Third Party Cyber Risk Manager
The Schwab CyberSecurity Services (SCS) organization is a centralized Center of Excellence (COE) that provides security services to advance Schwab’s security posture and enhance the protection of Schwab’s critical assets.
The Technology Risk and Cybersecurity Compliance (TRACC) team within SCS supports Schwab’s commitment to safeguarding information and computing resources through the solid cyber and technology risk management practices.
In this role you will be a key player for 3rd Party Cyber Risk Management activities. You will also oversee the validation of 3rd party management activities and the management and monitoring of 3rd party risks and controls. You will facilitate consulting engagements with 3rd party management for the enhancement of processes and controls and draft materials for reporting to leadership and management committees on 3rd party risk metrics, validation testing results, and program status. As a cyber risk champion, you will represent SCS across the firm and act as a subject matter expert on all topics regarding 3rd party cybersecurity.
What you are good at
- Assess the security posture of 3rd parties as a part of the onboarding process for new tools and services firm-wide with a lens on technology and security risk
- Support execution of 3rd party Risk Management program activities to oversee, monitor, assess, and report on third-party risk
- Perform validation testing activities on 3rd party management processes and controls to confirm adherence with policies, procedures, regulatory requirements/guidance, and industry best practices
- Evaluate contract terms for compliance with Schwab’s information security requirements, providing feedback to corporate legal and vendor management during active negotiations
- Effectively communicate with management and senior leadership and provide reporting on validation testing activities including identified exceptions and remediation action plans in a clear and concise manner
- Perform oversight of 3rd party risks and controls documented in Risk and Control Self-Assessments through execution of periodic assessments and quality assurance reviews
- Communicate and escalate 3rd party risk and control issues identified in the activities associated to the RCSA 3rd Party Management Oversight Program
- Develop periodic reporting on 3rd Party management risk-based metrics and effectiveness of third-party management practices and controls
- Provide consultative support and collaborate with business partners and 3rd party management stakeholders to identify enhancement opportunities to strengthen 3rd party management processes and controls
- Coordinate with the risk management oversight groups on the development of quarterly reporting of 3rd party risk metrics to management committees
- Develop quarterly reporting to management outlining validation testing results and program status
- Participate in 3rd party risk oversight meetings with business partners and third-party management stakeholders
- Assist with gathering data and providing information during Internal Audit Reviews and Regulatory Examinations for Operational Risk Management and 3rd Party Risk Management
- Execute ad-hoc projects as needed
- Develop and maintain a good working relationship with colleagues in other risk and control functions, including Corporate Vendor Management, Information Security Risk Management, Bank Outsourcing and Oversight Management and other Corporate Risk Management teams
What you have
- 5+ years’ experience in 3rd party management, audit, oversight, SOX testing, operational risk management, or similar role
- Experience with contract review
- 4 year degree preferred, especially with a technology or security specialization.
- Independent judgment with strong analytical and risk assessment skills
- Knowledge of 3rd party management, internal controls, financial/banking regulations and risk assessment and mitigation
- One or more of the following certifications preferred: CISM, CISSP, CRISC, CISA, PMP
- Project management skills with ability to work independently and with a team, prioritize and manage multiple projects and succeed in a fast-paced, heavy workload environment
- Strong written and verbal communication skills with a proven track record of building effective working relationships with internal and external business partners and senior leaders
“In addition to the salary range, this role is also eligible for bonus or incentive opportunities.”
Why work for us?
Own Your Tomorrow embodies everything we do! We are committed to helping our employees ignite their potential and achieve their dreams. Our employees get to play a central role in reinventing a multi-trillion-dollar industry, creating a better, more modern way to build and manage wealth.
Benefits: A competitive and flexible package designed to empower you for today and tomorrow. We offer a competitive and flexible package designed to help you make the most of your life at work and at home—today and in the future. Explore further.
Schwab is committed to building a diverse and inclusive workplace where everyone feels valued. As an Equal Opportunity Employer, our policy is to provide equal employment opportunities to all employees and applicants without regard to any status that is protected by law. Please click here to see the policy.
Schwab is an affirmative action employer, focused on advancing women, racial and ethnic minorities, veterans, and individuals with disabilities in the workplace. If you have a disability and require reasonable accommodations in the application process, contact Human Resources at firstname.lastname@example.org or call 800-275-1281.
TD Ameritrade, a subsidiary of Charles Schwab, is an Equal Opportunity Employer. At TD Ameritrade we believe People Matter. We value diversity and believe that it goes beyond all protected classes, thoughts, ideas, and perspectives.