Job title: Technology Information Security Officer – Remote
Company: Charles Schwab
Job description: What you are good at
Functioning as a senior lead, a successful candidate will demonstrate maturity, strong communication and decision making skills, and executive presence, ultimately building up their own professional network within the company. Other abilities essential to the role are influencing decision makers, mastering business concepts, and possessing excellent written and oral communications skills.
This role requires a high level of technical expertise in multiple disciplines within Customer Identity & Access Management (CIAM) and Application Security, providing security design guidance to development teams for legacy and new development. The role will require mentorship, design guidance, and consultation to drive change and support to Schwab client authentication and security program.
Communicate and collaborate with cross-functional peers outside of the Technology Division, including Enterprise Risk Management, Third Party Risk Management, and other business unit leadership. Drive objectivity and build consensus among internal and external stakeholders with widely divergent perspectives and drivers.
Lead application security assessments and assist in planning the remediation of assessment, audit, and regulatory findings. Participate in and contribute to key working groups across the enterprise, including but not limited to Architecture Review Board. Prepare reports for senior management including presentations, metrics, and other documentation required to support governance functions.
- Ensuring coordinated, effective, and efficient service delivery from Global Security to Client Applications and Workforce Solutions
- Ensuring the coverage and operating effectiveness of key security controls in the Client Applications and Workforce Solutions technology environment
- Devising and operating a leveraged, risk-based method for coupling centralized product security resources to the Client Applications and Workforce Solutions technology team
- Develop and continually refine metrics and provide reporting to peers and senior executives
What you have
The successful candidate will have their foundational skill set in information security risk and controls. Serving the technology organization, they will need strength in assessing and deliberating technical risk as a subject-matter expert, basing their experience in time served in an area such as application or infrastructure security.
- 12+ years of total experience in information technology, with at least 5 years of that working in the Customer/consumer Identity (CIAM) space
- Experience in educating and working with the business application leaders and developer community is a plus
- Experience with one or more CIAM vendor solutions: Transmit, Okta/Auth0, other leaders in the CIAM space
- Understand how client applications drive UX through CIAM differentiators (social login, progressive login, CRM integration, etc.)
- Understanding of legal and privacy issues involved in tracking and managing user consent and privacy preferences
- Familiarity with API Gateways such as Apigee, Mulesoft, etc and their role in API Management
- Experience with technologies and protocols to support identity federation and robust access control models (e.g., SAML 2.0, WS-Federation, OAuth, OpenID Connect)
- Experience with a formal risk governance mechanism, such as a Governance Risk and Compliance tool workflow, through which individual risk findings are documented, analyzed, accepted, and tracked and managed
- Experience developing, formalizing, and operating security business requirements & processes
- Experience managing projects, programs, and initiatives of significant size and scale, especially where information security resources had to be prioritized based on risk
- Experience in technical application security, infrastructure security, as a developer, system administrator / site reliability engineer, vulnerability manager, security architect, or other role(s) granting strong direct experience in assessing technical risk and risk mitigation with compensating controls
- Experience assessing cloud-specific security risk; knowledge of cloud models, appropriate controls and assurance factors for each; Understanding of Cloud Service Providers, GCP, AWS, Azure; hands-on experience preferred
- Experience with information security aspects of compliance and accreditation, such as PCI, ISO, FISMA, FedRAMP, NIST 800-53, and/or SOC 2
- Experience with or deep exposure to the financial industry, focused on clearing or trading
- Demonstrable knowledge of a broad range of Information Security technologies and practices
- Demonstrable, impeccable writing skills for technical, management, and executive audiences
- Demonstrable communication capabilities including oral presentation and ability to present in front of executive leadership Demonstrable experience coordinating multiple concurrent issues, in high-pressure situations
- Experience with security analysis, design and service development Advanced knowledge of application security assessments
- High understanding of entire development process, including specification, documentation and quality assurance High degree of understanding in the theories, methodologies and principals underlying secure technical analysis, design and implementation of secure networks, applications, systems, and databases
- Candidates must have proven ability to build value propositions, business cases, drive results as part of a larger project or program team Relevant experience designing, implementing, and supporting large scale solutions High degree of understanding with Cryptographic Services Experience with Amazon Web Services, Microsoft Azure and GCP external cloud providers.
Education: A Bachelor’s or Master’s degree in Computer Science, Information Systems.
Target Total Compensation –
$126,500 – $205,000
: We’re proud to support our employees in a working approach that allows you to bring your best self to work – whether that’s in the office or remote.
- Most Schwabbies have the opportunity to voluntarily work in the office or at home based on their preference*
- When the firm is ready to fully return to the office, employees will have the flexibility of a hybrid work environment, spending some time working remote and some time in the office.
- Employees and managers can discuss and decide what works best for them, with additional flexibility available based on their role, business needs, and individual circumstances.
*Subject to change as Schwab is continually evaluating the current environment in order to best care for the safety and well-being of our employees.
Location: Westlake, TX – Austin, TX
Job date: Fri, 03 Jun 2022 22:07:10 GMT
Apply for the job now!