West Creek 1 (12071), United States of America, Richmond, Virginia
Senior Manager, Cyber Risk and Analysis
At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other teams within Capital One to push the envelope. The associate in this role will provide leadership, risk management, and controls expertise to the Card Technology top of house organization from a Cyber and Technology lens. In part, this position will lead first line quality assurance control execution, evaluation of control design and operating effectiveness, and help propel the Card organization toward preventive and automated controls management.
Additionally, you will collaborate closely with associates in our cyber and broader technology organization, as well as enterprise risk management to evaluate Card's compliance in the effectiveness of the company's technology controls infrastructure, and offer independent advice and recommendations regarding ways to further mature the division's technology risk management capabilities. You will challenge and innovate within the Divisional teams and with our Enterprise Cyber & Risk partners to drive process improvements, automation, and to elevate controls program efficiency. Security is essential to what we do here, from protecting our customers to our associates.
Responsibilities:

• Design a risk management framework enabling line of sight and governance to both processes and platforms
• Serve as a liaison, interfacing with business partners, Tech, and other assurance functions, such as risk management and cyber to drive meaningful reductions in risk
• Synthesize data and reporting; perform analysis and bring valuable insights through evaluation of data provided by team analysts
• Proactively identify information security risk and partner with key stakeholders to reduce or eliminate risk
• Impeccable written and oral communication credentials, coupled with strategic influencing skills
• Assess and rationalize control appropriateness, and glean insights from issues and events across tech
• Provide technical assessments of technology control design and effectiveness by advising on/performing independent testing when necessary
• Participate in management of the overall technology control inventory which defines the scope of the controls review program
• Collaborate internally and with our risk community (e.g. risk managers, risk leads, IRM groups, business risk offices, front line process owners) to mature our risk event practice methodologies and advance learning

About You:

• You have a desire to work in a very fast moving, forward leaning, and modern computing environment
• You are a thoughtful leader with focus on people development
• You have a strong desire to continually learn about new technologies
• You possess strong conceptual thinking and communication skills
• You are able to work well under minimal supervision
• You are a demonstrated team-oriented professional with interpersonal skills and the ability to interface effectively with a broad range of people and roles, including upper management, IT leaders, and external third parties
• You maintain calmness and clarity of thought under pressure and ability to maintain confidentiality
• You demonstrate strong ability to analyze information and data
• You demonstrate strong subject matter expertise and sound judgment when analyzing third party risk
• You operate in a collaborative manner to effectively assess risk while maintaining business relationships
• You develop and communicate quality recommendations to key stakeholders
• You communicate technical issues to non-technical people
• You demonstrate collaborative partnership skills for working with various points of contacts
• You demonstrate capacity to think broadly but go deep into subject matter when needed
• You have a deep understanding of strategic business objectives and the ability to drive results toward those objectives

Basic Qualifications:

• High School Diploma, GED, or equivalent certification
• At least 8 years of experience with technology or cyber security risk management frameworks
• At least 5 years of experience developing, evaluating, or implementing cybersecurity, technology, or risk assessment activities

Preferred Qualifications:

• Bachelors Degree
• 5 years of experience in PCI DSS, NIST, ISO, Physical Security, or IT Operations Management
• 3 years of experience at a Financial Institution
• 3 years of IT audit experience with a big four consulting firm
• CISSP, CISA, CISM or CRISC certification
• 3 years of experience performing Control Self Assessments (CSAs), or completing assessments against established industry risk frameworks, including: the NIST Cybersecurity Framework, ISO, COBIT v5, or COSO
• Experience in a regulated environment

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.
Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.
This role is expected to accept applications for a minimum of 5 business days.
No agencies please. Capital One is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex (including pregnancy, childbirth or related medical conditions), race, color, age, national origin, religion, disability, genetic information, marital status, sexual orientation, gender identity, gender reassignment, citizenship, immigration status, protected veteran status, or any other basis prohibited under applicable federal, state or local law. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.
If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.
For technical support or questions about Capital One's recruiting process, please send an email to
Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.
Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).