Sr. Manager - Cybersecurity Assessment Support (PL)

Your Opportunity

Your opportunity

The Cyber Assessments and Resilience Team is a first line of defense team positioned within the Schwab Cybersecurity Services vertical, aligned to ensure that services and applications within the Schwab Portfolio are assessed from a technology risk, cybersecurity risk, and cyber resilience perspective.

The Senior Manager, Cybersecurity Assessment Support (PL) plays a pivotal leadership role the team. They will oversee a medium-sized team of professionals whose core responsibilities include negotiating terms and conditions within Information Security Addendums with vendors, and supporting key platform technologies that underpin our risk management and assessment processes. The ideal candidate will combine deep expertise in cybersecurity, strong negotiation capabilities, and hands-on experience with a range of modern risk and workflow management tools, including reporting and metrics sources from those tools.

This is a key role in assuring that cyber risks are effectively managed, Schwab client information is protected, and our client’s trust is maintained. Success in this role will require ability to exercise influence, communicate effectively, think strategically, and work collaboratively among internal and external stakeholders across multiple functions combined with strong expertise in risk management discipline and security and technology controls best practices. This is a people management role.

What you’ll do:

• Lead, mentor, and develop a high-performing team of cybersecurity professionals, fostering a culture of continuous improvement and collaboration.
• Oversee the negotiation of Information Security Addendums with third-party vendors, ensuring alignment with regulatory requirements and organizational risk tolerances.
• Serve as the primary point of contact for escalations and complex negotiations, collaborating with legal, procurement, and business stakeholders.
• Support the implementation, configuration, and optimization of platform technologies essential to the vendor risk management lifecycle
• Lead efforts on reporting and metrics from the various platforms in use between the different types of assessments to ensure we continue to understand the risks and maintain operational maturity of the assessment programs
• Effectively communicate with senior leadership and provide status updates on significant initiatives and aggregate reporting across the programs
• Provide consultative support and collaborate with business partners and third-party management stakeholders to identify enhancement opportunities to strengthen third-party management processes and controls
• Coordinate with the risk management oversight groups on the development of quarterly reporting of third-party risk metrics to management committees
• Assist with gathering data and providing information during Internal Audit Reviews and Regulatory Examinations for Operational Risk Management and Third-Party Risk Management
• Develop and maintain a good working relationship with colleagues in other risk and control functions, including Corporate Vendor Management, Third Party Risk Management, Technology Risk Management, Bank Outsourcing and Oversight Management and other Corporate Risk Management teams
• Maintain up-to-date knowledge of the evolving threat landscape, regulatory requirements, and industry best practices.
• Execute ad-hoc projects as needed

What you have

• Bachelor’s degree in Information Security, Computer Science, or a related field (Master’s degree preferred).
• 5+ years’ experience as a people leader in third-party management, information security management, audit, oversight, SOX testing, operational risk management, or similar role
• Demonstrated experience negotiating information security terms and conditions, managing third-party security risks, and understanding cybersecurity assessments in general
• Independent judgment with strong analytical and risk assessment skills
• Once or more of the following certifications preferred:  CISM, CISSP, CRISC, CISA, PMP
• Project management skills with ability to work independently and with a team, prioritize and manage multiple projects and succeed in a fast-paced, heavy workload environment
• Strong written and verbal communication skills with a proven track record of building effective working relationships with internal and external business partners and senior leaders
• Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001, SOC 2) and regulatory landscapes.
• Proven leadership experience with the ability to motivate and inspire teams.
• Strong analytical and problem-solving skills, with a commitment to high-quality work.

What you are good at

What you have

• Bachelor’s degree in Information Security, Computer Science, or a related field (Master’s degree preferred).
• 5+ years’ experience as a people leader in third-party management, information security management, audit, oversight, SOX testing, operational risk management, or similar role
• Demonstrated experience negotiating information security terms and conditions, managing third-party security risks, and understanding cybersecurity assessments in general
• Independent judgment with strong analytical and risk assessment skills
• Once or more of the following certifications preferred:  CISM, CISSP, CRISC, CISA, PMP
• Project management skills with ability to work independently and with a team, prioritize and manage multiple projects and succeed in a fast-paced, heavy workload environment
• Strong written and verbal communication skills with a proven track record of building effective working relationships with internal and external business partners and senior leaders
• Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001, SOC 2) and regulatory landscapes.
• Proven leadership experience with the ability to motivate and inspire teams.
• Strong analytical and problem-solving skills, with a commitment to high-quality work.