work.
• Experience working directly with cyber recovery strategy development for third-parties.