We believe that, when done right, investing liberates people to create their own destiny. We are driven by our purpose to champion every client’s goals with passion and integrity. We respect and appreciate the diversity of our employees, our clients, and the communities we serve. We challenge conventions strategically to create value for our clients, our firm and the world. We live and bring to life the concept of ‘own your tomorrow’ every day. We champion our employee strengths, guide their development, and invest in their long-term success. We hire optimistic, results-oriented, curious, innovative, and adaptable people with the desire to help our clients and one another succeed.
As a company, we were established by Chuck over 40 years ago to champion Main Street over Wall Street, and to help Americans transform themselves from earners to owners. Through advocacy and innovation, we work to make investing more affordable, accessible and understandable for all. As we enter our fifth decade, we are looking for talented, innovative and driven people who believe they can help themselves, and our clients, create a better future.
The Senior Vulnerability and Risk Analyst will assist with day-to-day operations to ensure that the requirements of the Schwab Information Security Policy are carried out for any technology functions related to vulnerability and threat risk management: identification, remediation, mitigation, and reporting.
What you’ll do:
Vulnerability Identification and Analysis
- Manage the enterprise vulnerability assessment program, which will include conducting regular patch & configuration vulnerability assessments against core infrastructure via commercial scanning tools (i.e. Rapid7, Nessus, TripWire, Qualys, etc)
- Research & Evaluate threats and vulnerabilities to assist in prioritization of remediation actions
- Investigation of conflicting compliance reports (failed patches, patch supersedence, failed GPO application, etc)
- Monitor for compliance & drift against corporate security standards
- Provide real time decision making for ongoing information security incidents as they occur
- Maintain current knowledge of all Schwab configuration security baselines and patch standards
- Optimize and ensure the continued & effective operation of the information security control process life-cycle, including release dates, severity patch timelines, burn-in cycles, & corporate infrastructure freezes.
Remediation & Mitigation
- Partner with currency teams and application owners to ensure remediation of identified vulnerabilities occurs within noted timeframes and in adherence with corporate change control policies
- Ensure proper system owners are filing exceptions within Archer, when requested
- Develop and maintain methods to validate identified vulnerabilities are resolved
- Develop escalation procedures for all vulnerabilities not remediated within set guidelines
- Creation of metrics highlighting current infrastructure compliance ratings
- Creation of compliance trending reports
- Develop and deliver communications to senior management regarding strategic security risks and threats
- Partner with appropriate groups to help ensure all system information is current and accurate in CMDB
- Develop reports highlighting current ‘at risk’ asset groups
- Provide consultative services to department management and IT project teams to help raise awareness of Information Security issues and concerns affecting the corporation
- Provide oversight and guidance to less experienced team members
- Act a mentor to less experienced colleagues
What you have:
- Bachelor’s degree (BS preferred) or equivalent experience
- Working knowledge and experience with diverse IT architectures and enterprise IT data centers, external hosted services and cloud computing environments.
- Knowledge and experience with physical and virtual server configurations and implementations.
- Experience with configuration management, change control processes, problem determination, root cause analysis, risk assessment, & exception management.
- Working knowledge of CIS Baselines, NIST, vendor security guidelines, etc.
- 2+ years technical operations providing system/platform support
- Working knowledge of both windows and nix based operating systems
- Advanced knowledge of elements of information technology stack ( i.e. network, operating system, sub-system, display/application) and inter-relationships between the various functional components
Information Security Knowledge:
- Experience in overseeing the implementation, maintenance and compliance with government/industry information security regulations/frameworks (SOX, FDIC, FFIEC, NIST, and ISO)
- Experience using and supporting commercial vulnerability and compliance scanning products (e.g. Qualys, Rapid7, TripWire, Foundstone, nCircle, Nessus)
Personality & Capabilities:
- Able to work effectively
- Manage multiple priorities, requests and tasks with minimal supervision
You demonstrate these behaviors:
Curious: Constantly learns more about our clients, competitors, industry and the broader market to drive insights and decisions
Innovative: Defines a compelling vision of the future, and develops breakthrough ideas, whether big or small, that support that vision
Overcomes Barriers: Takes responsibility for addressing obstacles that hinder our people and our business
Delivers Results: Delivers positive results regardless of circumstances, utilizing the right mix of analysis, judgment, agility and urgency
What you’ll get:
- Comprehensive Compensation and Benefits package
- Financial Health: 401k Match, Employee Stock Purchase Plan, Employee Discounts, Personalized advice, Brokerage discounts
- Work/Life Balance: Sabbatical, Paid Parental Leave, New Mothers returning to work Program, Tuition Reimbursement Programs, Time off to volunteer, Employee Matching Gifts Program
- Everyday Wellness: Health and Lifestyle Wellness Rewards, Onsite Fitness Classes, Healthy Food Choices, Wellness Champions
- Inclusion: Employee Resource Groups, Commitment to diversity, Strategic partnerships
- Not just a job, but a career, with an opportunity to do the best work of your life
Learn more about Life@Schwab.
Charles Schwab & Co., Inc. is an equal opportunity and affirmative action employer committed to diversifying its workforce. It is Schwab's policy to provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity or expression, national origin, ancestry, age, disability, legally protected medical condition, genetic information, marital status, sexual orientation, protected veteran status, military status, citizenship status or any other status that is protected by law.
||English - spoken
|Current Licenses / Certifications:
|Relevant Work Experience:
||IT-Other Specialty Engineering-6+ yrs
|Position Located In:
||AZ - Phoenix
Activation Date: Thursday, October 19, 2017
Expiration Date: Saturday, December 30, 2017