Sr. Manager - Cloud Risk Assessments (Individual Contributor)

Pay range: USD $140,000.00 - $165,000.00 / Year

Your opportunity

At Schwab, you're empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us "challenge the status quo" and transform the finance industry together.

We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).

The Cyber Assessments and Resilience Team is a first line of defense team within Schwab Cybersecurity Services, focused on ensuring that services and applications across Schwab's portfolio are assessed for technology risk, cybersecurity risk, and privacy compliance.

This role will focus on enhancing and conducting cloud and cybersecurity assessments, specifically acting as a subject matter expert in the development and operation of our cloud assessment program. The result will be enhanced control assurances for safeguarding client data, meeting regulatory obligations, and strengthening Schwab's cybersecurity posture. The role may also participate in other cybersecurity assessments as needed.

As a Cloud & Cybersecurity Risk Assessment Senior Manager, you will:

• Evaluate cloud security controls across public, private, and hybrid environments using industry frameworks (CSA CCM, CIS Benchmarks, NIST CSF).
• Review data flows and storage locations in cloud architectures to validate encryption, access controls, and data residency requirements.
• Maintain expertise in cloud-native security services (AWS, Azure, GCP) and emerging privacy technologies.
• Advocate and promote awareness of cloud security and privacy risks across business and technology teams.
• Translate technical control gaps into risk-based language for remediation and executive reporting.
• Prepare detailed risk assessment reports and deliver executive-level presentations outlining cloud and privacy risk posture, trends, and remediation status.
• Perform continuous monitoring of identified gaps and provide regular updates to senior management.
• Drive automation initiatives for cloud control validation and PIA workflows.
• Contribute to the development of cloud and privacy risk metrics for dashboards and regulatory reporting.
• Conduct other security assessments including Privacy Impact Assessments (PIAs) for new and existing applications, Third-party service providers, and ad hoc assessments.

• Security assessment program design and build.
• Building strong relationships and partnering closely with security, privacy, and technology teams across Schwab.
• Communicating complex technical and regulatory concepts in clear, actionable terms.
• Driving continuous improvement in assessment processes, reporting, and automation.
• Working independently and collaboratively in a fast-paced, results-oriented environment.
• Mentoring junior team members.

• 5-8 years of experience in information security, cloud architecture, risk management, or privacy compliance, with hands-on experience in cloud security assessments and PIAs.
• Strong knowledge of cloud platforms (AWS, Azure, GCP) and associated security controls.
• Expertise in information security best practices and technology risk management disciplines.
• Experience with frameworks such as CSA CCM, ISO 27001, and NIST CSF.
• Working knowledge of software development practices and technologies.
• Ability to develop and present risk metrics and executive dashboards.
• Excellent analytical and technical skills; able to research problems, determine root causes, and propose solutions.
• Familiarity with privacy-by-design principles and data protection laws (GDPR, CCPA, GLBA).
• Experience using collaboration platforms such as MS SharePoint, PowerBI, PowerAutomate, and Jira.
• Bachelor's Degree in Computer Science or related discipline.
• Relevant certifications or ability to obtain: CISSP, CCSP, CIPT, CISM, or CRISC.

• Experience with cloud compliance automation tools.
• Knowledge of data residency and cross-border data transfer requirements.
• Familiarity with privacy-enhancing technologies.

• 401(k) with company match and Employee stock purchase plan
• Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
• Paid parental leave and family building benefits
• Tuition reimbursement
• Health, dental, and vision insurance