Sr. Risk Manager (Cyber Risk) - Card Risk Team

Capital One
McLean, Virginia
Jul 28, 2022
Aug 26, 2022
Full Time
Center 1 (19052), United States of America, McLean, Virginia

Sr. Risk Manager (Cyber Risk) - Card Risk Team

As a Senior Risk Manager in Capital One's US Card Risk office you will be responsible for working with business partners, horizontal risk support, and technology teams to identify and consult on potential risks to Capital One. You will be responsible for enhancing the risk infrastructure supporting multiple teams and business units. Senior Risk Managers at Capital One lead our first line of defense to ensure our company remains well-managed and profitable.

Senior Risk Managers at Capital One are highly motivated risk management professionals with excellent analytical, organizational, and communication skills. These skills allow the risk manager to gain insights, and act as a change agent to influence business partners. As Capital One evolves to meet the ever changing technology landscape, so do our Senior Risk Managers. A successful risk manager operates from a foundation of knowledge about the line of business with whom they are working, laws / regulations and good Risk Management practices. They are forward thinking, quick to adapt, and technologically adept.

Responsibilities include:
  • Consult on risk to business partners; providing advice and guidance as required
  • Facilitate exam and audit responses for the line of business
  • Influence business area to mitigate risk when developing well-designed products, practices, and processes
  • Establish and maintain positive working relationships with business area, product owners, process managers, compliance advisors, legal counsel, auditors, local technology support, and other Risk Advisors
  • Participate in and help manage work between multiple areas, engaging in various work streams
  • Partnering with issues and event managers to track and remediate risks to closure in the risk management system.
  • Understanding of data management best practices in support of external data sharing program teams.
  • Participate in risk/controls forums and contributing to continuous improvement of risk management practices and processes
  • Develop appropriate controls and effectiveness testing
  • Develop a deep understanding of business strategies, products, services, and risk profile;
  • Analyze information to proactively identify risks, trends, and process improvements
  • Provide oversight and guidance during risk/controls assessments (PLA, CBP, ARA, etc.)
  • Support and align timely delivery of regular monthly, quarterly and semi-annual deliverables, including research and preparation of content, reviews and approvals before delivery
  • Be a part of delivering on our well-managed agenda
  • Manage multiple tasks to meet deadlines, independently and with supervision and support as needed
  • Communicate effectively with Cyber, Tech, and other departments
  • Knowledgeable in cyber areas OWASP Top 10 and CIS/NIST controls frameworksExperience in CIS/NIST/ security controls framework, COSO, or COBIT framework

Our ideal candidate will have the following experience and attributes:
  • Oversee risk event remediation impacting customers stemming from process breakdowns or other problems, helping develop permanent corrective actions
  • Consult with your business in risk assessment identification, control building, and process remediation
  • Effectively challenge our business partners, 2nd (Compliance and ORM) and 3rd lines (Audit).
  • Certification in the field of Information Security (CISSP, CISM, CISA, CRISC, Security+)

Basic Qualifications:
  • At least 4 years experience in partnering and working with internal audit or regulatory agencies
  • At least 4 years of experience in Technology Risk Management or Compliance
  • At least 7 years experience in process, risk management, governance, cyber and information security concepts
  • At least 4 years of people management experience

Preferred Qualifications:
  • Bachelor's Degree
  • 5+ years of experience in performing risk and control assessments, control testing, or assessments against industry risk frameworks
  • 4+ years of experience in Process Management or Project Management
  • 3+ years of cloud experience
  • Agile or Design Thinking experience
  • Certified Risk Management Assurance (CRMA) or Certified Regulatory Compliance Manager (CRCM)
  • Lean, Agile, Six Sigma, Business Process Management, or Project management certification

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

No agencies please. Capital One is an Equal Opportunity Employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex, race, color, age, national origin, religion, physical and mental disability, genetic information, marital status, sexual orientation, gender identity/assignment, citizenship, pregnancy or maternity, protected veteran status, or any other status prohibited by applicable national, federal, state or local law. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

For technical support or questions about Capital One's recruiting process, please send an email to

Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.

Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).

Similar jobs