Director, Cybersecurity Risk Technology Risk Management
McLean 1 (19050), United States of America, McLean, Virginia Director, Cybersecurity Risk Technology Risk Management Technology Risk Management, a second line of defense organization within Capital One s Risk Management organization, is a fast growing team focused on providing expert advice, credible challenge, and effective oversight of information security and technology risk activities throughout the enterprise. Associates that make up the Technology Risk Management team are highly-skilled information security, cyber, technology, and risk management professionals who bring a wealth of experience to bear to deliver high-impact analysis and recommendations that are rooted in direct knowledge of security and technology. This position Director, Cybersecurity Risk will lead a team of highly skilled resources whose goal is to uncover vulnerabilities and weaknesses in the enterprise cyber environment through outcome based testing scenarios. The successful candidate will develop, oversee, and execute processes to perform testing against control objectives across the enterprise. The results of these tests may generate or contribute to risk assessments, updates to security controls, or support effective challenge. They will also partner closely with various leaders and stakeholders to communicate results and help recommend key security enhancements. As a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the firm. The position affords opportunities for substantial growth. The demands and high-visibility nature of this position require an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Lead a team responsible for testing control objectives to identify areas of risk Develop and implement control objective testing methodologies and scenarios Draft assessments for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as needed Stay current on emerging cyber threats, TTPs, and potential implications to the firm Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives Basic Qualifications: A bachelor s degree or military experience At least 8 years experience in security At least 3 years experience performing technical testing to identify enterprise, network, system, endpoint, and application-level security issues and risks At least 3 years experience with security concepts including identification and authentication, application security, least privilege, access control, configuration management, media protection, or data protection At least 3 years experience with industry security frameworks (NIST or COBIT) At least 3 years of experience leading testing teams, security concepts, techniques, tools, methods, practices and implementation At least 3 years experience in a cloud or on-premise hybrid infrastructure security Professional security certification (CISSP, OSCP, OSCE, or CPT) Preferred Qualifications: Experience managing multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Demonstrated clear communication skills and interacting effectively at all levels of the organizations, and to influence senior management and executives Ability to foster collaborative, open, working relationships with technology and other stakeholders. Fundamental understanding of risk vs severity Passion and expertise in cybersecurity and technology At this time, Capital One will not sponsor a new applicant for employment authorization for this position.