Jobs · Analyst · New York

Manager, Cyber Risk & Analysis

Capital One · New York, NY · 2 wk ago
Analyst$165k–$188k/yrFull-time

Overview

Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, software quality, and data management.

Responsibilities

  • Maintain and advance the company’s information security control framework, ensuring proper design, implementation, and ongoing assurance activities.
  • Partner with cross-functional teams to build, maintain, and monitor compliance across the business.
  • Oversee and direct the organization's GRC initiatives to achieve and maintain compliance with relevant regulations and certifications, including ENS, Lince, the CRA Cybersecurity Resiliency Act, and the EU AI Act, ensuring that all requirements are fully satisfied and sustained.
  • Represent our team in technology councils to ensure an appropriate risk lens is applied to cyber and technology initiatives and strategic programs.
  • Build and maintain relationships with technical leaders, engineers, architects, and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risks are well communicated and understood by the key stakeholders.
  • Understand and assess the inventory of technology and cyber risk management related laws and regulations, as well as industry standards such as the NIST, PCI DSS, CSF and FFIEC guidance, and how they translate into organizational requirements and controls.
  • Perform technology and cybersecurity risk management requirement applicability and impact assessments against business, technology and cyber processes.

Qualifications

  • High School Diploma, GED, or equivalent certification
  • At least 4 years of technical experience in at least two domains of cyber security such as identity and access management and endpoint security.
  • At least 4 years of progressive experience in GRC, compliance, or related legal or regulatory roles, with demonstrated success building or scaling compliance programs.

Preferred Qualifications

  • Bachelor's Degree
  • 4+ years of experience at a major technology company or financial services; prior compliance work at Visa, Mastercard, American Express or another financial institution
  • Maintain comprehensive understanding of each entity's structure, operations, compliance, and risk posture, anticipating challenges and opportunities while ensuring effective communication and escalation of key issues and mitigating long-term risks
  • Drive initiatives to streamline and enhance governance processes, fostering transparency and accountability within the organization
  • Working knowledge of domestic and international regulatory requirements and laws that govern credit and debit networks
  • 3+ years of experience drafting, tailoring, and communicating complex technical and cyber risk reports to all levels, including senior executives, the Board, and regulatory bodies
  • Demonstrated ability to work independently, manage complex, ambiguous projects, and drive outcomes across enterprise boundaries
  • Hands-on experience applying major security and risk frameworks such as: NIST CSF, NIST 800-53, ISO 27000-1
  • Cybersecurity certifications such as: Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); or Certified in Risk and Information Systems Control (CRISC)

Similar jobs

Cybersecurity Risk Manager

Huntington National BankFarmers Branch, TX· 1 wk ago
Finance$70k–$140k/yrapply on huntington-careers.com