Vacancy expired!
Your Opportunity
In Corporate Risk Management (CRM), our mission is to execute an independent and coordinated risk management program that supports delivery of predictable long-term financial and operational performance in order to produce successful client and shareholder outcomes. In CRM's Technology Risk Management (TRM), we support CRM's mission by managing information and technology risks to protect client assets, client information and firm assets. The Sr. Manager, Cyber Resilience Oversight role reports into the Director of Cyber Resilience Oversight. As a 2nd line of defense function, this position is responsible for collaborating with the broader TRM team as well as 1st line of defense partners to establish, maintain, report on, and continuously mature the Firm's Cyber Resilience (CR), in support of the firm's Operational Resilience framework. Workplace Flexibility Program: We're proud to support our employees in a working approach that allows you to bring your best self to work - whether that's in the office or remote.- Most Schwabbies have the opportunity to work in the office and/or at home based on their preference
- Employees may have the flexibility for a hybrid schedule, where they divide their time between working remotely or in the office.
- Employees and managers can discuss additional flexibility options based on their role, business needs, and individual circumstances.
- Contribute to the development of policies, standards, and methodologies for implementation of resilience program elements
- Provide an independent voice and effective challenge responsive to identified CR risk, and the risk treatment of findings
- Perform risk assessments to determine the appropriate level of cybersecurity enhancements and recovery considerations for Firm business processes
- Partner with 1st line of defense risk to oversee cybersecurity response and recovery playbooks with a focus on recovery steps
- Partner with Business Continuity team to oversee integration points between business continuity and cyber resilience programs
- Champion the inclusion of CR controls within the Firm's Risk and Control Self-Assessment (RCSA) program by: ensuring technology owners are properly assessing cyber resilience risk in their environments, identifying breaks in the effectiveness of their CR controls, and mitigating discovered gaps
- Partner with other risk oversight functions, technology owners, and 1st line of defense risk managers to drive measurable and sustainable improvements within the control environment
- Create, maintain, and report on Issues/Findings, Action Plans, Risks, and Controls within the IBM OpenPages and/or Archer Governance, Risk, and Compliance (GRC) platform(s).
- Prepare regularly-scheduled and ad-hoc reports for management and risk committees regarding status of risk treatment activities
- Define management reporting requirements and metrics, including risk appetite metrics and key risk indicators
- Participate in strategic and tactical planning with 1st line of defense to mature the Firm's CR posture
- 5+ years of experience in, and a solid understanding of, any of the following: Cyber Resilience, Cybersecurity, Risk Management, IT Risk/Control, and/or IT Audit domains,
- Experience with Internal Audits, SSAE16, SOX, and/or regulatory assessments
- Understanding of control frameworks, industry standards, and regulatory guidance, including: NIST CSF, NIST SP800-53, NIST SP800-160 v2, FFIEC, Center for Internet Security (CIS) Critical Security Controls, MITRE ATT&CK Framework, etc.
- Understanding of the 'Three Lines of Defense' governance model
- Extensive experience with driving change to risk programs and policies/procedures
- Ability to assess and effectively communicate the operational, technical, and financial impact of findings and control issues to executive and business leadership, using language that is relevant to and understandable by the business
- Broad, high-level understanding of the retail and institutional broker/dealer and banking industry, including technology, back-office operations, and servicing
- Ability to manage multiple efforts simultaneously across a large matrixed environment
- CISSP, CISM, CISA, CRISC, or equivalent certifications
- BS degree in related fields (Cybersecurity, Computer Science, etc.)