Austin - TX, AUS2, 2309 Gracy Farms Lane, 78758
We believe that, when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client's goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of 'own your tomorrow' every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.
As a company, we were established by Chuck over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.
In Corporate Risk Management (CRM), we provide an integrated risk management strategy that supports the delivery of predictable financial and operational performance in order to produce successful client and shareholder outcomes. We are organized around six primary functions: Bank Risk, Enterprise Risk, Information Security Risk Management, Market and Investment Risk, Model Risk and Operational Risk. Within each of these areas, we develop a framework for how much risk we are willing to accept as a firm and establish processes for identifying, evaluating, measuring, monitoring and reporting against that framework. In Business & Cyber Resiliency (BCR), we support that framework across information and technology to protect client assets, client information and firm assets.
Our BCR's Cyber Threat Risk Management (CTRM) team is seeking a seasoned Security Analyst. In a second line of defense capacity, you will have responsibility of implementing and governing the firm's Cybersecurity Framework. You will work in a cross-functional team in the creation and oversight of firm policies and strategic plans to enhance our capabilities in managing emerging threats from both internal and external sources.
What you'll do:
* Provide oversight and effective challenge of first line activities in the areas of: threat management and monitoring, security incident response framework and process, identification of threats to the Firm's environment, timely notification of affected stakeholder and management, ongoing monitoring of threats, and remediation efforts and the execution of compensating controls.
* Oversees the process of collection, aggregation, communication and operationalization of actionable intelligence to enhance the security posture of the Firm.
* 2nd LOD's oversight and assessment activities correspond with cybersecurity risks posed to the Firm.
* 2nd LOD's oversight of the implementation of threat intelligence consolidation solution
* Identify and validate metrics for cyber threats and risks; define and report against key security performance indicators
* Assess ongoing adherence to policies, security standards, and best practices by conducting recurring and ad-hoc risk assessments
* Collaborate with technology and business teams to foster the adherence to security standards and best practices
* Validate and enhance strategies to collect, monitor, identify and respond to threats and vulnerabilities within a defined risk-appetite
* Mature the firm's risk-based monitoring approach that supports the threat management strategy across organizations
* Provide knowledge of the security threat landscape relevant to web application development, patching, threat monitoring, and response technologies; stay abreast of emerging threats and risks
* Addressing regulatory requests from applicable examiners and auditors
What you have:
* 5+ years' experience in Information Security and Technology (including network, mainframe, and host security) with expertise in the areas of threat intelligence, incident management and response, and vulnerability management
* 5+ years' experience in performing risk assessments, testing IT security requirements against systems, and quantifying risk to management
* Ability to demonstrate an in-depth knowledge of incident response program execution and best practices
* Proven background in building effective processes to reduce risk
* An understanding of information security measures both preventative and detective (e.g., authentication mechanisms, access control, firewalls, network segmentation, content filtering, whitelisting/blacklisting, intrusion detection systems, log correlation, data loss prevention, vulnerability management, etc.)
* Experience with the implementation of information security best practices for key areas such as network controls, data confidentiality, and applications development
* Demonstrated track record of collaborating with multiple stakeholders in a technological risk assessment program
* Excellent communication skills and ability to articulate technical risk information across all levels of the organization
* Experience in the evaluation of audit reports, network penetration test results, application security assessments, and regulatory exams to identify vulnerabilities and threats, assess risks, and determine remediation priorities
* An understanding of information security frameworks, standards and industry documentation (e.g., ISO27002, NIST 800-53, COBIT, OWASP, SANS Top 20)
* An understanding of relevant information security regulations (e.g., SOX, PCI, Financial regulations, HIPAA, GLBA, NACHA, Data Privacy)
* CISSP, CISSP-ISSAP, SANS GIAC, or equivalent certifications
* BS degree in related software development field (CIS, Computer Science, etc.)
What you'll get:
* Comprehensive Compensation and Benefits package
* Financial Health: 401k Match, Employee Stock Purchase Plan, Employee Discounts, Personalized advice, Brokerage discounts
* Work/Life Balance: Sabbatical, Paid Parental Leave, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer, Employee Matching Gifts Program
* Everyday Wellness: Health and Lifestyle Wellness Rewards, Onsite Fitness Classes, Healthy Food Choices, Wellness Champions
* Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships
* Not just a job, but a career, with an opportunity to do the best work of your life
Learn more about Life@Schwab.
Schwab is committed to building a diverse and inclusive workplace where everyone feels valued. As an equal employment opportunity employer, our policy is to provide equal employment opportunities to all employees and applicants without regard to any status that is protected by law. (Please click here to see policy.) Schwab is also an affirmative action employer, focused on advancing women, minorities, veterans, and individuals with disabilities in the workplace. We believe diversity and inclusion are part of our success as a company and our purpose of serving every client with passion and integrity.
If you need an accommodation in the application process, please email email@example.com or call HR Direct at 800-725-3535.
Job Specifications Relocation Offered?: No Work Schedule: Days Languages: English - spoken Current Licenses / Certifications: Certified Information Systems Security Professional - CISSP Relevant Work Experience: Regulatory, IT-Management/Technical Project Mgmt-6+ yrs, Risk Analysis, IT-Management/Technical Project Mgmt-2-5 yrs, Analyst/Strategy-2-5 yrs, IT-Mainframe (Systems Prog/App Dev)-6+ yrs, IT-Mainframe (Systems Prog/App Dev)-2-5 yrs, IT-Communications/Networking-6+ yrs, IT-Communications/Networking-2-5 yrs Position Located In: TX - Austin Education: BA/BS Job Type: Full Time
Activation Date: Thursday, June 6, 2019
Expiration Date: Monday, July 1, 2019
About Charles Schwab
The Charles Schwab Corporation is a savings and loan holding company providing wealth management, securities brokerage, banking, asset management, custody, and financial advisory services.