Managing Director, Schwab Security Operations

Your Opportunity

Managing Director, Cyber Security Operations

The Managing Director, Cyber Security Operations will lead the organization encompassing Identity and Access Management (IAM) Operations, Data Protection Operations, Cloud Security Operations and Cyber Operational metrics for the firm. The MD and his/her team will work to develop, operate, train, and facilitate the management of standard access controls, access product management, product roadmap, role engineering, application onboarding, and all access operations.

Key Outcomes:

Execute processes to grant, revoke, and certify access to centralized applications and facilitate operations of standard access controls maintained by the business.

• Create processes to facilitate reducing access risk and assure compliance with company policies and standards.
• Lead application onboarding and role evaluation across all enterprise applications and be responsible for all role engineering initiatives within the firm to improve attestation efficiency and reduce risk.
• Develop, operate and monitor database activity, data loss prevention operations, certificate management and encryption including the development and enhancement of controls and monitoring.
• Drive the data protection product roadmap, lead forward looking operational processes to reduce overhead and increase automation and reduce data protection risk throughout the organization with effective control management.
• Oversee all regulatory and audit efforts aligned to IAM, Data Protection and Cloud Security Operations to ensure risks are properly managed and controls operate effectively.
• Refine and enhance the SCS operational metrics program used by each SCS team, leadership and oversight organizations to drive continuous improvement and support the identification of risk.
• Serve as the primary point of contact with banking & securities regulators and ensures robust access program, adherence to our regulatory and non-regulatory security and data-related obligations.
• Responsible for a sizeable and growing budget while balancing short and long term tactical as well as strategic operational and process needs and relationships encompassing evaluation of the implications of decisions.
• Run day-to-day operations through documented procedures, runbooks, and escalation paths (including on-call) to ensure consistent execution, fast recovery, and minimal service disruption across IAM, Data Protection, and Cloud Security.
• Operate and continuously improve request/fulfillment workflows (JML, access requests, certifications, exceptions) with clear SLAs, queue health monitoring, and targeted automation to reduce backlog and processing time.
• Operate cloud security controls (CSPM/CWPP/CIEM) including alert triage, issue intake, remediation tracking, and exception handling with engineering teams to keep control health within defined thresholds.
• Provide operational support to Cyber Defense/IR (24x7 as required), including rapid privileged access actions, log/telemetry enablement, and control adjustments to support containment, investigation, and recovery.
• Run audit-readiness operations by producing routine control evidence, tracking control breaks to closure, and maintaining dashboards for control health to reduce surprises during internal/external reviews.
• Own operational vendor management for IAM, Data Protection, and Cloud Security tooling (support, incident response, patching/upgrades, renewals, and cost tracking) to maintain platform stability and predictable service delivery.
• Maintain operational readiness through staffing plans, role-based training, and periodic drills (e.g., access emergencies, key compromise, control outages) to ensure coverage, quality, and consistent execution.
• Define, track, and report operational KPIs/SLAs (queue backlog, turnaround time, control exceptions, alert volumes, platform uptime) and run regular service reviews to drive issue remediation and continuous improvement.

What you have

Required Skills and Key Experiences:

• 15+ years of leadership experience in a large-scale, highly regulated environment, including leading multi-function operations teams across multiple locations and/or a 24x7 operating model.
• Outstanding organizational and planning skills as well as effective cross-enterprise communication and collaboration to increase awareness, improve Schwab’s defensive posture, balance priorities and risks, as well as consistently mature the program.
• Excellent judgement as well as priority management is paramount to properly adhere to our regulatory and compliance obligations, manage the risk to the brand, assure access risk is sufficiently mitigated.
• Proven ability to set a clear operating cadence (KPIs/SLAs, service reviews, escalation forums) and deliver measurable improvements in productivity, quality, control health, and risk reduction.
• Strong conceptual, strategic, and tactical planning skills with the ability to quickly sort through complex information, make trade-off decisions, and communicate clearly to senior leadership, audit/risk partners, and regulators.
• Deep experience in cyber security operations, including incident response partnership, operational risk management, and applying security/control frameworks and regulatory expectations (e.g., SOX, GLBA, FFIEC or similar).
• Demonstrated ability to manage complex vendor relationships and service providers—setting performance expectations, governing delivery quality, and coordinating support during incidents and high-severity events.
• Experienced people leader with a track record of assessing, selecting, and developing leaders and teams; provides balanced, direct, and actionable feedback while fostering accountability and continuous improvement.
• Exceptional relationship management and influencing skills; builds trust across Technology, Risk, Audit, Legal/Compliance, and business partners to drive alignment and deliver outcomes across organizational boundaries.Demonstrated operational discipline managing headcount, budgets, and competing priorities; able to optimize spending while maintaining a sound system of internal controls and risk management.
• Data-driven leader who establishes metric definitions and governance, ensures data quality, and uses dashboards to identify trends, surface risk, and prioritize operational improvements.