West Creek 5 (12075), United States of America, Richmond, Virginia

Manager, Cyber Risk and Analysis

As a Risk Manager in Capital One's Cyber Data Protection Operations Team, you will be responsible for managing the governance and risk related activities for the service, including PLA, RCA, Audit, Regulatory, CAMP, TRAs, and Controls testing. You will mature and manage the risk management processes by working with Data Protection Service and Product teams, horizontal partner teams (Audit, TRM, ES RIsk, Cyber GRC), and supporting technology teams to identify, document, and mitigate data protection risks to Capital One. Risk Managers at Capital One are highly motivated risk management professionals with excellent analytical, organizational, influencing, and communication skills. These skills allow the risk manager to gain insights, and act as a change agent to influence our partners. The successful risk manager operates from a foundation of solid Risk Management practices and knowledge about Data Protection, Cyber, and applicable laws and regulations. They are forward thinking, quick to adapt, and technologically adept.

Responsibilities include:

• Consult and accurately document risk objects for the Data Protection Service (DPS)
  
• Participate in, and help manage, risk reduction efforts between multiple areas, engaging in various work streams
  
• Analyze information to proactively identify risks, trends, and process improvements
  
• Provide oversight and guidance during risk and controls assessments
  
• Support facilitation of exam and audit responses for the line of business
  
• Establish well managed processes to continuously monitor and evaluate the adequacy and effectiveness of our control suite environment including managing our DPS control testing calendar to timely pre-assess control design and operating effectiveness prior to 2LoD scheduled testing
  
• Work with DPS teams, consult on, and manage process for new controls which need to be registered or modified as part of initiatives or other work
  
• Identify and lead opportunities to move to automate controls and processes in partnership with DPS teams and partners
  
• Support tracking remediation of risks and issues to closure in the risk management systems. Partner with Data Protection Service partners to manage remediation commitments
  
• Develop and support timely delivery of regular monthly, quarterly, and semi-annual deliverables
  

A successful candidate will have:

• Superb communication skills that include active listening and executive presentation skills
  
• Excellent influencing and persuasion skills
  
• Proven critical analytical, including and the ability to express a point of view supported by data (with both technical and non-technical audiences)
  
• Comfort raising concerns early and knows when to escalate, including the ability to raise issues and facilitate constructive problem-solving at all levels of the organization
  
• Passion and expertise in technology and cybersecurity domains, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions
  
• Ability to collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to get consensus, socialize strategy, and achieve objectives
  
• Ability to manage multiple parallel initiatives while maintaining superior results
  
• Focus on results and be a self-motivator
  
• Personal resilience - the ability to stay optimistic and keep people focused during crises or times of change
  

Basic Qualifications:

• High School Diploma, GED, or equivalent certification
  
• At least 5 years of experience managing, consulting, auditing, or working in the fields of information security, technology, or risk management
  
• At least 5 years of experience developing, evaluating, or implementing cybersecurity, technology, or risk assessment activities
  
• At least 3 years of Project Management experience
  

Preferred Qualifications:

• Bachelor's Degree
  
• 6+ years of Risk Management experience in a Cyber or Information Security practice
  
• 4+ years of Project Management experience leading cross functional projects in Risk
  
• 1+ years of cloud risk, governance, control, and security experience
  
• CISA, CISM, CRISC, or CISSP Certification
  

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

No agencies please. Capital One is an Equal Opportunity Employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex, race, color, age, national origin, religion, physical and mental disability, genetic information, marital status, sexual orientation, gender identity/assignment, citizenship, pregnancy or maternity, protected veteran status, or any other status prohibited by applicable national, federal, state or local law. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at RecruitingAccommodation@capitalone.com . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com

Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.

Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).