Job Description

McLean 1 (19050), United States of America, McLean, Virginia

Sr. Manager - Cybersecurity Risk - Technology Risk Management

Technology Risk Management, a second line of defense organization within Capital Ones Risk Management organization, is a fast growing team focused on providing expert advice, credible challenge, and effective oversight of information security and technology risk activities throughout the enterprise. Associates that make up the Technology Risk Management team are highly-skilled information security, cyber, technology, and risk management professionals who bring a wealth of experience to bear to deliver high-impact analysis and recommendations that are rooted in direct knowledge of security and technology.

This position Sr. Manager, Cybersecurity Risk will contribute to and act as a leader within a team of highly skilled resources whose goal is to uncover vulnerabilities and weaknesses in the enterprise cyber environment through outcome based testing scenarios. The successful candidate will develop, oversee, and execute processes to perform testing against control objectives across the enterprise. The results of these tests may generate or contribute to risk assessments, updates to security controls, or support effective challenge. They will also partner closely with various leaders and stakeholders to communicate results and help recommend key security enhancements.

As a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the firm. The position affords opportunities for substantial growth. The demands and high-visibility nature of this position require an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately.

Essential Functions (Responsibilities):

* Participate in a team who is responsible for testing control objectives to identify areas of risk

* Develop and implement control objective testing methodologies and scenarios

* Participate in the drafting of assessments for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as needed

* Stay current on emerging cyber threats, TTPs, and potential implications to the firm

* Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives

Basic Qualifications:

* A bachelors degree or military experience

* At least 6 years experience in security

* At least 2 years experience performing technical testing to identify enterprise, network, system, endpoint, and application-level security issues and risks

* At least 2 years experience with security concepts including identification and authentication, application security, least privilege, access control, configuration management, media protection, or data protection

* At least 2 years experience with industry security frameworks (NIST or COBIT)

* At least 2 years of experience leading testing teams, security concepts, techniques, tools, methods, practices and implementation

* At least 2 years experience in a cloud or on-premise hybrid infrastructure security

* Professional security certification (CISSP, OSCP, OSCE, or CPT)

Preferred Qualifications:

* Experience managing multiple high-visibility and high-impact projects while maintaining superior results

* Execution oriented and a self-motivator

* Demonstrated clear communication skills and interacting effectively at all levels of the organizations, and to influence senior management and executives

* Ability to foster collaborative, open, working relationships with technology and other stakeholders.

* Fundamental understanding of risk vs severity

* Passion and expertise in cybersecurity and technology

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.