Full-Time

Senior Associate

Technology & Cyber Risk, Capital One Software, Remote

Posted on 10/15/2024

Capital One

Capital One

10,001+ employees

Offers diverse financial products and services

Fintech
Financial Services

Compensation Overview

$117.4k - $134kAnnually

+ Performance-based incentives + Cash bonuses + Long-term incentives

Junior, Mid, Senior

No H1B Sponsorship

Remote in USA + 1 more

More locations: McLean, VA, USA

Remote position with an office in McLean, VA.

Category
Cybersecurity
IT & Security
Required Skills
Microsoft Azure
AWS
Google Cloud Platform
Requirements
  • At least 1 year of experience developing risks, associated controls, issues or mitigation plans
  • At least 1 year performing controls testing in a cloud environment
  • At least 1 year experience in Technology Risk or IT Audit
  • At least 1 year of experience planning, analyzing and leading Risk assessments
  • At least 1 year of Project Management experience
  • Experience performing detailed reviews of control assessments; including National Institute of Standard & Technology (NIST), PCI-DSS, SOC 2
  • Experience performing detailed reviews of control assessments for SaaS and COTS offerings
  • 2+ years of Project Management experience leading cross functional projects in Risk
  • Professional certification such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or other Industry related certifications
  • 2+ years experience in information systems risk management or information systems auditing
  • Experience with Amazon Web Service (AWS) and with multi-cloud (Azure and GCP)
  • Cloud Risk Management experience
Responsibilities
  • Be a trusted advisor both leading and driving effective and relevant Tech and Cyber risk conversations with Divisional Tech leadership and their teams
  • Be an informed consultant to develop and deliver appropriate messages on risk themes and challenge remediation activities
  • Be an approachable and effective partner to navigate regulatory and compliance requirements to help develop fit for purpose solutions with the ability to flex where appropriate
  • Consult, establish best practices, be a Contributor, provide oversight, effective challenge and influence positive outcomes supporting the Platform security and tech risk strategy for Capital One Software to ensure our businesses effectively manage technical risk
  • Identify and implement continual program enhancements based on industry standards and best practices related to technology risk management that is aligned with Capital One’s strategic risk direction and in support of Capital One Software’s business objectives
  • Understand regulatory requirements, SaaS and COTS offerings for both B2B and B2C markets, industry compliance frameworks; while anticipating changes to help ensure proper alignment with internal and external requirements
  • Collaborate with cross-functional teams to address complex and changing regulations that impact cloud services
  • Understand the broader context and implications (e.g., financial, legal, reputational, etc.) of the various types of risk affecting the technology function
  • Understand, document and analyze current state capabilities regarding one or more risk methods. Leverage industry benchmarking to determine best practices and lessons learned regarding components of the risk framework
  • Establish project parameters, delivering on multiple priorities to help drive business value and support team objectives
  • Review organizational performance outcomes to identify potential areas of risk exposure that require further review with the ability to review and analyze vast amounts of data and information while working closely with first line business partners
  • Assist in the development of risks, associated controls, issues and/or mitigation plans to ensure the business implements needed changes and addresses areas of exposure; while, informing decisions with the Accountable Tech Executives (AEs)
  • Contribute to Control Self Assessments (CSAs) to verify the design and operating effectiveness of existing controls as well as identify and track control gaps or issues to remediation
  • Deliver technology risk and controls advice, challenge and support to stakeholders
  • Identify and introduce innovative approaches to monitoring the technology control environment
  • Partner with Divisional and Enterprise wide Risk Associates to remove complexity and improve efficiency
  • Maintain an up-to-date and in-depth industry and technical expertise in areas of technology risk
  • Guide Technology areas to ensure aggregate risk is understood and well managed
  • Ensure key messages are understood and actions are underway, provide risk input, context and challenge through appropriate and timely reporting and governance actions
  • Build successful relationships with line of business risk offices and team members to understand impact of technology risk on critical business processes
  • Support Risk Control and Self Assessments (RCSAs)
  • Experience with Vulnerability Management, Application security, Supply Chain Security and Identity & Access Management is a plus
  • Write and revise documents such as policies, standards, procedures, and guidelines. Develop and enhance processes, tools, templates, and job aides. Draft, contribute to, edit, and deliver presentations that aid in the design, development, refinement, and usage of risk methods.

Capital One offers a variety of financial services, including credit cards, savings accounts, car loans, and business checking accounts, primarily in the United States. The company focuses on user-friendly banking solutions with no fees or minimums for checking accounts, making it easier for customers to manage their money. Capital One stands out from competitors with its commitment to financial inclusion and literacy, partnering with organizations to provide educational resources. The goal is to transform the banking experience by ensuring everyone has access to financial services and the knowledge to make informed decisions.

Company Stage

IPO

Total Funding

$15.9M

Headquarters

McLean, Virginia

Founded

2014

Simplify Jobs

Simplify's Take

What believers are saying

  • Partnership with Worldpay enhances payment security and efficiency for merchants.
  • Capital One's collaboration with HITEC improves data infrastructure and decision-making.
  • Financial empowerment initiatives support community stability, like the $86,000 grant to United Way.

What critics are saying

  • Increased competition in subscription management tools may dilute Capital One's first-mover advantage.
  • Over-reliance on partnerships for tech advancements could pose risks if partnerships falter.
  • Departure of key personnel like Joe Rodriguez may affect risk management expertise.

What makes Capital One unique

  • Capital One offers user-friendly banking with no fees or minimums for checking accounts.
  • The company partners with Minna Technologies for subscription management tools in its app.
  • Capital One's mobile banking app is a model for secure, user-friendly digital banking.

Help us improve and share your feedback! Did you find this helpful?

Benefits

Medical, Dental, & Vision coverage

Onsite Health Centers

Prescription saving with network of local pharmacies

Stock Purchase Plan

Education Assistance

401(k)

Flexible Spending Accounts

Life and Disability insurance

Generous paid time off + corporate & floating holidays

Registered dieticians on site, cooking classes and free virtual fitness classes

Employee Assistance Program

INACTIVE