Information Technology Specialist
The Technology Risk and Cybersecurity Compliance (TRACC) team is responsible for providing ongoing validation and continuous operating effectiveness of centralized technology processes, including establishing and leveraging data assurance processes for continuous monitoring, process improvement, and risk mitigation for Schwab. This position will collaborate with various teams throughout Schwab Technology Services to identify opportunities for control automation, and develop/implement a program for controls testing to improve compliance objectives.
The Controls Engineering and Process Improvement is responsible for assessing operational Access Management risks and related controls prior to formal lines of defense testing. They will partner with the team’s analytics lead on using digitized control evaluation techniques, and consult with IAM control owners and performers on control design and enhancement.
Processes and responsibilities will include:
- Design and execute evaluations of application, database, and server access-based controls portfolio.
- Assess control compliance for recently integrated applications (provisioning, terminations, transfers, access certifications, etc.).
- Use data analytics to scale control assessments and minimize impact on control owners and performers.
- Partner with control performers to enhance control design.
- Identify themes, trends, and emerging risks for escalation and communication to management.
- Consult with engineering teams regarding access risks related to emerging technologies and processes (e.g. RPA, Cloud, DevOps).
- Identify, Assess, and Recommend Tools and Techniques to automate information systems controls in consultation with process and control owners.
- Implement automation controls testing, and develop compliance monitoring dashboard for internal controls to support audit (external auditor, internal audit, SOX team, etc.) and regulatory (FRB, OCC, FINR, etc.) requirements.
- Test internal controls through automation, identify gaps, reduce risk, advance audit readiness objectives, and promote consistency to Schwab policies, standards, as well as industry standard common control frameworks.
- Assist management with development and documentation of achievable and balanced action plans to remediate identified control weaknesses.
- Assist with the development and dissemination of metrics reporting for senior leadership providing status updates and testing results.
What youre good at
- Familiarity with IT control and security frameworks (COBIT, COSO, NIST) and associated key risks.
- Experience with compliance automation techniques (workflow, exception reports) and/or audit analytics (data mining entire population for anomalies).
- Ability to understand risk, and the relationship with design and operating effectiveness of controls.
- Ability to problem solve and perform root cause analysis.
- Good communication and presentation skills; to be able to inform and persuade both verbally and in writing.
- Strong organizational skills with the ability to lead multiple projects and meet deadlines.
- Strong knowledge of Microsoft Word, Excel, Outlook, and PowerPoint.
- Working knowledge of computer-assisted audit tools (CAAT), such as IDEA or ACL will be a plus.
- Experience using Qualys Compliance Module or other security compliance tools will be a plus.
- Experience having designed/built RPA solutions using in-house or known technologies such as UIPath, Blueprism, Automation Anywhere or Workfusion will be a plus.
- Scripting knowledge (VB .NET, Python) is a plus.
- Working knowledge of financial institutions and the associated audit and regulatory environment is a plus.
- Occasional travel out of state for training or specific projects may be required (less than 10%)
What you have
- Data analytics, process engineering (Industrial Engineering, Six Sigma, etc.), information technology audit or access management experience.
- Bachelor’s degree, advanced degree, or certifications preferred (CISA, CISM, CISSP, etc.).
- Knowledge of access concepts (e.g. authentication vs. authorization, centralized vs. local authorization, roles vs. entitlements).
- Excellent analytical skills, including the ability to anticipate issues and to design appropriate solutions.
- Demonstrated written and oral communication skills.
- Demonstrated experience performing control evaluations within a complex environment.
- Preferred - Some Big 4 experience and professional certification(s) (CISA, CISSP, CIA or equivalent).