iHire
Director of Data Protection - Technology Risk Management
Capital One is one of the fastest growing organizations in the world today. The growth of the business is being accelerated by leveraging innovative and emerging technologies. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years, fully exiting our data centers.
Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The roughly one hundred fifty professionals in TDRM are trusted expert advisers who shape decisions, challenge activities to ensure they meet our standards, and generally oversee technology and information security risk across the business and the central technology organization.
TDRM plays a critical role in ensuring that the company's risk-taking entities are aware of the risks inherent in their activities and decisions, the impact of their actions on the company at an enterprise level, and opportunities to reduce, mitigate or avoid the risks altogether.
Job Description
We are currently seeking a dynamic leader with significant experience in engaging with business and technology leaders to identify and mitigate cyber security risk in the field of data protection. Responsibilities Play a lead role in identifying areas of cyber risk to provide oversight, analysis, effective challenge, and risk-informed recommendations. Provide and manage the production of technical assessments of the effectiveness and design of cybersecurity controls Conduct assessments and draft assessment for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as needed. Manage a team of cybersecurity professionals. Set vision and direction, manage performance and career development of associates. Stay current on emerging cyber threats and risk management approaches. Collaborate effectively with stakeholders and leaders across multiple organizations to achieve objectives. Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups. Promote and influence change in technology and program from the first line of defense that drives management of technology and cyber risk within the company's appetite. Basic Qualifications A Bachelors degree or military experience At least 7 years of cybersecurity operations experience with enterprise-grade data protection tools or processes At least 5 years of experience in data protection or technology processes, Data Loss Prevention (DLP), data identification, classification, minimization, tokenization, encryption, secure transfer, retention, destruction or a combination. At least 5 years of experience of people management At least 2 years of data or certificate management experience At least 2 years of experience with public cloud infrastructure or security principles Preferred Qualifications At least 1 professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), Security+ - CompTIA Excellent written and verbal communication skills. At least 2 years of experience managing, consulting, auditing, or working in the fields of information security, technology, or risk management Familiarity with the field of threat intelligence concepts. Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate Familiarity with financial sector regulatory practices and second line of defense effective challenge Experience with performing risk assessments and risk reporting Passion and expertise in cybersecurity, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple projects while maintaining superior results Ability to work cross-functionally, individually, and to lead work among a team Execution oriented and a self-motivator Familiarity NIST Cybersecurity Framework controls, NIST 800-53, ISO 27000-1 Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws.
#J-18808-Ljbffr
We are currently seeking a dynamic leader with significant experience in engaging with business and technology leaders to identify and mitigate cyber security risk in the field of data protection. Responsibilities Play a lead role in identifying areas of cyber risk to provide oversight, analysis, effective challenge, and risk-informed recommendations. Provide and manage the production of technical assessments of the effectiveness and design of cybersecurity controls Conduct assessments and draft assessment for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as needed. Manage a team of cybersecurity professionals. Set vision and direction, manage performance and career development of associates. Stay current on emerging cyber threats and risk management approaches. Collaborate effectively with stakeholders and leaders across multiple organizations to achieve objectives. Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups. Promote and influence change in technology and program from the first line of defense that drives management of technology and cyber risk within the company's appetite. Basic Qualifications A Bachelors degree or military experience At least 7 years of cybersecurity operations experience with enterprise-grade data protection tools or processes At least 5 years of experience in data protection or technology processes, Data Loss Prevention (DLP), data identification, classification, minimization, tokenization, encryption, secure transfer, retention, destruction or a combination. At least 5 years of experience of people management At least 2 years of data or certificate management experience At least 2 years of experience with public cloud infrastructure or security principles Preferred Qualifications At least 1 professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), Security+ - CompTIA Excellent written and verbal communication skills. At least 2 years of experience managing, consulting, auditing, or working in the fields of information security, technology, or risk management Familiarity with the field of threat intelligence concepts. Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate Familiarity with financial sector regulatory practices and second line of defense effective challenge Experience with performing risk assessments and risk reporting Passion and expertise in cybersecurity, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple projects while maintaining superior results Ability to work cross-functionally, individually, and to lead work among a team Execution oriented and a self-motivator Familiarity NIST Cybersecurity Framework controls, NIST 800-53, ISO 27000-1 Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws.
#J-18808-Ljbffr