Apply for this job now

Technology Information Security Officer - Remote

Location
Sacramento, California
Remote Working
Remote Working
Job Type
Permanent
Posted
14 Jul 2022
Your Opportunity

This role can be telecommute

The Security Strategy, Research & Design team handles the Firms security strategy and domain security architecture vision and development. We drive and synchronize security strategies aligned with technology and business priorities along with validating future directions through security research and innovation. To more effectively and efficiently carry out our security mission, we are seeking outstanding candidates for a Director, Technology Information Security Officer (TISO). TISO provides leadership on security subject matter through eliciting business requirements, design of security integration architectures and development of Client and Workforce facing authentication and access security standards and reference architectures. This role is responsible for the relationship between Schwabs Cybersecurity Services function, workforce management and client application management technology teams, consisting of over developers, engineers, architects, and other IT professionals. TISO will provide highest level technical security advisory service to internal teams. The successful candidate must understand the differences between a traditional workforce focus and CIAM, including the challenges associated with cybersecurity and compliance.

What you are good at

Functioning as a senior lead, a successful candidate will demonstrate maturity, strong communication and decision making skills, and executive presence, ultimately building up their own professional network within the company. Other abilities essential to the role are influencing decision makers, mastering business concepts, and possessing excellent written and oral communications skills.

This role requires a high level of technical expertise in multiple disciplines within Customer Identity & Access Management (CIAM) and Application Security, providing security design guidance to development teams for legacy and new development. The role will require mentorship, design guidance, and consultation to drive change and support to Schwab client authentication and security program.

Communicate and collaborate with cross-functional peers outside of the Technology Division, including Enterprise Risk Management, Third Party Risk Management, and other business unit leadership. Drive objectivity and build consensus among internal and external stakeholders with widely divergent perspectives and drivers.

Lead application security assessments and assist in planning the remediation of assessment, audit, and regulatory findings. Participate in and contribute to key working groups across the enterprise, including but not limited to Architecture Review Board. Prepare reports for senior management including presentations, metrics, and other documentation required to support governance functions.

Responsibilities:
  • Ensuring coordinated, effective, and efficient service delivery from Global Security to Client Applications and Workforce Solutions
  • Ensuring the coverage and operating effectiveness of key security controls in the Client Applications and Workforce Solutions technology environment
  • Devising and operating a leveraged, risk-based method for coupling centralized product security resources to the Client Applications and Workforce Solutions technology team
  • Develop and continually refine metrics and provide reporting to peers and senior executives
What you have

The successful candidate will have their foundational skill set in information security risk and controls. Serving the technology organization, they will need strength in assessing and deliberating technical risk as a subject-matter expert, basing their experience in time served in an area such as application or infrastructure security.
  • 12+ years of total experience in information technology, with at least 5 years of that working in the Customer/consumer Identity (CIAM) space
  • Experience in educating and working with the business application leaders and developer community is a plus
  • Experience with JavaScript and one of the major JavaScript MVC frameworks (Backbone, Angular, Ember, React, etc.)
  • Experience with one or more CIAM vendor solutions: Transmit, Okta/Auth0, other leaders in the CIAM space
  • Understand how client applications drive UX through CIAM differentiators (social login, progressive login, CRM integration, etc.)
  • Understanding of legal and privacy issues involved in tracking and managing user consent and privacy preferences
  • Familiarity with API Gateways such as Apigee, Mulesoft, etc and their role in API Management
  • Experience with technologies and protocols to support identity federation and robust access control models (e.g., SAML 2.0, WS-Federation, OAuth, OpenID Connect)
  • Experience with a formal risk governance mechanism, such as a Governance Risk and Compliance tool workflow, through which individual risk findings are documented, analyzed, accepted, and tracked and managed
  • Experience developing, formalizing, and operating security business requirements & processes
  • Experience managing projects, programs, and initiatives of significant size and scale, especially where information security resources had to be prioritized based on risk
  • Experience in technical application security, infrastructure security, as a developer, system administrator / site reliability engineer, vulnerability manager, security architect, or other role(s) granting strong direct experience in assessing technical risk and risk mitigation with compensating controls
  • Experience assessing cloud-specific security risk; knowledge of cloud models, appropriate controls and assurance factors for each; Understanding of Cloud Service Providers, GCP, AWS, Azure; hands-on experience preferred
  • Experience with information security aspects of compliance and accreditation, such as PCI, ISO, FISMA, FedRAMP, NIST 800-53, and/or SOC 2
  • Experience with or deep exposure to the financial industry, focused on clearing or trading
  • Demonstrable knowledge of a broad range of Information Security technologies and practices
  • Demonstrable, impeccable writing skills for technical, management, and executive audiences
  • Demonstrable communication capabilities including oral presentation and ability to present in front of executive leadership Demonstrable experience coordinating multiple concurrent issues, in high-pressure situations
  • Experience with security analysis, design and service development Advanced knowledge of application security assessments
  • High understanding of entire development process, including specification, documentation and quality assurance High degree of understanding in the theories, methodologies and principals underlying secure technical analysis, design and implementation of secure networks, applications, systems, and databases
  • Candidates must have proven ability to build value propositions, business cases, drive results as part of a larger project or program team Relevant experience designing, implementing, and supporting large scale solutions High degree of understanding with Cryptographic Services Experience with Amazon Web Services, Microsoft Azure and GCP external cloud providers.
  • Education: A Bachelor's or Master's degree in Computer Science, Information Systems.
Colorado Compensation

Target Total Compensation -

Workplace Flexibility Program () : We're proud to support our employees in a working approach that allows you to bring your best self to work whether thats in the office or remote.
  • Most Schwabbies have the opportunity to voluntarily work in the office or at home based on their preference
  • When the firm is ready to fully return to the office, employees will have the flexibility of a hybrid work environment, spending some time working remote and some time in the office.
  • Employees and managers can discuss and decide what works best for them, with additional flexibility available based on their role, business needs, and individual circumstances.
Subject to change as Schwab is continually evaluating the current environment in order to best care for the safety and well-being of our employees.

Why work for us?

Own Your Tomorrow embodies everything we do! We are committed to helping our employees ignite their potential and achieve their dreams. Our employees get to play a central role in reinventing a multi-trillion-dollar industry, creating a better, more modern way to build and manage wealth.

Benefits: A competitive and flexible package designed to empower you for today and tomorrow. We offer a competitive and flexible package designed to help you make the most of your life at work and at hometoday and in the future. Explore further () .

Schwab is committed to building a diverse and inclusive workplace where everyone feels valued. As an Equal Opportunity Employer, our policy is to provide equal employment opportunities to all employees and applicants without regard to any status that is protected by law. Please click here () to see the policy.

Schwab is an affirmative action employer, focused on advancing women, racial and ethnic minorities, veterans, and individuals with disabilities in the workplace. If you have a disability and require reasonable accommodations in the application process, contact Human Resources at click apply for full job details
Apply for this job now

Details

  • Job Reference: 658138090-2
  • Date Posted: 14 July 2022
  • Recruiter: Charles Schwab
  • Location: Sacramento, California
  • Remote Working: Some remote working possible
  • Salary: On Application
  • Sector: Government & Defence
  • Job Type: Permanent