IT Risk Services Senior Manager, Technology Risk & Cybersecurity Compliance

Your Opportunity

Your opportunity

At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).

The Senior Manager, Technology Risk Management (Level 58) is responsible for driving the maturation, standardization, and sustainment of STS Technology Risk Management programs and practices. This role has a strong focus on enabling effective Risk and Control Self-Assessment (RCSA) execution through the development of standardized processes, governance routines, quality management practices, and actionable reporting.

As a senior individual contributor, this role provides thought leadership, guidance, and hands-on execution across the STS community. The position requires close partnership with technology teams, business leaders, and oversight functions to ensure technology risks are identified, assessed, mitigated, and reported in alignment with enterprise risk management objectives, regulatory expectations, and industry frameworks.

The Senior Manager, Technology Risk Management will be responsible for the following duties:

• Drive the development, maintenance, and execution of STS RCSA processes, including the Risk and Controls Catalog, ensuring alignment with corporate requirements and industry frameworks.
• Maintain and mature standardized RCSA procedures, risk taxonomy, issue management processes, and supporting documentation.
• Proactively identify risks or controls requiring strengthening and collaborate with cross-functional partners to implement sustainable improvements in line with corporate standards and regulatory expectations.
• Develop, maintain, and socialize program guidance, best practices, and standards to support consistent execution across the STS practitioner community.
• Establish and maintain quality assurance standards, governance routines, and monitoring processes to evaluate the effectiveness of risk controls.
• Establish centralized reporting capabilities, metrics, and dashboards to support practitioners and STS Risk Services internal processes.
• Prepare and deliver executive-ready risk analysis, insights, and reporting for senior management and oversight stakeholders.
• Build and maintain strong partnerships with STS Management, Information Security Risk Management, Business Management, Internal Audit, Sarbanes-Oxley Compliance, and Enterprise Operational Risk Management.
• Lead or participate in cross-functional working groups to design, implement, and roll out new or enhanced risk management processes and tools.
• Stay current on emerging technology risks, evolving regulatory requirements, and new methodologies, including the application of AI and automation in risk management.

What you have

Required Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Risk Management, or a related discipline, or equivalent industry experience.
• 3+ years of experience in technology, cybersecurity, or technology risk management disciplines.
• Strong knowledge of technology risk and control concepts, including industry frameworks such as NIST, ISO, and COBIT.
• Experience with Risk and Control Self-Assessment (RCSA) programs, risk and controls catalogs, and governance practices.
• Ability to translate business needs into technical and risk requirements and implement practical solutions.
• Strong analytical, problem-solving, and communication skills, with the ability to influence across diverse stakeholder groups.
• Proven ability to work independently, manage multiple priorities, and lead initiatives or working groups.
• Proactive, detail-oriented approach to risk identification and mitigation.
• Strong collaboration and negotiation skills across first and second lines of defense.

Preferred Qualifications

• 5+ years of experience in technology risk management, cybersecurity, or related disciplines.
• Experience developing risk metrics, quality standards, and executive dashboards.
• Familiarity with AI technologies, automation, or advanced tooling as applied to risk assessment and control monitoring.
• Professional certifications such as CRISC, CISA, CISSP, or CISM.

What you are good at

What you have

Required Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Risk Management, or a related discipline, or equivalent industry experience.
• 3+ years of experience in technology, cybersecurity, or technology risk management disciplines.
• Strong knowledge of technology risk and control concepts, including industry frameworks such as NIST, ISO, and COBIT.
• Experience with Risk and Control Self-Assessment (RCSA) programs, risk and controls catalogs, and governance practices.
• Ability to translate business needs into technical and risk requirements and implement practical solutions.
• Strong analytical, problem-solving, and communication skills, with the ability to influence across diverse stakeholder groups.
• Proven ability to work independently, manage multiple priorities, and lead initiatives or working groups.
• Proactive, detail-oriented approach to risk identification and mitigation.
• Strong collaboration and negotiation skills across first and second lines of defense.

Preferred Qualifications

• 5+ years of experience in technology risk management, cybersecurity, or related disciplines.
• Experience developing risk metrics, quality standards, and executive dashboards.
• Familiarity with AI technologies, automation, or advanced tooling as applied to risk assessment and control monitoring.
• Professional certifications such as CRISC, CISA, CISSP, or CISM.