Sr Specialist - IT Risk Services Adherence Monitoring

Your opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).

The Senior Specialist, Technology Risk Management is responsible for executing continuous control adherence by monitoring and validating enterprise technology control effectiveness using systemic metrics, automated workflows, and risk-based insights. Identifies control performance gaps and drives timely escalation and remediation to address deficiencies. Ensures alignment with enterprise governance standards by collaborating across risk, control, and technology stakeholders. Strengthens control reliability through ongoing validation, issue tracking, and adherence monitoring to support a consistent, defensible control environment.

The Senior Specialist partners with control and program owners, RCSA facilitators, and second line risk stakeholders to support audit readiness, regulatory expectations, and consistent governance outcomes, while serving as a trusted advisor on continuous control adherence. Participates in working sessions to resolve requirement interpretation, evidence sufficiency, and adherence determinations, and supports audit and regulatory engagements by delivering clear, defensible documentation of adherence outcomes and rationale. Leverages automation and automated evidence collection to provide near real-time visibility into control effectiveness, enabling proactive identification of control failures and drift, reducing manual review reliance, and maintaining alignment with frameworks such as NIST, SOC 2, and ISO 27001.

ESSENTIAL DUTIES

The Sr Specialist, Technology Risk Management, will be responsible for the following duties:

• Participate in adopting the program best-practices and guidance as prioritized by leadership and stakeholders.
• Contribute to developing and maintaining procedures in support of key risk management processes.
• Proactively identify controls requiring attention or strengthening and work collaboratively with other STS disciplines to implement improvements in line with corporate standards, applicable regulations, and/or best practice frameworks.
• Develop and maintain strong partnerships across the Risk Champion community, STS Management, Information Security Risk Management, Business Management, Internal Audit, Sarbanes-Oxley Compliance, and Enterprise Operational Risk Management.

What you have

Required Qualifications

• Bachelor’s degree in computer science, Information Technology, Risk Management, related discipline, or equivalent industry experience (technology, cybersecurity, or technology risk management disciplines).
• Knowledge of technology risk and control concepts, including industry frameworks (e.g., NIST, ISO, COBIT), along with experience applying risk management frameworks, internal controls, and continuous control adherence practices.
• Experience with GRC tools (e.g., MyGRC or equivalent), including issue/violation management, and applying Risk and Control Self-Assessment (RCSA) practices, risk and control catalogs, and governance frameworks.
• Demonstrated ability to assess evidence, apply judgment, and document conclusions clearly
• Strong written and verbal communication skills, with the ability to convey risk outcomes concisely to leadership and translate business needs into technical and risk requirements to deliver practical solutions.
• Proven ability to work independently, manage multiple priorities, and lead initiatives or working groups.

Preferred Qualifications

• Experience supporting or executing continuous monitoring of technology policies and standards
• Experience developing risk metrics, quality standards, and executive dashboards through automation (Power BI)
• Familiarity with AI technologies, automation, or advanced tooling as applied to risk assessment and control monitoring.
• Professional certifications such as CRISC, CISA, CISSP, or CISM.