Capital One
Principal Associate, TRM Controls Review
Capital One, Richmond, Virginia, United States, 23214
Principal Associate, TRM Controls Review
Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, software quality, and data management.
Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 professionals in TDRM are trusted experts who oversee ~14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, tech risk, and data management risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk.
This position – Principal Associate, TRM Controls Review – will play a key role in the organization’s second line of defense independent controls review program by providing technical expertise in assessing the overall effectiveness of the company’s technology (including both cybersecurity and technology) controls environment. The role evaluates first-line monitoring and testing results, performs independent testing of first-line technology controls to evaluate control design and operating effectiveness, and drafts reports for senior management.
Essential Functions (Responsibilities)
Perform independent controls review of the company’s cybersecurity and technology control environment.
Assess first-line control testing programs to determine sufficiency of processes and effectiveness of execution.
Provide technical assessments of technology control design and effectiveness by performing independent testing.
Draft assessments for senior management and other stakeholders, including regulatory agencies and the Board of Directors, as required.
Provide challenge, expertise and advice on enhancing the design, effectiveness, and maturity of the company’s technology controls and capabilities.
Participate in the management of the overall technology control inventory which defines the scope of the controls review program.
Stay current on emerging cyber threats, technologies, controls, and potential implications for the company.
Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives.
Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups.
Basic Qualifications
Bachelor’s degree or military experience.
At least 3 years of experience testing technology controls based on established industry risk frameworks, including the NIST Cybersecurity Framework, COBIT v5, COSO, or FedRAMP.
At least 3 years of experience managing, consulting, auditing, or working in the fields of information security or information technology.
At least 3 years of experience with cybersecurity and technology practices.
Preferred Qualifications
Professional security management certifications, such as CISSP, CISM, CRISC, CCSP, or AWS Cloud Practitioner.
Experience using automated testing tools.
At this time, Capital One will not sponsor a new applicant for employment authorization for this position.
The minimum and maximum full-time annual salaries for this role are listed below by location: McLean, VA: $117,300 - $133,900 for Principal Associate, TRM Controls Review
Richmond, VA: $106,700 - $121,700 for Principal Associate, TRM Controls Review
This role is also eligible to earn performance-based incentive compensation, which may include cash bonus(es) and/or long-term incentives (LTI).
Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.
This role is expected to accept applications for a minimum of five business days.
No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries.
If you need an accommodation to apply, please contact Capital One Recruiting at 1-800-304-9102 or via email at RecruitingAccommodation@capitalone.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.
For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com.
#J-18808-Ljbffr
Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 professionals in TDRM are trusted experts who oversee ~14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, tech risk, and data management risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk.
This position – Principal Associate, TRM Controls Review – will play a key role in the organization’s second line of defense independent controls review program by providing technical expertise in assessing the overall effectiveness of the company’s technology (including both cybersecurity and technology) controls environment. The role evaluates first-line monitoring and testing results, performs independent testing of first-line technology controls to evaluate control design and operating effectiveness, and drafts reports for senior management.
Essential Functions (Responsibilities)
Perform independent controls review of the company’s cybersecurity and technology control environment.
Assess first-line control testing programs to determine sufficiency of processes and effectiveness of execution.
Provide technical assessments of technology control design and effectiveness by performing independent testing.
Draft assessments for senior management and other stakeholders, including regulatory agencies and the Board of Directors, as required.
Provide challenge, expertise and advice on enhancing the design, effectiveness, and maturity of the company’s technology controls and capabilities.
Participate in the management of the overall technology control inventory which defines the scope of the controls review program.
Stay current on emerging cyber threats, technologies, controls, and potential implications for the company.
Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives.
Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups.
Basic Qualifications
Bachelor’s degree or military experience.
At least 3 years of experience testing technology controls based on established industry risk frameworks, including the NIST Cybersecurity Framework, COBIT v5, COSO, or FedRAMP.
At least 3 years of experience managing, consulting, auditing, or working in the fields of information security or information technology.
At least 3 years of experience with cybersecurity and technology practices.
Preferred Qualifications
Professional security management certifications, such as CISSP, CISM, CRISC, CCSP, or AWS Cloud Practitioner.
Experience using automated testing tools.
At this time, Capital One will not sponsor a new applicant for employment authorization for this position.
The minimum and maximum full-time annual salaries for this role are listed below by location: McLean, VA: $117,300 - $133,900 for Principal Associate, TRM Controls Review
Richmond, VA: $106,700 - $121,700 for Principal Associate, TRM Controls Review
This role is also eligible to earn performance-based incentive compensation, which may include cash bonus(es) and/or long-term incentives (LTI).
Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.
This role is expected to accept applications for a minimum of five business days.
No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries.
If you need an accommodation to apply, please contact Capital One Recruiting at 1-800-304-9102 or via email at RecruitingAccommodation@capitalone.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.
For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com.
#J-18808-Ljbffr