Business Information Security Officer (BISO) - Digital Assets

About The Position

Requirements

• Bachelor's degree in Information Security, Computer Science, Engineering, or related field.
• 7+ years in cybersecurity or technology risk.
• Experience with digital assets, blockchain, or crypto custody/security.
• Familiarity with cybersecurity frameworks: NIST CSF, NIST 800-53, , SOC 2, FFIEC.
• Strong communication and risk articulation skills.

Nice To Haves

• Cybersecurity related certification such as: CISSP, CISM, CRISC, CCSP, CISA or similar.
• Crypto-focused credentials or blockchain training.
• Knowledge of key management systems, smart contract risks, and cloud security.
• Experience with GRC (Governance Risk & Compliance) platforms.

Responsibilities

• Cybersecurity Governance & Business Alignment Serve as the embedded security partner for Digital Assets business teams, aligning security requirements with product and operational objectives.
• Translate enterprise cybersecurity policies and procedures into practical, actionable expectations for digital asset initiatives.
• Participate in project planning, architecture reviews, and roadmap discussions to ensure secure design and regulatory alignment.
• Support risk exception, risk acceptance, and mitigation processes.
• Digital Asset & Cryptocurrency Risk Assessments Lead end-to-end cybersecurity risk assessments for digital asset products, crypto custody models, wallet operations, blockchain integrations, and supporting vendors.
• Evaluate risks related to private key management, wallet operations, smart contract risks, node infrastructure, and transaction processes.
• Document risks, recommend compensating controls, and track remediation to closure.
• Vendor Cybersecurity Oversight Own the security risk lifecycle for digital asset vendors—from due diligence and contract negotiation to ongoing monitoring.
• Review vendor cybersecurity evidence (SOC 2, pen tests, questionnaires, cloud posture).
• Ensure contractual controls for data protection, breach notification, crypto asset handling, and regulatory adherence.
• Track and drive remediation of vendor findings.
• Education, Policy, and Standards Enablement Educate business, engineering, and operations teams on Schwab's cybersecurity policies and secure practices.
• Develop crypto-specific security training and guidance.
• Promote a culture of security awareness.
• Compliance, Audit, and Regulatory Support Prepare and coordinate internal/external audit activities.
• Ensure controls operate effectively and evidence is complete.
• Support alignment with SEC, FINRA, OCC, FFIEC, and other regulatory expectations.
• Cyber Incident Preparedness & Response Collaborate with Cyber Operations and IR teams for crypto-specific incident preparedness.
• Contribute to playbooks for key compromise, vendor breaches, on-chain exploits, and blockchain outages.
• Risk Reporting & Executive Communication Produce business-focused reporting on residual risk, vendor posture, assessment outcomes, KRIs, and audit findings.
• Present risks and recommendations to leadership.