Manager, Third Party Risk
McLean 2 (19052), United States of America, McLean, Virginia Manager, Third Party Risk The Information Assurance Third Party Management (IA TPM) program defines the framework and conducts the assessments that enable the business to protect sensitive Capital One information and confirms the third party s ability to provide continual services. The associate in this role will provide leadership and oversight for the IA TPM assessment function and supporting team of assessors. IA TPM assessors partner with the line of business Third Party Manager and IA TPM team to gain insight into the inherent cyber risk of the third party engagement to inform the evaluation they perform to establish the effectiveness of the third party s environment and deliver a quality assessment report. This enables effective risk management in alignment with business tolerance and industry requirements. You will: Manage a team of assessors performing assessments of Capital One third parties Manage relationship with external assessment firm in coordinating assessment activity Conduct training of internal and external assessors on program updates Maintain oversight of the assessment pipeline Execute kick-off, planning and scoping activities for IA TPM risk assessments Perform gap analysis of Third Parties control environment against Capital One control expectations Write reports including executive summaries and work papers detailing the assessment work completed, evidence reviewed, and identified gaps Lead the Quality Check (QC) process on assessment reports Communicate final reports to stakeholders including Third Party Managers and accountable Executives Travel 10-20%, which may include offshore locations, to perform multi day assessments Maintain a thorough understanding of the program controls, intent, and test procedures and provide input to ensure content is current and relevant to the technology environment and threat landscape Partner across the IA TPM community to recommend and drive program revisions/enhancements Support the annual review/update of the assessment program with stakeholders Supporting initiatives to drive quality assessment reporting by reviewing the assessment results (work papers and executive summaries) provided by IA TPM assessors of Capital One s third parties. About You: You are an inspiring and motivating people leader You are able to analyze information and data You demonstrate strong subject matter expertise and sound judgement to align appropriate risk level You can conduct an assessment in a collaborative manner to effectively assess controls while maintaining business relationships You can quickly analyze information security controls, ensure clearly written assessments, and provide constructive action items to assessors You can develop and communicate quality recommendations to assessors You have an ability to work with diverse contacts throughout the world to achieve results You are able to communicate technical issues to non-technical people You demonstrate strong problem-solving and conceptual thinking abilities Basic Qualifications: High School Diploma, GED, or equivalent certification At least 5 years of experience conducting Information Security Risk Assessments or Information Security Audits At least 3 years of experience in Business Continuity or Risk Management At least 3 years of experience in managing third party vendors At least 2 years of people management experience Preferred Qualifications: Bachelor s Degree Active CISSP and CISA certification 3+ years of experience in Payment Card Industry Data Security (PCI DSS), National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), Physical Security, or IT Operations Management 2+ years of experience with Cloud technologies (AWS, Azure, or Google Cloud Platform) 3+ years experience at a Financial Institution At this time, Capital One will not sponsor a new applicant for employment authorization for this position.