Facebook pixel

Principal Associate, Technology Risk Guide (Cybersecurity)
Posted on 5/20/2022
INACTIVE
Locations
Cambridge, MA, USA • Plano, TX, USA • McLean, VA, USA • Richmond, VA...
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
AWS
Data Analysis
Leadership
Management
Marketing
Requirements
  • Bachelor's Degree or military experience
  • At least 3 years experience in Technology or Operational Risk, IT Internal or External Audit, NIST/ FISMA Compliance or a combination
  • At least 2 years of experience performing data analysis in support of internal risk assessments, PCI assessments and control reviews
  • At least 2 years of experience planning and leading IT audits, risk assessments, SOC2 and PCI assessments
  • At least 2 years of experience in performing Control Self Assessments (CSAs), or completing assessments against established industry risk frameworks, including: the NIST Cybersecurity Framework, COBIT v5, COSO, and/or Payment Card Industry Data Security Standard
  • At least 1 year of experience performing controls testing over cloud-based infrastructure (AWS), Cyber, and PCI
  • At least 2 years of experience in risk, cloud, data, and Cyber management
Responsibilities
  • Serve as a Technology Risk Guide for Capital One Cyber Divisional CIO, Top of House Leadership Team and respective Engineering teams to help make informed Cyber Technology Risk decisions
  • Collaborate and build successful relationships with Technology Application Teams, Enterprise Capital One Cyber, Tech Risk and other business support functions (e.g., Business Risk Office) to guide, educate and influence on risk program requirements to the Division
  • Understand the broader context and implications (e.g., financial, legal, reputational, etc.) of the various types of risk affecting the Cyber technology function
  • Contribute to Risk and Control Self Assessments (RCSAs), Targeted Risk Assessments (TRAs), Control Self Assessments (CSAs), Process Level Assessments (PLAs), Exception Management, and Application Risk Assessments (ARAs) to verify the design and operating effectiveness of existing controls as well as identify and track control gaps/issues to remediation, build tools, templates, and job aids
  • Evaluate new products and initiatives from the technology risk perspective through the new product, marketing, and initiative governance (NPMIG) process and the technology risk assessment framework stemming from any material tech and cyber change
  • Support the evaluation of and improvement of the control environment for the Capital One Cyber Technology organization
  • Support documentation of processes and process flow diagrams, controls reporting dashboards, and controls health monitoring
  • Analyze data to proactively identify risks and trends and prepare Divisional reporting for Executive Leadership
  • Understand regulatory requirements and anticipate changes to help ensure proper alignment with internal requirements and frameworks
  • Participate in enterprise Tech Risk forums and relevant councils
Desired Qualifications
  • Professional certification such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or related certifications
  • 5+ years experience in information systems auditing, in information systems risk management, NIST/ FISMA Compliance or a combination
  • 4+ years of experience in performing Control Self Assessments (CSAs), or completing assessments against established industry risk frameworks, including: the NIST Cybersecurity Framework, COBIT v5, COSO and/or Payment Card Industry Data Security Standard
  • 3+ years experience performing data analysis in support of internal risk assessments, SOC2, PCI assessments and control reviews
  • Excellent verbal presentation and written communication skills to confidently interact with application teams and enterprise stakeholders
  • Excellent problem-solving, analytical and critical thinking skills to effectively respond to shifting priorities, demands and timelines
  • Consulting experience with a Big 4 firm is a plus
  • Cloud Risk Management experience is a plus
  • Proficient with G Suite / Google Workspace for reports, analysis, and presentations is a plus
Capital One

10,001+ employees

Sixth largest bank and financial service provider
Company Overview
Capital One was founded on the belief that no one should be locked out of the financial system. Their deep commitment to financial inclusion is reflected in their business, community partnerships, philanthropy, and most importantly, support for customers. Capital One is on a mission to change banking for good.
Benefits
  • Medical, Dental, & Vision coverage
  • Onsite Health Centers
  • Prescription saving with network of local pharmacies
  • Stock Purchase Plan
  • Education Assistance
  • 401(k)
  • Flexible Spending Accounts
  • Life and Disability insurance
  • Generous paid time off + corporate & floating holidays
  • Registered dieticians on site, cooking classes and free virtual fitness classes
  • Employee Assistance Program
Company Values
  • Creating financial tools that enrich lives
  • Building thriving communities
  • Advocating for an inclusive society
  • Do the Right Thing