Zero Trust Architect

Your opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).

In Schwab Cybersecurity Services (SCS), Office of CISO, we provide platforms, services, and security operations capabilities which enable the firm to produce successful client and shareholder outcomes securely and safely. Securing our IT assets, data, and access to applications is the core of who we are and what we do.  We ensure only the appropriate entities have access to IT resources and that we adhere to best practices and standards to ensure a safe and compliant environment is maintained. 

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

The Zero Trust Architect is an individual contributor supporting the Firm’s Networksecurity and Zero Trust strategy including domain security architecture vision and development. This position will drive and synchronize security strategies aligned with technology and business priorities along with validating future directions as it relates to zero trust and various network security technologies. This role works with various Schwab technology and security teams on the architectural, engineering, and implementation of technology solutions and methodologies to ensure visibility, secure connectivity, and service availability.

In this role, the Zero Trust Architect will have responsibility for identifying, defining, developing, leading security technology strategy across a broad portfolio of security and related technology systems, and the assessment of new and emerging security technologies at the very large enterprise scale. To include the road mapping and security architecture design to guide engineering implementing, and maintaining network security capabilities including segmentation, zero trust, network and platform resiliency, enhanced network visibility and implementation of solutions to address security control gaps. Collaborating with product and project teams to understand needs and enablement with security products.

As a senior member of Schwab Cybersecurity Services (SCS), you will engage and partner with senior leaders across the organization leveraging your extensive background in (managing / delivering / implementing / architecting) various security technologies, combined with expertise in organizational and cross-functional communication, influence roadmaps, solution adoption, champion strategic opportunities / execution plans with the aim to improve security capabilities, reduce risk, and position forward looking platform security enhancements. 

Responsibilities include, but are not limited to:

• Responsible for defining an architectural vision for Zero Trust and architecture for large complex solutions, which aligns with the enterprise architecture strategy, technology, and platform choices
• Ensures the solution is fit for purpose and use by working with stakeholders, vendors/service providers, and evaluating the impact of strategic design decisions
• Contributes to best practices, guidelines, standard templates, and the architecture roadmap for defined domains.
• Creates security reference architecture patterns for reusability.
• Contributes to the creation of the architecture roadmap of defined domains (Business, Application, Data and Technology) in support of the product roadmap
• Partner with Schwab counterparts to implement designs and technologies that reduce network security deficiencies and deliver on the network strategy.
• Translate/engineer architectural requirements and high-level design into a deployable and manageable implementation.
• Develop technical solutions to ensure 3rd party partners connect to us in a way that protects our systems and client data.
• Participate in development, implementation of security design & engineering principles and standards and build a network strategy that leaps the enterprise into a next gen approach
• The Zero Trust Architect must interpret business, technology and threat drivers, and develop practical security roadmaps
• Clarifies the architecture for the development teams to support implementation, and provides solution options to resolve any architectural impediments
• Performs design reviews to ensure all non-functional requirements for a solution are sufficiently met (e.g. security, performance, maintainability, scalability, usability, and reliability)
• Liaises with other security architects and security practitioners to share best practices and insights

What you have

• 4-year college/university degree required
• Minimum 10+ years of experience in Cyber Security preferably in the financial services industry
• Subject matter expertise in one or more of the following domains:
• Network Security
• Deep understanding of core network security principles, such as Confidentiality, Integrity, and Availability (CIA triad)
• Expertise in designing and implementing robust network security architectures, including firewalls, intrusion prevention systems (IPS), network segmentation, endpoint security, and access controls.
• Knowledge of current and emerging network threats like ransomware, phishing, zero-day exploits, insider threats, and IoT vulnerabilities.
• Proficiency in various security tools such as firewalls, intrusion detection/prevention systems (IDPS), virtual private networks (VPNs), encryption, Security Information and Event Management (SIEM), and endpoint security solutions.
• Familiarity with best practices for network security management, including regular updates, vulnerability assessments, incident response planning, network segregation, and strong access controls
• Zero Trust
• Zero Trus Architecture like next generation access such as Security Service Edge (SSE) and Secure Access Service Edge (SASE) components
• Understanding and ability to articulate the fundamental principles of Zero Trust: "never trust, always verify," verify explicitly, least-privilege access, and assume breach.
• Proficiency in managing user identities, implementing multi-factor authentication (MFA), role-based access control (RBAC), and attribute-based access control (ABAC) for fine-grained access control.
• Knowledge and experience in network micro segmentation to limit the impact of breaches and control lateral movement.
• Zscaler
• Deep knowledge of the Zscaler Zero Trust Exchange platform and its various components, such as Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), Zscaler Digital Experience (ZDX), and Zscaler Workload Communications.
• Understanding of ZIA's capabilities for secure web gateway (SWG), SSL inspection, cloud firewall, data loss prevention (DLP), cloud access security broker (CASB), and threat protection.
• Proficiency in using ZPA to provide secure, direct access to private applications, and replacing traditional VPNs.
• Knowledge of ZDX for monitoring and improving user experience across applications and networks.
• Expertise in securing application-to-application communication in cloud and hybrid environments using Zero Trust principles.
• Experience with deploying, configuring, and managing Zscaler solutions, including client connectors, app connectors, policy creation, and integration with other security tools like SIEM and identity management systems.
• Ability to leverage Zscaler's cloud-native architecture to implement and extend Zero Trust principles across various environments, including remote work, hybrid clouds, and IoT/OT devices.
• Experience implementing/configuring cloud services and tools aligned to our security priorities

• Demonstrates flexibility within a variety of changing situations, while working with individuals and groups.
• Excellent written and verbal communication skills.
• Strong ability to effectively communicate with and present to C level as well as the senior leadership team.
• Experience with assessment, development, implementation, integration, optimization, and documentation of a comprehensive and broad set of security technologies and processes in on premise, public, and private cloud environments.
• Experience with DevSecOps process, AI security, and data warehousing.
• Strong knowledge of enterprise security concepts/frameworks and products, secure design principles, and best practices
• Experience implementing industry/compliance frameworks (NIST 800-53, CIS benchmarks, ISO 27000 series, COBIT, etc.)
• Must be able to quickly and succinctly design and create technical solution/process documentation
• Must be a self-starter, strong leader who is able to influence senior engineers and architects; work with limited supervision & be able to work well with others in a globally diverse IT environment
• CISSP, CCSP, and TOGAF certification preferred. Other related certifications a plus

In addition to the salary range, this role is also eligible for bonus or incentive opportunities.