Capital One
Director, Cyber and Tech Risk Execution
Capital One, Richmond, Virginia, United States, 23214
Overview
Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, software quality, and data management. Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 professionals in TDRM oversee ~14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, tech risk, and data management risk. We shape strategy and decisions, challenge activities to meet our standards, and perform independent tests of our security and technology risk. Our structure includes the first-line CISO with operational responsibilities and the second-line Chief Tech Risk Officer (CTRO) and the Tech & Data Risk Management (TRM) organization with broader responsibilities for cybersecurity, reliability, software quality, resilience, and data risk. The CTRO is independent and oversees the work of the CISO, the CIO/CTO, and the Chief Data Officer, reporting to the Chief Risk Officer and then to the CEO. In this role you will be a risk expert who influences across all levels of the organization, with a focus on applying our Risk Leveling Program to ensure tech and cyber risks are consistently defined and measured, generating data that drives actions to mitigate risk across the organization. You will mentor Senior Risk Managers within the RAPID team and deliver against enterprise-wide deadlines while demonstrating risk expertise and stakeholder influence. You will also provide support to Divisions on risk assessment and treatment options based on Line of Business and enterprise risk appetite, and bring strong knowledge of technology/cyber risk, industry trends, and regulatory expectations to strategic planning and problem solving. Responsibilities
Influence executives across the Lines of Business to take accountability for complex technology and cyber risks Execute the Risk Leveling program across centralized and decentralized divisions Leverage leadership experience and executive influencing skills to raise risk maturity Constructively debate issues and connect the dots across risk assessments and initiatives Identify opportunities to influence risk-taking strategies and ensure aggregate risk is understood Provide robust risk management oversight supporting internal audits and regulatory exams Mentor and develop associates to meet professional development goals Maintain a broad, expert understanding of technology risk frameworks and apply them in risk identification Communicate subject matter expertise in risk categorization, risk emergence in new environments, and safeguards for the enterprise Demonstrate critical thinking and communication skills to devise and socialize innovative risk management solutions Use reporting tools to analyze data points and inform policies and drive change; understand risk metrics for tech and cyber risks Demonstrate lifecycle program management, socialize action plans, address impediments and risks, and engage stakeholders A successful candidate will have
Superb communication skills, including active listening and executive presentation Proven analytical ability to present data-driven points of view to technical and non-technical audiences Comfort raising concerns early and escalating appropriately to facilitate problem solving Expertise in technology and cybersecurity with the ability to register dissent respectfully Ability to collaborate across organizations to achieve consensus, socialize strategy, and meet objectives Track record of providing strategic direction to drive results and influence outcomes Basic Qualifications
Bachelor's Degree AND at least 7 years of experience in information security, information technology or risk management OR High School Diploma, GED or equivalent certification AND at least 9 years of experience At least 5 years of experience developing, evaluating or implementing cybersecurity, technology or risk assessment activities Professional security or risk management certification (CISSP, CISM, CISA, CRISC, CIPP or Open FAIR) Preferred Qualifications
Master’s Degree Knowledge of supervisory expectations in FFIEC IT Handbook, Federal Reserve Supervisory Letters, OCC Bulletins or FDIC FILs At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. This salary information is for candidates hired to work within these locations and represents the amount Capital One is willing to pay at the time of posting. Salaries for part-time roles will be prorated based on hours worked. McLean, VA: $226,000 - $257,900 for Director, Cyber Risk & Analysis New York, NY: $246,500 - $281,300 for Director, Cyber Risk & Analysis Plano, TX: $205,400 - $234,400 for Director, Cyber Risk & Analysis Richmond, VA: $205,400 - $234,400 for Director, Cyber Risk & Analysis Candidates hired to work in other locations will be subject to the pay range for that location; the actual salary will be stated in the offer letter. This role is eligible for performance-based incentive compensation, which may include cash bonuses and/or long-term incentives (LTI). Capital One offers a comprehensive, inclusive set of health and other benefits. Eligibility varies by status. More details at the Capital One Careers website. This role is expected to accept applications for a minimum of 5 business days. No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination and to maintaining a drug-free workplace. Capital One will consider for employment qualified applicants with criminal history in accordance with applicable laws and regulations. If you require an accommodation, contact Capital One Recruiting at 1-800-304-9102 or RecruitingAccommodation@capitalone.com. All information will be kept confidential and used only to provide needed accommodations. For technical support or questions about Capital One's recruiting process, please email Careers@capitalone.com. Capital One does not provide or guarantee third-party products or services. Capital One Financial is made up of several entities. Positions posted in Canada, the United Kingdom, or the Philippines are for respective Capital One regions.
#J-18808-Ljbffr
Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, software quality, and data management. Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 professionals in TDRM oversee ~14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, tech risk, and data management risk. We shape strategy and decisions, challenge activities to meet our standards, and perform independent tests of our security and technology risk. Our structure includes the first-line CISO with operational responsibilities and the second-line Chief Tech Risk Officer (CTRO) and the Tech & Data Risk Management (TRM) organization with broader responsibilities for cybersecurity, reliability, software quality, resilience, and data risk. The CTRO is independent and oversees the work of the CISO, the CIO/CTO, and the Chief Data Officer, reporting to the Chief Risk Officer and then to the CEO. In this role you will be a risk expert who influences across all levels of the organization, with a focus on applying our Risk Leveling Program to ensure tech and cyber risks are consistently defined and measured, generating data that drives actions to mitigate risk across the organization. You will mentor Senior Risk Managers within the RAPID team and deliver against enterprise-wide deadlines while demonstrating risk expertise and stakeholder influence. You will also provide support to Divisions on risk assessment and treatment options based on Line of Business and enterprise risk appetite, and bring strong knowledge of technology/cyber risk, industry trends, and regulatory expectations to strategic planning and problem solving. Responsibilities
Influence executives across the Lines of Business to take accountability for complex technology and cyber risks Execute the Risk Leveling program across centralized and decentralized divisions Leverage leadership experience and executive influencing skills to raise risk maturity Constructively debate issues and connect the dots across risk assessments and initiatives Identify opportunities to influence risk-taking strategies and ensure aggregate risk is understood Provide robust risk management oversight supporting internal audits and regulatory exams Mentor and develop associates to meet professional development goals Maintain a broad, expert understanding of technology risk frameworks and apply them in risk identification Communicate subject matter expertise in risk categorization, risk emergence in new environments, and safeguards for the enterprise Demonstrate critical thinking and communication skills to devise and socialize innovative risk management solutions Use reporting tools to analyze data points and inform policies and drive change; understand risk metrics for tech and cyber risks Demonstrate lifecycle program management, socialize action plans, address impediments and risks, and engage stakeholders A successful candidate will have
Superb communication skills, including active listening and executive presentation Proven analytical ability to present data-driven points of view to technical and non-technical audiences Comfort raising concerns early and escalating appropriately to facilitate problem solving Expertise in technology and cybersecurity with the ability to register dissent respectfully Ability to collaborate across organizations to achieve consensus, socialize strategy, and meet objectives Track record of providing strategic direction to drive results and influence outcomes Basic Qualifications
Bachelor's Degree AND at least 7 years of experience in information security, information technology or risk management OR High School Diploma, GED or equivalent certification AND at least 9 years of experience At least 5 years of experience developing, evaluating or implementing cybersecurity, technology or risk assessment activities Professional security or risk management certification (CISSP, CISM, CISA, CRISC, CIPP or Open FAIR) Preferred Qualifications
Master’s Degree Knowledge of supervisory expectations in FFIEC IT Handbook, Federal Reserve Supervisory Letters, OCC Bulletins or FDIC FILs At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. This salary information is for candidates hired to work within these locations and represents the amount Capital One is willing to pay at the time of posting. Salaries for part-time roles will be prorated based on hours worked. McLean, VA: $226,000 - $257,900 for Director, Cyber Risk & Analysis New York, NY: $246,500 - $281,300 for Director, Cyber Risk & Analysis Plano, TX: $205,400 - $234,400 for Director, Cyber Risk & Analysis Richmond, VA: $205,400 - $234,400 for Director, Cyber Risk & Analysis Candidates hired to work in other locations will be subject to the pay range for that location; the actual salary will be stated in the offer letter. This role is eligible for performance-based incentive compensation, which may include cash bonuses and/or long-term incentives (LTI). Capital One offers a comprehensive, inclusive set of health and other benefits. Eligibility varies by status. More details at the Capital One Careers website. This role is expected to accept applications for a minimum of 5 business days. No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination and to maintaining a drug-free workplace. Capital One will consider for employment qualified applicants with criminal history in accordance with applicable laws and regulations. If you require an accommodation, contact Capital One Recruiting at 1-800-304-9102 or RecruitingAccommodation@capitalone.com. All information will be kept confidential and used only to provide needed accommodations. For technical support or questions about Capital One's recruiting process, please email Careers@capitalone.com. Capital One does not provide or guarantee third-party products or services. Capital One Financial is made up of several entities. Positions posted in Canada, the United Kingdom, or the Philippines are for respective Capital One regions.
#J-18808-Ljbffr