Capital One
Overview
Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, software quality, and data management. Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 professionals in TDRM oversee ~14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk, and data management risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TDRM ensures they have the tech and data risk information they need to make good decisions. Associates within TDRM are highly skilled information security, cybersecurity, site reliability engineering, technology, data analyst, data scientist, and risk management professionals who add value with their advice and deliver high-impact results. A successful candidate will have:
A risk expert who can influence across all layers of the organization, known for getting things done in the right way and at the required pace, with the ability to provide innovative solutions to complex problems. You will mentor Senior Risk Managers within the RAPID team and demonstrate model behavior across risk expertise and stakeholder influence, while delivering against enterprise-wide deadlines. Role Summary
As a Director of Cyber and Tech Risk Execution, you will support and guide the first line with the practical application of our Risk Levelling Program. The program defines and measures Tech and Cyber risks to generate meaningful data that drives action to mitigate risk across the organization. You will be a risk expert who can influence across all organization levels and adapt approaches to deliver results at the required pace. You will mentor and guide senior risk professionals, delivering against enterprise-wide deadlines, while providing support to Divisions on risk assessment and treatment options based on line of business and enterprise risk appetite. You will have strong knowledge of technology/cyber risk, industry and regulatory trends, paired with strategic thinking and intellectual curiosity to thrive in undefined problem spaces. Responsibilities Influence executives across the Lines of Business to take accountability for complex (and sometimes sensitive) technology and cyber risks
Execute the Risk Leveling program across centralized and decentralized divisions
Leverage leadership experience to raise the level of risk maturity
Constructively debate issues and connect analyses across assessments (risk and control self-assessments; critical business process-level assessments; new initiatives; scenario analysis; risk acceptances)
Identify opportunities to influence risk-taking strategies and ensure aggregate risk is understood
Provide robust risk management oversight in support of internal audits and regulatory exams
Mentor and develop associates to meet professional development goals
Maintain broad, expert understanding of technology risk frameworks and apply them in risk identification
Communicate expertise in risk categorization, risk occurrence in new environments, and safeguarding measures
Demonstrate strong critical thinking and communication skills to devise and socialize innovative risk management solutions
Use reporting tools to analyze data points and inform policies; understand reporting metrics and inform on tech and cyber risks
Demonstrate lifecycle program management, including socializing action plans, impediments, risks, and stakeholder training/engagement
Basic Qualifications Bachelor's Degree AND at least 7 years of experience in information security, information technology or risk management OR High School Diploma, GED or equivalent AND at least 9 years of experience in information security, information technology or risk management
At least 5 years of experience developing, evaluating or implementing cybersecurity, technology or risk assessment activities
Professional security management or risk management certification (CISSP, CISM, CISA, CRISC, CIPP or Open FAIR Certified)
Preferred Qualifications Master’s Degree
Knowledge of supervisory expectations expressed in FFIEC IT Handbook, Federal Reserve Supervisory Letters, OCC Bulletins or FDIC Financial Institution Letters
At this time, Capital One will not sponsor a new applicant for employment authorization for this position.
The minimum and maximum full-time annual salaries for this role are listed below, by location. Salaries for part-time roles will be prorated based upon hours worked.
McLean, VA: $226,000 - $257,900 for Director, Cyber Risk & Analysis
New York, NY: $246,500 - $281,300 for Director, Cyber Risk & Analysis
Plano, TX: $205,400 - $234,400 for Director, Cyber Risk & Analysis
Richmond, VA: $205,400 - $234,400 for Director, Cyber Risk & Analysis
Candidates hired in other locations will receive the pay range for that location; the actual offer will be in the offer letter.
This role is eligible for performance-based incentive compensation, which may include cash bonuses and/or long-term incentives (LTI).
Capital One offers a comprehensive benefits package. Eligibility varies by full/part-time status, exempt/non-exempt status, and management level. Learn more at Capital One Careers.
This role is expected to accept applications for a minimum of 5 business days.
No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination. Capital One will consider qualified applicants with criminal histories in a manner consistent with applicable laws.
If you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or RecruitingAccommodation@capitalone.com. All information provided will be kept confidential and used to provide needed accommodations.
For technical support or questions about Capital One's recruiting process, please email Careers@capitalone.com. Capital One does not endorse third-party products or services and is not liable for information on external sites.
Capital One Financial is made up of several entities. Positions posted in Canada, the United Kingdom, and the Philippines refer to Capital One Canada, Capital One Europe, and Capital One Philippines Service Corp. respectively.
#J-18808-Ljbffr
Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, software quality, and data management. Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 professionals in TDRM oversee ~14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk, and data management risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TDRM ensures they have the tech and data risk information they need to make good decisions. Associates within TDRM are highly skilled information security, cybersecurity, site reliability engineering, technology, data analyst, data scientist, and risk management professionals who add value with their advice and deliver high-impact results. A successful candidate will have:
A risk expert who can influence across all layers of the organization, known for getting things done in the right way and at the required pace, with the ability to provide innovative solutions to complex problems. You will mentor Senior Risk Managers within the RAPID team and demonstrate model behavior across risk expertise and stakeholder influence, while delivering against enterprise-wide deadlines. Role Summary
As a Director of Cyber and Tech Risk Execution, you will support and guide the first line with the practical application of our Risk Levelling Program. The program defines and measures Tech and Cyber risks to generate meaningful data that drives action to mitigate risk across the organization. You will be a risk expert who can influence across all organization levels and adapt approaches to deliver results at the required pace. You will mentor and guide senior risk professionals, delivering against enterprise-wide deadlines, while providing support to Divisions on risk assessment and treatment options based on line of business and enterprise risk appetite. You will have strong knowledge of technology/cyber risk, industry and regulatory trends, paired with strategic thinking and intellectual curiosity to thrive in undefined problem spaces. Responsibilities Influence executives across the Lines of Business to take accountability for complex (and sometimes sensitive) technology and cyber risks
Execute the Risk Leveling program across centralized and decentralized divisions
Leverage leadership experience to raise the level of risk maturity
Constructively debate issues and connect analyses across assessments (risk and control self-assessments; critical business process-level assessments; new initiatives; scenario analysis; risk acceptances)
Identify opportunities to influence risk-taking strategies and ensure aggregate risk is understood
Provide robust risk management oversight in support of internal audits and regulatory exams
Mentor and develop associates to meet professional development goals
Maintain broad, expert understanding of technology risk frameworks and apply them in risk identification
Communicate expertise in risk categorization, risk occurrence in new environments, and safeguarding measures
Demonstrate strong critical thinking and communication skills to devise and socialize innovative risk management solutions
Use reporting tools to analyze data points and inform policies; understand reporting metrics and inform on tech and cyber risks
Demonstrate lifecycle program management, including socializing action plans, impediments, risks, and stakeholder training/engagement
Basic Qualifications Bachelor's Degree AND at least 7 years of experience in information security, information technology or risk management OR High School Diploma, GED or equivalent AND at least 9 years of experience in information security, information technology or risk management
At least 5 years of experience developing, evaluating or implementing cybersecurity, technology or risk assessment activities
Professional security management or risk management certification (CISSP, CISM, CISA, CRISC, CIPP or Open FAIR Certified)
Preferred Qualifications Master’s Degree
Knowledge of supervisory expectations expressed in FFIEC IT Handbook, Federal Reserve Supervisory Letters, OCC Bulletins or FDIC Financial Institution Letters
At this time, Capital One will not sponsor a new applicant for employment authorization for this position.
The minimum and maximum full-time annual salaries for this role are listed below, by location. Salaries for part-time roles will be prorated based upon hours worked.
McLean, VA: $226,000 - $257,900 for Director, Cyber Risk & Analysis
New York, NY: $246,500 - $281,300 for Director, Cyber Risk & Analysis
Plano, TX: $205,400 - $234,400 for Director, Cyber Risk & Analysis
Richmond, VA: $205,400 - $234,400 for Director, Cyber Risk & Analysis
Candidates hired in other locations will receive the pay range for that location; the actual offer will be in the offer letter.
This role is eligible for performance-based incentive compensation, which may include cash bonuses and/or long-term incentives (LTI).
Capital One offers a comprehensive benefits package. Eligibility varies by full/part-time status, exempt/non-exempt status, and management level. Learn more at Capital One Careers.
This role is expected to accept applications for a minimum of 5 business days.
No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination. Capital One will consider qualified applicants with criminal histories in a manner consistent with applicable laws.
If you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or RecruitingAccommodation@capitalone.com. All information provided will be kept confidential and used to provide needed accommodations.
For technical support or questions about Capital One's recruiting process, please email Careers@capitalone.com. Capital One does not endorse third-party products or services and is not liable for information on external sites.
Capital One Financial is made up of several entities. Positions posted in Canada, the United Kingdom, and the Philippines refer to Capital One Canada, Capital One Europe, and Capital One Philippines Service Corp. respectively.
#J-18808-Ljbffr