Senior Manager, Cyber Risk and Analysis
Company: Capital One
Location: Newark
Posted on: April 25, 2024
Job Description:
West Creek 1 (12071), United States of America, Richmond,
VirginiaSenior Manager, Cyber Risk and AnalysisAt Capital One, you
will help consult on initiatives, programs, and projects to raise
their game in Information Security. You are pragmatic and practical
in your understanding of risk and security, but also willing to
know when to pull in experts and escalate. You collaborate and
innovate with other teams within Capital One to push the envelope.
The associate in this role will provide leadership, risk
management, and controls expertise to the Card Technology top of
house organization from a Cyber and Technology lens. In part, this
position will lead first line quality assurance control execution,
evaluation of control design and operating effectiveness, and help
propel the Card organization toward preventive and automated
controls management. - Additionally, you will collaborate closely
with associates in our cyber and broader technology organization,
as well as enterprise risk management to evaluate Card's compliance
in the effectiveness of the company's technology controls
infrastructure, and offer independent advice and recommendations
regarding ways to further mature the division's technology risk
management capabilities. You will challenge and innovate within the
Divisional teams and with our Enterprise Cyber & Risk partners to
drive process improvements, automation, and to elevate controls
program efficiency. Security is essential to what we do here, from
protecting our customers to our associates. -
-Responsibilities:
- Design a risk management framework enabling line of sight and
governance to both processes and platforms
- Serve as a liaison, interfacing with business partners, Tech,
and other assurance functions, such as risk management and cyber to
drive meaningful reductions in risk
- Synthesize data and reporting; perform analysis and bring
valuable insights through evaluation of data provided by team
analysts
- Proactively identify information security risk and partner with
key stakeholders to reduce or eliminate risk
- Impeccable written and oral communication credentials, coupled
with strategic influencing skills -
- Assess and rationalize control appropriateness, and glean
insights from issues and events across tech
- Provide technical assessments of technology control design and
effectiveness by advising on/performing independent testing when
necessary
- Participate in management of the overall technology control
inventory which defines the scope of the controls review
program
- Collaborate internally and with our risk community (e.g. risk
managers, risk leads, IRM groups, business risk offices, front line
process owners) to mature our risk event practice methodologies and
advance learning -About You:
- You have a desire to work in a very fast moving, forward
leaning, and modern computing environment
- You are a thoughtful leader with focus on people
development
- You have a strong desire to continually learn about new
technologies
- You possess strong conceptual thinking and communication
skills
- You are able to work well under minimal supervision
- You are a demonstrated team-oriented professional with
interpersonal skills and the ability to interface effectively with
a broad range of people and roles, including upper management, IT
leaders, and external third parties
- You maintain calmness and clarity of thought under pressure and
ability to maintain confidentiality
- You demonstrate strong ability to analyze information and
data
- You demonstrate strong subject matter expertise and sound
judgment when analyzing third party risk
- You operate in a collaborative manner to effectively assess
risk while maintaining business relationships
- You develop and communicate quality recommendations to key
stakeholders
- You communicate technical issues to non-technical people
- You demonstrate collaborative partnership skills for working
with various points of contacts
- You demonstrate capacity to think broadly but go deep into
subject matter when needed
- You have a deep understanding of strategic business objectives
and the ability to drive results toward those objectivesBasic
Qualifications:
- High School Diploma, GED, or equivalent certification
- At least 8 years of experience with technology or cyber
security risk management frameworks
- At least 5 years of experience developing, evaluating, or
implementing cybersecurity, technology, or risk assessment
activitiesPreferred Qualifications:
- Bachelors Degree
- 5+ years of experience in PCI DSS, NIST, ISO, Physical
Security, or IT Operations Management -
- 3+ years of experience at a Financial Institution
- 3+ years of IT audit experience with a big four consulting
firm
- CISSP, CISA, CISM or CRISC certification
- 3+ years of experience performing Control Self Assessments
(CSAs), or completing assessments against established industry risk
frameworks, including: the NIST Cybersecurity Framework, ISO, COBIT
v5, or COSO
- Experience in a regulated environmentAt this time, Capital One
will not sponsor a new applicant for employment authorization for
this position.Capital One offers a comprehensive, competitive, and
inclusive set of health, financial and other benefits that support
your total well-being. Learn more at the -. Eligibility varies
based on full or part-time status, exempt or non-exempt status, and
management level.This role is expected to accept applications for a
minimum of 5 business days.No agencies please. Capital One is an
equal opportunity employer committed to diversity and inclusion in
the workplace. All qualified applicants will receive consideration
for employment without regard to sex (including pregnancy,
childbirth or related medical conditions), race, color, age,
national origin, religion, disability, genetic information, marital
status, sexual orientation, gender identity, gender reassignment,
citizenship, immigration status, protected veteran status, or any
other basis prohibited under applicable federal, state or local
law. Capital One promotes a drug-free workplace. Capital One will
consider for employment qualified applicants with a criminal
history in a manner consistent with the requirements of applicable
laws regarding criminal background inquiries, including, to the
extent applicable, Article 23-A of the New York Correction Law; San
Francisco, California Police Code Article 49, Sections 4901-4920;
New York City's Fair Chance Act; Philadelphia's Fair Criminal
Records Screening Act; and other applicable federal, state, and
local laws and regulations regarding criminal background
inquiries.If you have visited our website in search of information
on employment opportunities or to apply for a position, and you
require an accommodation, please contact Capital One Recruiting at
1-800-304-9102 or via email at . All information you provide will
be kept confidential and will be used only to the extent required
to provide needed reasonable accommodations.For technical support
or questions about Capital One's recruiting process, please send an
email to Capital One does not provide, endorse nor guarantee and is
not liable for third-party products, services, educational tools or
other information available through this site.Capital One Financial
is made up of several different entities. Please note that any
position posted in Canada is for Capital One Canada, any position
posted in the United Kingdom is for Capital One Europe and any
position posted in the Philippines is for Capital One Philippines
Service Corp. (COPSSC).
Keywords: Capital One, East Orange , Senior Manager, Cyber Risk and Analysis, Executive , Newark, New Jersey
Didn't find what you're looking for? Search again!
Loading more jobs...