Manager, Enterprise Operational Risk Testing

n formulating and performing risk-based tests related to information classification, data privacy, and data protection. Other areas of testing may also include risk disciplines in enterprise, operational, third-party, fraud, and data integrity. This role is an individual contributor but may manage team members on scheduled testing projects and will be expected to execute testing.

The Manager will have the opportunity to make a broad impact, working with first line of defense, technology risk management partners, and internal audit to collaborate and design testing projects. In this role you will be responsible for holding walk-throughs with the risk and business partners, partnering with other EORT colleagues for integrated reviews, developing and executing testing steps, sharing recommended improvements, and drafting issues and reports. This role allows you to present your findings to EORT leadership as well as risk and business partners.

What you have

To ensure that we fulfill our promise of "challenging the status quo," this role has specific qualifications that successful candidates should have.

Required Qualifications:

• Bachelor's degree in: Internal Audit, Finance, Business Administration, Technology Information Systems, Computer Science, Accounting, Economics, or related area of study.

• 3+ years of testing experience in audit, compliance, sox, or related area.

• Understanding of risk management and internal controls, and the ability to evaluate and determine the adequacy and effectiveness of controls and process reviews, process analysis, business intelligence and problem-solving techniques.

• 1+ years of experience developing and executing audits of information and technology systems, and the ability to evaluate and determine the adequacy and effectiveness of risk management, controls, and processes with a focus on information classification, data privacy, and data protection.

• Working familiarity with IIA Global Internal Audit Standards and COSO, COBIT, NIST, or FFIEC IT Examination guidance.

• 1+ years of experience documenting, presenting, and vetting testing results/findings with leadership.

Preferred Qualifications:

• Applied knowledge of related data-governance and privacy frameworks, best practices, and regulations (e.g., ISO 27000, NIST 800, GDPR, BCBS 239, FFEIC) to evaluate operational implications of controls such as access-management, data quality, masking, hashing, encryption throughout the data life cycle.

• Self-motivated along with ability to track multiple projects, demonstrating an ability to analyze and prioritize to meet competing deadlines.

• Comfort with ambiguity and the ability to create a clear path forward.

• Strong written and verbal communication skills with proven ability in communicating with middle management and translating technical control gaps into business risk impact.

• Ability to identify the information needed to clarify a situation, seek that information from appropriate sources, and use skillful questioning to draw out the information when others are reluctant to disclose it.

• Base knowledge of reading and analyzing business database queries and API calls to support testing evidence, including cloud-based databases such as Google Cloud.

• Demonstrated a level of understanding by having one of the nice-to-have or a closely related certification (e.g., CRISC, CISM, CDPSE, CISA, CIA, CISSP).

What's in it for you

At Schwab, we're committed to empowering our employees' personal and professional success. Our purpose-driven, supportive culture, and focus on your development means you'll get the tools you need to make a positive difference in the finance industry. Our Hybrid Work and Flexibility approach balances our ongoing commitment to workplace flexibility, serving our clients, and our strong belief in the value of being together in person on a regular basis.

We offer a competitive benefits package that takes care of the whole you - both today and in the future:

• 401(k) with company match and Employee stock purchase plan
• Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
• Paid parental leave and family building benefits
• Tuition reimbursement
• Health, dental, and vision insurance