This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
Security is essential to what we do at Capital One, from protecting customer data to the associate experience. As a Cyber Risk Manager within the Governance and Risk division, you see security as an innovation enabler and differentiator, not a step in the compliance process. You thrive working with business and technology partners to achieve goals and objectives in a secure manner. You’re constantly looking for ways to leverage modern technology architectures. You enjoy solving tough cybersecurity problems in an iterative, team environment. You are pragmatic and practical in your understanding of software development and IT operations, and have experience with industry risk frameworks and models. You possess a technical understanding of software engineering best practices, cloud infrastructure, security scanning and detection tools, and tool configuration management. This knowledge will help you collaborate and innovate with customers and colleagues to enhance our technology risk posture. At Capital One, you will be a vital contributing member to a cybersecurity tool evaluation team, responsible for identifying gaps and seams in our cybersecurity posture and will be responsible for supporting the identification of solutions to address them. In this role, you will leverage your technical and evaluative experience to identify, understand, capture, and communicate security risks, and leverage other experts to inform your efforts and escalate when necessary. In this capacity, you will work with cybersecurity solution and delivery teams and interface closely with them as well as our partners in Enterprise Services Risk and Tech Risk Management to seek input, socialize identified issues and proposed solutions, and facilitate agreement on evaluation results.
Job Responsibility
Serve as an Information Security Risk Management subject matter expert and advise on best practices in risk reduction through the configuration of cybersecurity tools and platforms
Leverage capability, risk, and/or threat classification frameworks and standardization methodologies to facilitate evaluations of cybersecurity tool effectiveness
Through the periodic re-evaluation of cybersecurity tools and suites, support the implementation and execution of a continuous improvement program, inclusive of risk and issue identification, corrective action implementation, and results validation
Articulate operations, compliance, and cybersecurity objectives for engineering and products to inform prioritized risk reduction
Effectively communicate the impact of identified operational, compliance, process, control, and tooling gaps and potential remediation courses of action to multiple audiences, including leadership, to support the enhancement of their cybersecurity postures
Lead solutioning for, and manage activities in response to, large-scale enterprise risk reduction efforts
Requirements
High School Diploma, GED, or equivalent certification
At least 3 years of experience in cybersecurity
At least 1 year of experience with technology or cybersecurity risk management frameworks
Nice to have
Bachelor's Degree
3+ years of experience in operational compliance or IT audit
4+ years of experience with cyber tooling and operations
3+ years of experience with monitoring, gathering, and assessing artifacts as part of continuous security monitoring such as: C&A, POA&M, NIST 800-37, MITRE ATT&CK or MITRE D3FEND
1+ years of experience utilizing Agile methodologies
Cybersecurity certifications such as: Security +, CRISC, CISSP, CISM, CSA, AWS Cloud Practitioner, or AWS Certified Solutions Architect Associate Certification
What we offer
Performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
Comprehensive, competitive, and inclusive set of health, financial and other benefits