Manager, Enterprise Operational Risk Testing

Pay range: USD $93,200.00 - $115,000.00 / Year

Your opportunity

At Schwab, you're empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us "challenge the status quo" and transform the finance industry together.

The Enterprise and Operational Risk Testing (EORT) team is part of the Enterprise and Operational Risk Management organization and executes objective and thematic evaluations of risk management activities across the Company. Reporting to one of the Directors within EORT, the Manager, EORT is responsible for testing process, standards adherence as well as testing the design and effectiveness of controls across the Company's Risk and Control Self-Assessment (RCSAs). This role will lead and support integrated testing projects quarterly across different business units and operational processes with a focus on formulating and performing risk-based tests related to information classification, data privacy, and data protection. Other areas of testing may also include risk disciplines in enterprise, operational, third-party, fraud, and data integrity. This role is an individual contributor but may manage team members on scheduled testing projects and will be expected to execute testing.

• Bachelor's degree in: Internal Audit, Finance, Business Administration, Technology Information Systems, Computer Science, Accounting, Economics, or related area of study.
• 3+ years of experience in audit, compliance, sox, or related area of testing.
• Understanding of risk management and internal controls, and the ability to evaluate and determine the adequacy and effectiveness of controls and process reviews, process analysis, business intelligence and problem-solving techniques.
• 1+ years of experience developing and executing audits of information and technology systems, and the ability to evaluate and determine the adequacy and effectiveness of risk management, controls, and processes with a focus on information classification, data privacy, and data protection.
• Working familiarity with IIA Global Internal Audit Standards and COSO, COBIT, NIST, or FFIEC IT Examination guidance.
• 1+ years of experience documenting, presenting, and vetting testing results/findings with leadership.

• Applied knowledge of related data-governance and privacy frameworks, best practices, and regulations (e.g., ISO 27000, NIST 800, GDPR, BCBS 239, FFEIC) to evaluate operational implications of controls such as access-management, data quality, masking, hashing, encryption throughout the data life cycle.
• Self-motivated along with ability to track multiple projects, demonstrating an ability to analyze and prioritize to meet competing deadlines.
• Comfort with ambiguity and the ability to create a clear path forward.
• Strong written and verbal communication skills with proven ability in communicating with middle management and translating technical control gaps into business risk impact.
• Ability to identify the information needed to clarify a situation, seek that information from appropriate sources, and use skillful questioning to draw out the information when others are reluctant to disclose it.
• Base knowledge of reading and analyzing business database queries and API calls to support testing evidence, including cloud-based databases such as Google Cloud.
• Demonstrated a level of understanding by having one of the nice-to-have or a closely related certification (e.g., CRISC, CISM, CDPSE, CISA, CIA, CISSP).

• 401(k) with company match and Employee stock purchase plan
• Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
• Paid parental leave and family building benefits
• Tuition reimbursement
• Health, dental, and vision insurance