Capital One
Business Risk Lead, Director, Enterprise Services Risk Office
Capital One, Mc Lean, Virginia, us, 22107
Overview
Capital One is a diversified bank offering a broad array of financial products and services. We nurture a work environment where people with diverse thoughts, ideas, and backgrounds come together to make Capital One a great company and a great place to work. The Enterprise Services Risk organization is expanding to attract innovative, pioneering, collaborative, and highly skilled professionals. We operate at the forefront of risk management, supporting novel technologies and critical business strategies while valuing diverse perspectives. As a Director on the ES Business Tech Risk team, you will partner across Enterprise Services, Divisional CIOs, and Information Security teams to develop and support risk solutions that enable innovation while protecting customers, shareholders, business partners, and associates. You will collaborate with second lines of defense to lead and implement risk and control tools, techniques, and frameworks for the Technology organization and provide direct tech risk advisory services to lines of business (Software, ESM, etc.). Responsibilities
Serve as the Technology Risk Guide leader for the Enterprise Services Business Risk team to propel the technology risk agenda for lines of business and help: make informed risk-based decisions. Assist ES Business Risk leadership in delivering against their strategy and services. Provide oversight and guidance on key strategic technology initiatives with a focus on architectures to enhance technology in support of business drivers. Serve as interdepartmental advisor, interfacing with technology lines of business and other areas such as second line Technology and Cyber organizations and Compliance. Identify and implement continual program enhancements based on industry standards and best practices related to risk management (especially technology risk) aligned with Capital One's strategic direction. Gather risk and control data and reporting; perform initial analysis or evaluate data provided by team analysts. Influence leaders across Enterprise Services, Cyber, second line risk organizations, and Internal Audit on key technology risks and actions needed. Develop and monitor risk analysis, perform deep-dive investigations, and drive risk initiatives to minimize risk posture and strengthen control effectiveness. Support Risk Control and Self-Assessments (RCSAs). Understand, document, and analyze current state capabilities using risk methods; benchmark against industry best practices to inform risk framework components. Write and revise documents such as policies, standards, procedures, and guidelines. Develop and enhance processes, tools, templates, and job aids. Draft, contribute to, edit, and deliver presentations to enable design, development, and usage of risk methods. Basic Qualifications
Bachelor's Degree or military experience. At least 8 years of experience in Cybersecurity, Technology, or Cyber Internal/External Audit, or a combination thereof. At least 8 years of experience planning and leading IT audits or risk assessments. At least 5 years of People Management experience. At least 5 years of experience in data management and performing data analysis in support of cybersecurity assessments and control design in a cloud environment. At least 5 years of experience supporting security and compliance frameworks such as SOC2, ISO27001, PCI, and NIST SP 800-53. Preferred Qualifications
12+ years of experience in Cybersecurity, Technology, or Cyber Internal/External Audit, or a combination thereof. Certifications such as CISSP, AWS Security, CISA, CRISC, CISM, or AWS DevOps certification. 10+ years of experience performing CSAs or assessments against established industry risk frameworks (e.g., NIST Cybersecurity Framework). 10+ years of experience supporting security and compliance frameworks such as SOC2, ISO 27001, PCI, and NIST SP 800-53. 10+ years of data analysis experience in internal risk assessments and control reviews. 3+ years of CI/CD, DevOps, SDLC framework experience. 3+ years of Application Architecture review experience. 3+ years of Financial Services industry experience. Excellent verbal and written communication skills to confidently interact with the cyber organization and enterprise stakeholders. Note: At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The salary information listed below is for candidates hired to work in specific locations and reflects the amount Capital One is willing to pay at the time of posting. Salaries for part-time roles will be prorated. Chicago, IL: $205,400 - $234,400; McLean, VA: $226,000 - $257,900; New York, NY: $246,500 - $281,300; Richmond, VA: $205,400 - $234,400 for Director, Cyber Risk & Analysis. Candidates hired to work in other locations will be paid per the respective location's range. This role is eligible for performance-based incentive compensation, which may include cash bonuses and/or long-term incentives (LTI). Capital One offers a comprehensive, competitive, and inclusive set of health, financial, and other benefits. Eligibility varies by status and level. For accommodations during the application process, contact Recruiting Accommodation at RecruitingAccommodation@capitalone.com. See Capital One Careers for more information. Capital One is an equal opportunity employer (EOE, including disability/vet) and maintains a drug-free workplace. Capital One may consider qualified applicants with criminal histories in a manner consistent with applicable laws. For questions about the recruiting process, please email Careers@capitalone.com.
#J-18808-Ljbffr
Capital One is a diversified bank offering a broad array of financial products and services. We nurture a work environment where people with diverse thoughts, ideas, and backgrounds come together to make Capital One a great company and a great place to work. The Enterprise Services Risk organization is expanding to attract innovative, pioneering, collaborative, and highly skilled professionals. We operate at the forefront of risk management, supporting novel technologies and critical business strategies while valuing diverse perspectives. As a Director on the ES Business Tech Risk team, you will partner across Enterprise Services, Divisional CIOs, and Information Security teams to develop and support risk solutions that enable innovation while protecting customers, shareholders, business partners, and associates. You will collaborate with second lines of defense to lead and implement risk and control tools, techniques, and frameworks for the Technology organization and provide direct tech risk advisory services to lines of business (Software, ESM, etc.). Responsibilities
Serve as the Technology Risk Guide leader for the Enterprise Services Business Risk team to propel the technology risk agenda for lines of business and help: make informed risk-based decisions. Assist ES Business Risk leadership in delivering against their strategy and services. Provide oversight and guidance on key strategic technology initiatives with a focus on architectures to enhance technology in support of business drivers. Serve as interdepartmental advisor, interfacing with technology lines of business and other areas such as second line Technology and Cyber organizations and Compliance. Identify and implement continual program enhancements based on industry standards and best practices related to risk management (especially technology risk) aligned with Capital One's strategic direction. Gather risk and control data and reporting; perform initial analysis or evaluate data provided by team analysts. Influence leaders across Enterprise Services, Cyber, second line risk organizations, and Internal Audit on key technology risks and actions needed. Develop and monitor risk analysis, perform deep-dive investigations, and drive risk initiatives to minimize risk posture and strengthen control effectiveness. Support Risk Control and Self-Assessments (RCSAs). Understand, document, and analyze current state capabilities using risk methods; benchmark against industry best practices to inform risk framework components. Write and revise documents such as policies, standards, procedures, and guidelines. Develop and enhance processes, tools, templates, and job aids. Draft, contribute to, edit, and deliver presentations to enable design, development, and usage of risk methods. Basic Qualifications
Bachelor's Degree or military experience. At least 8 years of experience in Cybersecurity, Technology, or Cyber Internal/External Audit, or a combination thereof. At least 8 years of experience planning and leading IT audits or risk assessments. At least 5 years of People Management experience. At least 5 years of experience in data management and performing data analysis in support of cybersecurity assessments and control design in a cloud environment. At least 5 years of experience supporting security and compliance frameworks such as SOC2, ISO27001, PCI, and NIST SP 800-53. Preferred Qualifications
12+ years of experience in Cybersecurity, Technology, or Cyber Internal/External Audit, or a combination thereof. Certifications such as CISSP, AWS Security, CISA, CRISC, CISM, or AWS DevOps certification. 10+ years of experience performing CSAs or assessments against established industry risk frameworks (e.g., NIST Cybersecurity Framework). 10+ years of experience supporting security and compliance frameworks such as SOC2, ISO 27001, PCI, and NIST SP 800-53. 10+ years of data analysis experience in internal risk assessments and control reviews. 3+ years of CI/CD, DevOps, SDLC framework experience. 3+ years of Application Architecture review experience. 3+ years of Financial Services industry experience. Excellent verbal and written communication skills to confidently interact with the cyber organization and enterprise stakeholders. Note: At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The salary information listed below is for candidates hired to work in specific locations and reflects the amount Capital One is willing to pay at the time of posting. Salaries for part-time roles will be prorated. Chicago, IL: $205,400 - $234,400; McLean, VA: $226,000 - $257,900; New York, NY: $246,500 - $281,300; Richmond, VA: $205,400 - $234,400 for Director, Cyber Risk & Analysis. Candidates hired to work in other locations will be paid per the respective location's range. This role is eligible for performance-based incentive compensation, which may include cash bonuses and/or long-term incentives (LTI). Capital One offers a comprehensive, competitive, and inclusive set of health, financial, and other benefits. Eligibility varies by status and level. For accommodations during the application process, contact Recruiting Accommodation at RecruitingAccommodation@capitalone.com. See Capital One Careers for more information. Capital One is an equal opportunity employer (EOE, including disability/vet) and maintains a drug-free workplace. Capital One may consider qualified applicants with criminal histories in a manner consistent with applicable laws. For questions about the recruiting process, please email Careers@capitalone.com.
#J-18808-Ljbffr