Manager, Enterprise Operational Risk Testing

Your Opportunity

Your opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

The Enterprise and Operational Risk Testing (EORT) team is part of the Enterprise and Operational Risk Management organization and executes objective and thematic evaluations of risk management activities across the Company. Reporting to one of the Directors within EORT, the Manager, EORT is responsible for testing process, standards adherence as well as testing the design and effectiveness of controls across the Company’s Risk and Control Self-Assessment (RCSAs). This role will lead and support integrated testing projects quarterly across different business units and operational processes with a focus on formulating and performing risk-based tests related to information classification, data privacy, and data protection. Other areas of testing may also include risk disciplines in enterprise, operational, third-party, fraud, and data integrity. This role is an individual contributor but may manage team members on scheduled testing projects and will be expected to execute testing.

The Manager will have the opportunity to make a broad impact, working with first line of defense, technology risk management partners, and internal audit to collaborate and design testing projects. In this role you will be responsible for holding walk-throughs with the risk and business partners, partnering with other EORT colleagues for integrated reviews, developing and executing testing steps, sharing recommended improvements, and drafting issues and reports. This role allows you to present your findings to EORT leadership as well as risk and business partners.

What you have

To ensure that we fulfill our promise of “challenging the status quo,” this role has specific qualifications that successful candidates should have.

Required Qualifications:

• Bachelor’s degree in: Internal Audit, Finance, Business Administration, Technology Information Systems, Computer Science, Accounting, Economics, or related area of study.
• 3+ years of testing experience in audit, compliance, sox, or related area.
• 1+ years of experience developing and executing audits of information and technology systems, and the ability to evaluate and determine the adequacy and effectiveness of risk management, controls, and processes with a focus on information classification, data privacy, and data protection.
• Understanding of risk management and internal controls, and the ability to evaluate and determine the adequacy and effectiveness of controls and process reviews, process analysis, business intelligence and problem-solving techniques.
• Working familiarity with IIA Global Internal Audit Standards and COSO, COBIT, NIST, or FFIEC IT Examination guidance.
• 1+ years of experience documenting, presenting, and vetting testing results/findings with leadership.

Preferred Qualifications:

• Applied knowledge of related data-governance and privacy frameworks, best practices, and regulations (e.g., ISO 27000, NIST 800, GDPR, BCBS 239, FFEIC) to evaluate operational implications of controls such as access-management, data quality, masking, hashing, encryption throughout the data life cycle.
• Self-motivated along with ability to track multiple projects, demonstrating an ability to analyze and prioritize to meet competing deadlines.
• Comfort with ambiguity and the ability to create a clear path forward.
• Strong written and verbal communication skills with proven ability in communicating with middle management and translating technical control gaps into business risk impact.
• Ability to identify the information needed to clarify a situation, seek that information from appropriate sources, and use skillful questioning to draw out the information when others are reluctant to disclose it.
• Base knowledge of reading and analyzing business database queries and API calls to support testing evidence, including cloud-based databases such as Google Cloud.
• Demonstrated a level of understanding by having one of the nice-to-have or a closely related certification (e.g., CRISC, CISM, CDPSE, CISA, CIA, CISSP).

What you are good at

What you have

To ensure that we fulfill our promise of “challenging the status quo,” this role has specific qualifications that successful candidates should have.

Required Qualifications:

• Bachelor’s degree in: Internal Audit, Finance, Business Administration, Technology Information Systems, Computer Science, Accounting, Economics, or related area of study.
• 3+ years of testing experience in audit, compliance, sox, or related area.
• 1+ years of experience developing and executing audits of information and technology systems, and the ability to evaluate and determine the adequacy and effectiveness of risk management, controls, and processes with a focus on information classification, data privacy, and data protection.
• Understanding of risk management and internal controls, and the ability to evaluate and determine the adequacy and effectiveness of controls and process reviews, process analysis, business intelligence and problem-solving techniques.
• Working familiarity with IIA Global Internal Audit Standards and COSO, COBIT, NIST, or FFIEC IT Examination guidance.
• 1+ years of experience documenting, presenting, and vetting testing results/findings with leadership.

Preferred Qualifications:

• Applied knowledge of related data-governance and privacy frameworks, best practices, and regulations (e.g., ISO 27000, NIST 800, GDPR, BCBS 239, FFEIC) to evaluate operational implications of controls such as access-management, data quality, masking, hashing, encryption throughout the data life cycle.
• Self-motivated along with ability to track multiple projects, demonstrating an ability to analyze and prioritize to meet competing deadlines.
• Comfort with ambiguity and the ability to create a clear path forward.
• Strong written and verbal communication skills with proven ability in communicating with middle management and translating technical control gaps into business risk impact.
• Ability to identify the information needed to clarify a situation, seek that information from appropriate sources, and use skillful questioning to draw out the information when others are reluctant to disclose it.
• Base knowledge of reading and analyzing business database queries and API calls to support testing evidence, including cloud-based databases such as Google Cloud.
• Demonstrated a level of understanding by having one of the nice-to-have or a closely related certification (e.g., CRISC, CISM, CDPSE, CISA, CIA, CISSP).