Principal, Technology Risk Manager

Your Opportunity

• Help design and execute risk-centric policies for application risk management. Partner with development and business teams to assure policy compliance is communicated and path forward is understood.
• Conducting policy oversight, collaborating with business and development teams to document risk management requirements, assess application design and architecture for compliance with published standards, and perform risk assessments where appropriate.
• Maintain and evolve the measurement of KPI's/KRI's to monitor risk reduction.
• Assess the application risk management space on a periodic basis to evolve the strategy to adapt to emerging threats and capabilities.

• Provide Effective Challenge & Policy Oversight
• Develop and articulate secure application risk management strategies that continuously monitor and improve the security of customer-facing and internally facing applications. Effectively challenge 1st line of defense roadmaps to continuously improve responses to the changing risk landscape.
• Collaborate with business and technology teams to create and maintain application risk management policies and standards reflecting the firm's risk appetite and industry best practices to assure robust controls.
• Provide credible risk assessments and independent reporting
• Liaison with product management and technology to assure risk management requirements are considered throughout the project lifecycle and across the portfolio.
• Conduct oversight on identified vulnerabilities and remediation activities and provide reporting to business, technology, and risk management leaders. Provide support to keep mitigation plans on track for timely delivery.
• Lead discussions with business units to review and approve mitigation strategies for vulnerabilities and areas of non-compliance with information security policy and standards.
• Participate in defining, executing, and maturing the Secure Software Development Lifecycle (SSDLC).
• Participate in continuous monitoring of adherence to Secure Application Development and other policies and standards.
• Build and Maintain Relationships
• Align with stakeholders from all three lines of defense regarding application and information security risks to the business units.
• Work with internal auditors and regulators to articulate our application risk management framework, execution progress, and how application-level cybersecurity risks are managed at Schwab.
• Work closely with technology and business teams to establish acceptable risk thresholds and perform assessments against the firm's established risk appetite and approved thresholds.

• Bachelor's degree plus CISSP, CISM, or equivalent certification is preferred
• 5+ years of experience in a risk, supervision/controls, compliance, or audit function
• 5+ years' experience in the Information Security field
• 2+ years of experience in financial services,
• Direct experience working within Application Security, Development, Software Testing and Risk Management required
• Experience with authoring, maintaining, and implementing IS Policies and Standards
• Knowledge and experience in risk control frameworks such as NIST, ISO as well as regulatory and industry requirements such as GLBA, PCI, FFIEC
• Experience with data analysis and reporting
• Ability to effectively communicate with technical and executive audiences; both oral and written is required
• Experience interfacing with auditors in support of audits and external regulatory exam processes is required
• Experience with working with partners at all levels and across functional lines, bringing diverse points of view together to determine a clear direction forward
• Thrive in a constantly evolving environment and meet critical commitments under pressure
• Manage complicated issues and arbitrate across disparate partner groups
• Conduct metrics and status reporting
• Experience with GRC and Workflow tools such as IBM OpenPages or RSA Archer and Policy Tech or Policy Hub
• Hands on experience with Agile/ Scrum methodology
• Experience in gathering requirements, documenting, and assessing information for implementing information security policies and standards is required
• Ability to work independently and proactively, with minimum guidance
• Ability to work on multiple projects simultaneously while prioritizing based on risk/business needs
• Effective organizational and time management skills
• Excellent interpersonal, written, and verbal communication skills; demonstrated presentation skills
• Ability to think strategically with sharp analytical skills and strong attention to detail and accuracy
• Strong interpersonal, analytical, problem-solving, influencing, prioritization, decision-making and conflict resolution skills
• Strong initiative; self-starter; self-directed; ability to multi-task
• Experience writing, maintaining, testing, auditing, and revising policies and procedures
• Understand the familiarity of laws and regulations within financial services for retail facing positions
• Experience analyzing data and preparing solutions based on sound facts and findings
• Self-starter with a can-do attitude who is capable of building relationships and influencing effectively within a matrixed organization
• Experience in project planning, meeting facilitation for multiple groups and projects is preferred