Your Opportunity

Your opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).

In Schwab Cybersecurity Services (SCS), we provide platforms, services, and security operations capabilities which enable the firm to produce successful client and shareholder outcomes securely and safely.  Securing our IT assets, data, and access to applications is the core of who we are and what we do.  We ensure only the appropriate entities have access to IT resources and that we adhere to best practices and standards to ensure a safe and compliant environment is maintained.

We are seeking a highly motivated and detail-oriented Access Risk and Controls Sr. Security Specialist to join our team. This cybersecurity role will focus on supporting and enhancing access control frameworks, collaborating with cybersecurity and risk teams, and ensuring effective implementation and operation of access-related controls. The ideal candidate will have a strong understanding of identity and access management (IAM), risk management, and control testing processes.

Key Responsibilities:

• Collaborate regularly with Schwab Cybersecurity teams, risk partners, and Access Risk & Control (ARC) teams to align on access control strategies and risk mitigation.
• Guide/Advise technical and business teams on required access controls, including timing, implementation methods, and best practices for ongoing operation.
• Assist in the implementation and facilitation of access controls across various systems and platforms.
• Partner with control owners and performers to coordinate evidence collection for control testing and audit readiness.
• Support risk analysis, issue identification, and remediation planning in collaboration with cross-functional teams.
• Research and review process to ensure operational efficiency for security team and employees.
• Maintain and manage process documentation, control mappings, and performance metrics for access-related processes.
• Continuously identify and recommend opportunities to streamline and improve access control processes and increase operational efficiency.
• Validate identity controls and settings that align with policies and identity governance and administration (IGA) process.
• Conduct business impact and risk exposure and make recommendations where security can improve.
• Participate in quality assurance of solutions and features to ensure optimal use and security IAM best practices.
• Make recommendations to improve automation, security practices and end-user experience.
• Facilitate opportunities to improve efficiencies automating and advancing IAM and IGA processes.
• Be aware of advanced technologies and use of AI/machine learning as businesses adopt to improve operational efficiency

What you have

Required Qualifications:

• Bachelor’s degree in Information Security, Information Systems, Risk Management, or a related field.
• 3+ years of experience in access management, cybersecurity, or IT risk and controls.
• Strong understanding of access control frameworks, IAM principles, and risk management practices.
• Experience working with control testing, evidence collection, and audit processes.
• Excellent written and oral communication and collaboration skills to work effectively with technical and non-technical stakeholders.
• Proficiency in documenting processes, creating control mappings, and tracking metrics.
• Skilled in creating and evaluating solution design/mappings with emphasis on automation and efficiency.
• Track record acting with integrity, taking pride in work, seeking to excel, being curious and flexible.
• Excellent judgment and the ability to make quick decisions when working with complex situations.
• High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.

Preferred Qualifications:

• Experience with tools such as SailPoint, Powershell, Jira, GRC.
• Familiarity with regulatory frameworks such as SOX, ISO 27001, NIST, or COBIT.
• Familiarity with directory services, Windows and Entra ID/Azure AD, SSO, MFA, zero trust, attribute-based access, and policy and role-based access.
• Ability to manage multiple priorities in a fast-paced environment.
• Relevant professional certifications (CISA, CISSP, CIA or equivalent).

In addition to the salary range, this role is also eligible for bonus or incentive opportunities.

What you are good at

What you have

Required Qualifications:

• Bachelor’s degree in Information Security, Information Systems, Risk Management, or a related field.
• 3+ years of experience in access management, cybersecurity, or IT risk and controls.
• Strong understanding of access control frameworks, IAM principles, and risk management practices.
• Experience working with control testing, evidence collection, and audit processes.
• Excellent written and oral communication and collaboration skills to work effectively with technical and non-technical stakeholders.
• Proficiency in documenting processes, creating control mappings, and tracking metrics.
• Skilled in creating and evaluating solution design/mappings with emphasis on automation and efficiency.
• Track record acting with integrity, taking pride in work, seeking to excel, being curious and flexible.
• Excellent judgment and the ability to make quick decisions when working with complex situations.
• High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.

Preferred Qualifications:

• Experience with tools such as SailPoint, Powershell, Jira, GRC.
• Familiarity with regulatory frameworks such as SOX, ISO 27001, NIST, or COBIT.
• Familiarity with directory services, Windows and Entra ID/Azure AD, SSO, MFA, zero trust, attribute-based access, and policy and role-based access.
• Ability to manage multiple priorities in a fast-paced environment.
• Relevant professional certifications (CISA, CISSP, CIA or equivalent).

In addition to the salary range, this role is also eligible for bonus or incentive opportunities.