McLean 1 (19050), United States of America, McLean, Virginia

Manager, Compliance & Governance - Technology Risk Management

Technology Risk Management is a growing organization focused on providing expert advice, credible challenge, and effective oversight of information security and technology activities to identify, assess, control, and manage cyber risk throughout the company. This organization plays a critical role in helping to ensure that the company's risk taking entities are aware of the risks inherent in their activities and decisions, the impact of their actions on the company at an enterprise level, and opportunities to reduce, mitigate, or avoid risks altogether. Associates within the Technology Risk Management organization are highly-skilled information security, cyber, technology, or risk management professionals who have a wealth of experience and a demonstrated ability to provide value-added recommendations and deliver high-impact results in their areas of expertise.

This position - Manager, Compliance & Governance - will play a key role in assessing and enhancing the organization's compliance with cybersecurity and technology risk management requirements by serving as a compliance advisor for cyber and technology risk. This includes ensuring a governance framework that enables effective risk management is in place, as well as coordinating and executing the assessment of the compliance impacts of risk taking activities and evaluating new laws and regulatory requirements to understand their implications. In addition to coordinating and executing compliance assessment activities, this role will involve developing reports on assessment results and preparing these results to management and other stakeholders.

As part of the second line of defense, you will work closely with associates in Cyber, Technology, the Lines of Business, and other risk management offices to perform and support evaluations of the firm's risk posture and offer independent advice and recommendations regarding ways to reduce risks.

As a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the firm. The position affords opportunities for substantial growth. The demands and high-visibility nature of this position require an individual with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately.

Essential Functions (Responsibilities) :

• Understand and assess the inventory of technology and cyber risk management related laws and regulations, as well as industry standards such as the NIST CSF and FFIEC guidance, and how they translate into organizational requirements and controls.
  
• Inventory, monitor and report on the set of technology and cybersecurity risk management requirements, as well the control coverage, identifying and escalating risks as appropriate.
  
• Coordinate and execute compliance assessments for risk taking activities and process breakdowns against these organizational technology and cybersecurity risk management requirements, including any planned remediation; ensuring the team has a documented, rationalized and repeatable assessment methodologies.
  
• Perform technology and cybersecurity risk management requirement applicability and impact assessments against business, technology and cyber processes.
  
• Understand and assess the impacts of new laws and regulations and integrate those into compliance management activities.
  
• Work with internal and external stakeholders to develop and/or enhance existing compliance assessment reporting, and draft assessments for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as needed.
  
• Stay current on emerging cyber threats and potential implications to the firm.
  
• Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives.
  

Basic Qualifications:

• A bachelor's degree or military experience
  
• At least 3 years of experience managing, consulting, auditing, or working in the fields of information security, technology, or risk management
  
• At least 3 years of experience developing, evaluating, or implementing cybersecurity, technology or compliance risk assessments
  

Preferred Qualifications:

• At least 4 years of experience in a second-line or oversight role at a financial institution or regulatory agency, to include the development and oversight of risk management metric reporting
  
• Knowledge of supervisory expectations expressed in the FFIEC IT Handbook, Federal Reserve Supervisory Letters, Office of the Comptroller of the Currency Bulletins, and/or Federal Deposit Insurance Corporation Financial Institution Letters
  
• Professional security management certifications, such as a Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
  
• Excellent verbal and written communication skills
  
• Passion and expertise in cybersecurity, with the ability to be provide credible challenge when necessary
  
• Ability to manage multiple projects while maintaining superior results
  
• Ability to work cross-functionally, individually, and to lead work among a team
  
• Execution oriented and a self-motivator
  

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.