CrawlJobs Logo

Manager, Cyber Technical (Audits and Assessments)

capitalone.com Logo

Capital One

Location Icon

Location:
United States , McLean

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

179400.00 - 245600.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security and Risk Management. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other teams within Capital One to push the envelope. You are comfortable with technologies like Cloud services, Containers, Docker, Microservices, Serverless, APIs, DevOps and micro-segmentation. Security is essential to what we do here, from protecting our customers to our associates.

Job Responsibility:

  • Act as a central point of contact for your line of business to the rest of Capital One’s Information Security and Risk Management
  • Coordinate and execute proactive Information Security consulting to the business and technology teams covering Infrastructure Security, Resiliency, Data Security, Network Architecture and Design, and User Access Management
  • Serve as an expert in Capital One’s Information Security capabilities, solutions, policies, procedures and standards
  • Influence customers to leverage security capabilities and solutions to shift and integrate security to the left in the development processes
  • Escalate and manage cyber security risk
  • Provide ad hoc support on special Information Security hot topics for the business
  • Provide regular updates to executive leadership with your line of business on the overall Information Security health and risk environment
  • Work with line of business leadership to anticipate their objectives and needs to better serve the line of business

Requirements:

  • High School Diploma, GED, or equivalent certification
  • At least 4 years of experience providing guidance and oversight of cybersecurity concepts
  • At least 3 years of experience performing security risk assessments and security architecture reviews
  • At least 3 years of experience with architecture design, software design, networking or Cloud infrastructure

Nice to have:

  • Bachelor’s Degree
  • 6+ years of experience with Architecture design, software design, networking or Cloud infrastructure
  • 4+ years of experience in securing a public cloud environment (AWS, GCP, or Azure)
  • 2+ years of experience utilizing Agile methodologies
  • 2+ years of experience in Enterprise Monitoring
  • 2+ years of experience with technologies supporting finance, fintech, banking, payment cards, or a related domain
  • 2+ years of experience with web and mobile application security, and solid understanding of the OWASP Top Ten
  • 2+ years of experience with security testing, such as penetration testing, red teaming, vulnerability scanning, SAST and DAST
  • 2+ years of scripting or programming experience (Python, SQL, PHP, PowerShell)
  • Professional certifications such as AWS Certified Solutions Architect or Certified Information Systems Security Professional (CISSP)
  • 2+ years of experience with international regulatory cyber audits and assessments
What we offer:
  • performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being

Additional Information:

Job Posted:
January 25, 2026

Employment Type:
Fulltime
Work Type:
On-site work
Icon
Capital One - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Manager, Cyber Technical (Audits and Assessments)

Operational Technology (OT) Cyber Security Engineer

The OT Cyber Security Engineer will contribute to the delivery of high-quality t...
Location
Location
United Kingdom , Stockton-on-Tees
Salary
Salary:
Not provided
risktec.tuv.com Logo
Risktec Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A relevant technical degree or equivalent industry experience in OT cybersecurity is desirable
  • Good working understanding of industrial control systems (DCS, SCADA, PLCs, etc.)
  • Prior experience in technical delivery roles, including hands-on involvement in a project delivery or client-facing setting, is desirable but not essential
  • Evidence of delivering high-quality technical work under supervision
  • Foundational knowledge of OT cybersecurity practices, frameworks, and regulations, such as IEC 62443, CAF, OG86, and NIS
  • Awareness of OT cybersecurity techniques and tools for compliance with national/international standards, contributing to effective technical solutions
  • Developing competency in performing assignments in areas such as: Supporting risk assessments and vulnerability analysis of OT environments
  • Assisting in asset inventory preparation and management for industrial control systems (ICS)
  • Conducting physical and standards-based site audits, aligned with international standards
  • Contributing to network diagram creation to improve system visibility and security
Job Responsibility
Job Responsibility
  • Support risk assessments and create asset inventories for OT systems across client sites under supervision
  • Perform physical and standards-compliant site audits as directed by senior consultants or team leads
  • Assist in the creation, documentation, review, and validation of network diagrams and OT systems architecture
  • Support the review, development, and implementation of OT Cyber Security Management Systems (CSMS) in alignment with established frameworks and international standards
  • Collaborate with the OT Cyber Security team and other departments to deliver projects successfully, ensuring high-quality outputs
  • Prepare and deliver accurate and professional technical reports and documentation that meet client expectations and regulatory compliance
  • Stay informed of industry trends and emerging OT cybersecurity challenges, applying foundational knowledge to support team-directed initiatives
  • Interaction with customers to ensure TUV deliver a solution on time and to high quality
What we offer
What we offer
  • comprehensive training
  • flexible working
  • a great pay and benefits package
  • Fulltime
Read More
Arrow Right

Risk Analyst

The Risk Analyst role at NTT DATA involves assessing and managing risks to ensur...
Location
Location
India , Hyderabad
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3 - 6 years of experience
  • Experience in Cyber Governance, Risk & Compliance (GRC) and Security Operations (SecOps) Management
  • Deep understanding of GRC frameworks and SecOps activities
  • Exposure to working in a Managed Services environment
  • Solid understanding and experience of Cyber Security controls in terms of people, process and technology
  • Proven experience with Cyber control metrics management
  • Exceptional communication and written skills
  • Technical and non-technical stake holder engagement
  • Understanding of Cyber governance, Risk management, compliance frameworks such as NIST, ISO 27001, ISO 27035, SOC2
  • Strong and demonstrated experience in Information Security, with a focus on Cyber GRC and SecOps
Job Responsibility
Job Responsibility
  • Assessing and managing risks to ensure the security, integrity, and resilience of the organization's operations and services
  • Identifying potential threats, analyzing vulnerabilities, and providing recommendations to mitigate risks
  • Proactive risk assessment and collaboration with cross-functional teams
  • Audit Management: Against security standards such as ISO 27001, SOC2 Type II and Client contract obligations
  • BCP/DR testing
  • Client Cyber Risk management
  • Contribution to Cyber security awareness training
  • Metrics Management: Assist stakeholders with security metrics reporting
  • Security Incident Response
  • Supply Chain Risk and Audit management
  • Fulltime
Read More
Arrow Right

Cyber and Information Security Risk Manager, Senior Vice President

This role is critical for safeguarding the bank's financial stability and sustai...
Location
Location
United Kingdom , Belfast
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of progressive experience in Cyber & Information Security Risk Management, IT Risk, Security Compliance, or IT Audit, with significant experience in a financial services environment
  • Demonstrated expertise in identifying, assessing, measuring, monitoring, and reporting on complex cyber and information security risks
  • Proven track record of designing and leading initiatives to enhance security controls and processes
  • Extensive experience collaborating with and managing expectations of diverse stakeholders, including business unit leaders, technical teams, and 2nd and 3rd line functions (e.g., Information Security Compliance, Operational Risk, Internal Audit, Regulators)
  • Strong understanding of evolving cyber threat landscapes, regulatory requirements (e.g., NIST, ISO 27001, GLBA), and industry best practices
  • Proficient in maintaining risk and control frameworks, including Manager’s Control Assessment (MCA), specifically for Cyber & Information Security risks
  • Exceptional communication and presentation skills, with the ability to articulate complex cyber risk concepts and their business impact to senior management and governance committees
  • Ability to act as a primary liaison for all audit and regulatory engagements pertaining to Cyber & Information Security
  • Strong leadership capabilities with experience in leading and mentoring risk management professionals
  • Bachelor's degree required
Job Responsibility
Job Responsibility
  • Proactively identify and assess evolving Cyber & Information Security risks across the business and technology landscape
  • Design and lead strategic initiatives to enhance cyber and information security controls and processes, ensuring alignment with risk appetite
  • Collaborate effectively with business unit leaders and diverse stakeholders to embed robust cyber risk management practices into business operations
  • Partner with 2nd line functions (e.g., Information Security Compliance, Operational Risk Management) to interpret and apply cyber risk requirements and policies accurately
  • Engage with 3rd line functions (e.g., Internal Audit, Compliance Assurance) to facilitate independent assessments, address findings, and drive resolution of cyber and information security issues
  • Maintain comprehensive oversight of cyber risk posture through continuous monitoring of metrics, activity, and corrective action plan execution
  • Prepare and present clear, concise updates on emerging cyber risks, control effectiveness, and strategic enhancements to senior management and governance committees
  • Ensure rigorous adherence to information security policies and regulatory requirements, including maintaining a robust Manager’s Control Assessment (MCA) for Cyber & Information Security
  • Serve as a primary liaison for all internal and external audit engagements related to Cyber & Information Security
  • Lead and mentor a team focused on cyber risk assessment, regulatory compliance, and efficient reporting and resolution of security-related matters
What we offer
What we offer
  • Generous holiday allowance starting at 27 days plus bank holidays
  • increasing with tenure
  • A discretional annual performance related bonus
  • Private medical insurance packages to suit your personal circumstances
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources
  • Fulltime
Read More
Arrow Right

Bdo Digital Senior Cyber Analyst

We’re BDO. An accountancy and business advisory firm, providing the advice and s...
Location
Location
United Kingdom , Birmingham
Salary
Salary:
Not provided
bdo.co.uk Logo
BDO UK LLP
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in IT security domains
  • Experience in performing IT security audits and/ or control gap assessments against CIS Benchmarks and NIST
  • Certification, such as CISA preferred
  • Demostrable interest, training, experience or certification (e.g. Security+, Network +, SSCP, CISSP) in cybersecurity is highly beneficial
  • Strong technical foundation to support the understanding of controls
  • Experience in cybersecurity, IT risk (consultancy experience) or regulatory landscape
  • Ability to meet project deadlines and manage multiple engagements
  • Strong analytical and problem-solving skills, with the ability to present information in a clear and concise manner
  • Ability to build strong relationships with clients
Job Responsibility
Job Responsibility
  • Manage risk for our clients to make them stronger for the future
  • Performing assessments of cybersecurity controls to guide clients on their level of cyber risk
  • Support technical engagement managers on cyber advisory services
  • Support the Cyber Management team as they look to develop the proposition and grow the business
  • Delivery of cyber engagements to help clients assess their cyber risk and support technical engagements
What we offer
What we offer
  • Agile working
  • Programmes, resources, and frameworks that provide clarity and structure around career development
  • Informal success conversations to formal mentoring and coaching
  • State-of-the-art collaboration spaces in our offices
  • Multidisciplinary events and dedicated resources
Read More
Arrow Right
New

Lead Technology Risk Management Analyst (RBI, Internal and External Audits)

Our Purpose Mastercard powers economies and empowers people in 200+ countries an...
Location
Location
India , Pune
Salary
Salary:
Not provided
mastercard.com Logo
Mastercard
Expiration Date
May 31, 2026
Flip Icon
Requirements
Requirements
  • 8-12 years of overall career experience into managing audits and technology risk management
  • Has had audit and regulatory experience (specifically RBI (PSS & IDL), and has conducted internal and external audits
  • You have managed large audits end to end with RBI
  • You have been a part of internal and external audits managing various products and teams on a large scale
  • Passionate about building proactive readiness frameworks and strengthening first line control environments
  • Able to translate regulatory requirements into actionable control practices within AI driven and data intensive environments
  • Adept at integrating IT risk program frameworks with enterprise risk functions, designing IT risk metrics, risk aggregation and reporting concepts
  • Ability to communicate effectively with cross-functional Data Science, Development teams, regulatory agents, and the core product business teams
  • Thrives working with highly technical products in a fast-paced delivery environment
  • Possession of at least one relevant professional certification, such as (but not limited to) CIA, CISA, CISM, or CFE.
Job Responsibility
Job Responsibility
  • Provide control, compliance, and regulatory guidance to developers, architects, and project managers
  • Interpret and operationalize new and evolving regulatory requirements, including RBI (PSS, IDL), DPDP Act, privacy, and broader data regulations
  • Assist in the design and implementation of preventative and detective controls within the first-line environment
  • Partner closely with US‑based counterparts to manage and continuously mature the program’s global control landscape
  • Partner with leadership to identify control gaps and drive resolution, solutioning, and long‑term risk reduction
  • Act as liason between our first line engineers and architects and external audit
  • Collaborate with internal risk, compliance, and governance teams to manage, monitor, and maintain regulatory and compliance controls across the program
  • Facilitate scope and impact assessment to identify control and regulatory requirement applicability
  • Support program‑ and product‑level audits, and develop readiness materials for enterprise or external audit engagements.
  • Fulltime
Read More
Arrow Right

Cyber Security Specialist (GRC)

As a Cyber Security Specialist, you will be integrated into the Portugal Cyber S...
Location
Location
Portugal , Lisboa
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Degree, professional qualification or relevant experience in Technology Security
  • Experience in cyber security risk management, governance and control frameworks
  • Experience supporting risk registers, control assessments, audits or assurance activities
  • Knowledge of information security and risk management standards (ex: ISO/IEC 27001, NIST, COBIT)
  • Strong understanding of cyber security threats and ability to assess business and operational impact
  • Experience working with policies, standards, controls and compliance requirements
  • Strong communication skills, with the ability to explain cyber risks and control gaps in clear business language
  • Ability to work effectively across technical and non‑technical stakeholders, balancing security, risk and business needs
  • Fluency in the English language
Job Responsibility
Job Responsibility
  • Integrated into the Portugal Cyber Security Governance, Risk & Control function, with responsibility for ensuring that cyber security risks are identified, assessed, governed and managed within Vodafone’s risk tolerance
  • Contributing to the three main areas: Cyber Risk Management, Security Governance and Control Assurance
  • Act as a Cyber GRC Subject Matter Expert to enable technical and business teams to operate Vodafone products and services in a secure and compliant manner, with strong focus on cyber risk, policy adherence and control effectiveness
  • Ensuring that cyber security risks are properly identified, assessed, governed and managed, that security controls are effectively implemented and evidenced, and that all governance processes supporting those controls are in place, in line with Vodafone Group cyber security strategy and local market technology and business priorities
  • Follow up on risks, controls and remediation actions throughout their lifecycle, ensuring proper understanding of cyber security requirements, analysing, classifying and prioritising cyber risks according to business context, and supporting informed risk decisions
  • Report to the Cyber Security GRC Team Lead in Portugal and be an active part of the local market Cyber Security team, supporting effective collaboration with local structures such as Network, Digital & IT, Secure by Design, Cyber Defence, Corporate Security, Privacy, Legal, Risk and Compliance, among others
What we offer
What we offer
  • Hybrid Work Model - Flexible hybrid work model with 8-10 in-office days per month, managed by team leaders
  • Vodafone Products and Services - Employees get a mobile phone, free communication plan, data card, and various discounts on services and products
  • Recognition - Recognition programs for innovative, creative, high-potential employees and exemplary behaviors
  • Health and Well-being - Well-being Program offers nutrition and psychological consultations, webinars, workshops, and discounts on various services and products
  • Learning - Access to Communities of Practice and a customizable digital training platform with high-quality content (namely Harvard Business Publishing and Skillsoft)
  • Local and International Mobility - Internal recruitment with local and international rotation opportunities across departments and roles
Read More
Arrow Right

Chief Auditor Technology & Business Enablement International and Wealth International Technology

The Managing Director, Chief Auditor Technology & Business Enablement Internatio...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 15 years of diversified management experience in audit or a related role with a focus on cyber, technology resilience and data
  • Demonstrable technology experience, including that related to the design and operation of risk and controls frameworks
  • Demonstrable product knowledge of Markets, Services, Payments Infrastructures, Corporate and Consumer Banking and Wealth Management, including the provision of technology services within these areas
  • International experience is preferred within highly respected, diversified and complex institutions
  • Proven experience working with regulators and managing regulatory audits or inspections
  • A strong level of technical knowledge related to cyber security, resilience, current and emerging technologies and systems development best practices
  • Strong knowledge of IT governance and control frameworks (e.g. COBIT, NIST, SANS)
  • Good understanding of AI and machine learning concepts, algorithms and techniques
  • Familiarity with data governance principles, data quality management and data privacy practices
  • Strong understanding of internal audit standards (e.g. IIA Standards) and risk management frameworks (e.g. COSO)
Job Responsibility
Job Responsibility
  • Timely development, risk assessment, and periodic refresh of the audit plan for the scope of the role’s area of responsibilities
  • Coordination and delivery of high-quality, value-add multiple concurrent risk-based audits
  • Engagement with senior stakeholders upon receipt of supervisory letters/other regulatory communications
  • Timely delivery of high-quality and comprehensive regulatory and internal audit issue validation
  • Support and endorse the IA Quality Assurance (QA) team to address and resolve issues found by QA
  • Ensure that IA activity is sufficient and relevant to delivering timely assurance
  • Appropriately assess risk when business decisions are made
  • In collaboration with the IA International team, ensure that country-specific technology, cyber and resilience regulatory requirements are understood
  • In collaboration with the Chief Auditor for US Wealth, USCC & Functions, support the integrated risk assessment, audit plan creation and opinion for the Global Wealth business
  • Working in close collaboration with the QA team, lead the processes across Technology & Business Enablement to assess the quality outcomes of assurance work
  • Fulltime
Read More
Arrow Right

Chief Auditor Technology & Business Enablement International and Wealth International Technology

The Managing Director, Chief Auditor Technology & Business Enablement Internatio...
Location
Location
India , Mumbai
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 15 years of diversified management experience in audit or a related role with a focus on cyber, technology resilience and data
  • Demonstrable technology experience, including that related to the design and operation of risk and controls frameworks
  • Demonstrable product knowledge of Markets, Services, Payments Infrastructures, Corporate and Consumer Banking and Wealth Management, including the provision of technology services within these areas
  • International experience is preferred within highly respected, diversified and complex institutions
  • Proven experience working with regulators and managing regulatory audits or inspections
  • Bachelor’s degree/University degree in computer science, data science, finance, accounting, science or a related field, or equivalent experience
  • Master’s degree preferred
  • Related certifications such as Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified in Risk and Information Systems (CRISC) or similar
  • Technical Skills: A strong level of technical knowledge related to cyber security, resilience, current and emerging technologies and systems development best practices
  • Strong knowledge of IT governance and control frameworks (e.g. COBIT, NIST, SANS)
Job Responsibility
Job Responsibility
  • Assurance Risk Assessment, Strategy & Coverage: Timely development, risk assessment, and periodic refresh of the audit plan
  • Responsible for the coordination and delivery of high-quality, value-add multiple concurrent risk-based audits
  • Engagement with senior stakeholders upon receipt of supervisory letters/other regulatory communications
  • Timely delivery of high-quality and comprehensive regulatory and internal audit issue validation
  • Support and endorse the IA Quality Assurance (QA) team
  • Ensure that IA activity is sufficient and relevant to delivering timely assurance
  • Appropriately assess risk when business decisions are made
  • In collaboration with the IA International team, ensure that country-specific technology, cyber and resilience regulatory requirements are understood
  • In collaboration with the Chief Auditor for US Wealth, USCC & Functions, support the integrated risk assessment, audit plan creation and opinion for the Global Wealth business
  • Working in close collaboration with the QA team, lead the processes across Technology & Business Enablement to assess the quality outcomes of assurance work
  • Fulltime
Read More
Arrow Right