Cyber Governance and Risk Management, Cyber Tool Assessor - Principal Associate
About the role
Security is essential to what we do at Capital One, from protecting customer data to the associate experience. As a Cyber Risk Manager within the Governance and Risk division, you see security as an innovation enabler and differentiator, not a step in the compliance process. You thrive working with business and technology partners to achieve goals and objectives in a secure manner. You’re constantly looking for ways to leverage modern technology architectures. You enjoy solving tough cybersecurity problems in an iterative, team environment.
Responsibilities
- Serve as an Information Security Risk Management subject matter expert and advise on best practices in risk reduction through the configuration of cybersecurity tools and platforms.
- Leverage capability, risk, and/or threat classification frameworks and standardization methodologies to facilitate evaluations of cybersecurity tool effectiveness.
- Through the periodic re-evaluation of cybersecurity tools and suites, support the implementation and execution of a continuous improvement program, inclusive of risk and issue identification, corrective action implementation, and results validation.
- Articulate operations, compliance, and cybersecurity objectives for engineering and products to inform prioritized risk reduction.
- Effectively communicate the impact of identified operational, compliance, process, control, and tooling gaps and potential remediation courses of action to multiple audiences, including leadership, to support the enhancement of their cybersecurity postures.
- Lead solutioning for, and manage activities in response to, large-scale enterprise risk reduction efforts.
Qualifications
- High School Diploma, GED, or equivalent certification
- At least 3 years of experience in cybersecurity
- At least 1 year of experience with technology or cybersecurity risk management frameworks
Preferred Qualifications
- Bachelor’s Degree
- 3+ years of experience in operational compliance or IT audit
- 4+ years of experience with cyber tooling and operations
- 3+ years of experience with monitoring, gathering, and assessing artifacts as part of continuous security monitoring such as: C&A, POA&M, NIST 800-37, MITRE ATT&CK or MITRE D3FEND
- 1+ years of experience utilizing Agile methodologies
- Cybersecurity certifications such as: Security +, CRISC, CISSP, CISM, CSA, AWS Cloud Practitioner, or AWS Certified Solutions Architect Associate Certification
Pay
The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked.
Benefits
Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.
Schedule
This role is expected to accept applications for a minimum of 5 business days. No agencies please.
Contact
For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com.