Capital One
Director of Data Risk Management and Protection
Capital One, Washington, District of Columbia, us, 20022
Join Capital One, one of the fastest growing organizations globally, where technology innovation meets robust cybersecurity strategies. We have successfully transitioned our entire enterprise to the public cloud and prioritize managing technology risk just as much as driving innovation. The Technology & Data Risk Management (TDRM) team is a group of around 150 dedicated professionals recognized as trusted advisors in the field of technology and information security risk.
As the Director of Advisory & Oversight Data Protection, you will be an integral part of our mission to equip executives and teams with the knowledge to navigate and manage cyber risks effectively. Your expertise in data protection measures will drive the analysis and management of cybersecurity risks across various business divisions.
Responsibilities:
Identify and evaluate areas of cyber risk while providing expert oversight and actionable recommendations.
Oversee the production of technical assessments regarding the effectiveness of cybersecurity controls.
Prepare assessments for senior management, regulatory agencies, and the Board of Directors.
Lead a team of cybersecurity professionals, setting vision, direction, and facilitating their career development.
Stay informed about emerging cyber threats and innovative risk management approaches.
Collaborate effectively with diverse stakeholders across multiple organizational levels to achieve common goals.
Coordinate program activities to ensure successful collaboration within the team and with stakeholder groups.
Influence positive changes in technology and programs that align with the company's risk appetite.
Basic Qualifications: A Bachelor's degree or equivalent military experience.
A minimum of 7 years in cybersecurity operations with enterprise-grade data protection tools or processes.
At least 5 years of experience in data protection technologies and processes such as Data Loss Prevention (DLP), data classification, encryption, and secure data transfer.
5 years of experience in people management.
2 years of data management or certificate management experience.
2 years of experience with public cloud security principles.
Preferred Qualifications: Professional security management certification (e.g., CISSP, CISM, CRISC).
Exceptional written and verbal communication skills, with the ability to present complex concepts clearly.
2 years of experience in consulting, auditing, or roles related to information security and risk management.
Familiarity with threat intelligence and experience in analyzing emerging threats.
Strong interpersonal skills to effectively engage at all organizational levels and influence decisions.
Keen understanding of financial regulatory practices relating to risk management.
Experience in conducting risk assessments and reporting.
Passionate about cybersecurity with the ability to express dissenting opinions respectfully and constructively.
Capable of managing multiple projects with exceptional results.
Ability to work both independently and collaboratively within a team environment.
Proactive and results-driven approach.
Familiarity with frameworks like NIST Cybersecurity Framework, NIST 800-53, and ISO 27000-1.
This position is not Open for employment sponsorship. The minimum and maximum full-time annual salaries for this role are as follows: McLean, VA: $263,900 - $301,200 Richmond, VA: $239,900 - $273,800 Riverwoods, IL: $239,900 - $273,800 Candidates in other locations will be subject to the respective pay ranges. The actual salary offered will be reflected in the candidate's offer letter. Performance-based incentive compensation may be available, including cash bonuses and long-term incentives. Capital One offers a comprehensive benefits package that enhances employee well-being. Eligibility varies based on employment status and management level. Capital One is an equal opportunity employer committed to non-discrimination.
Oversee the production of technical assessments regarding the effectiveness of cybersecurity controls.
Prepare assessments for senior management, regulatory agencies, and the Board of Directors.
Lead a team of cybersecurity professionals, setting vision, direction, and facilitating their career development.
Stay informed about emerging cyber threats and innovative risk management approaches.
Collaborate effectively with diverse stakeholders across multiple organizational levels to achieve common goals.
Coordinate program activities to ensure successful collaboration within the team and with stakeholder groups.
Influence positive changes in technology and programs that align with the company's risk appetite.
Basic Qualifications: A Bachelor's degree or equivalent military experience.
A minimum of 7 years in cybersecurity operations with enterprise-grade data protection tools or processes.
At least 5 years of experience in data protection technologies and processes such as Data Loss Prevention (DLP), data classification, encryption, and secure data transfer.
5 years of experience in people management.
2 years of data management or certificate management experience.
2 years of experience with public cloud security principles.
Preferred Qualifications: Professional security management certification (e.g., CISSP, CISM, CRISC).
Exceptional written and verbal communication skills, with the ability to present complex concepts clearly.
2 years of experience in consulting, auditing, or roles related to information security and risk management.
Familiarity with threat intelligence and experience in analyzing emerging threats.
Strong interpersonal skills to effectively engage at all organizational levels and influence decisions.
Keen understanding of financial regulatory practices relating to risk management.
Experience in conducting risk assessments and reporting.
Passionate about cybersecurity with the ability to express dissenting opinions respectfully and constructively.
Capable of managing multiple projects with exceptional results.
Ability to work both independently and collaboratively within a team environment.
Proactive and results-driven approach.
Familiarity with frameworks like NIST Cybersecurity Framework, NIST 800-53, and ISO 27000-1.
This position is not Open for employment sponsorship. The minimum and maximum full-time annual salaries for this role are as follows: McLean, VA: $263,900 - $301,200 Richmond, VA: $239,900 - $273,800 Riverwoods, IL: $239,900 - $273,800 Candidates in other locations will be subject to the respective pay ranges. The actual salary offered will be reflected in the candidate's offer letter. Performance-based incentive compensation may be available, including cash bonuses and long-term incentives. Capital One offers a comprehensive benefits package that enhances employee well-being. Eligibility varies based on employment status and management level. Capital One is an equal opportunity employer committed to non-discrimination.