Director, Technology Risk Controls Program - Enterprise Service Risk

Employer
Capital One
Location
Richmond, Virginia
Posted
Apr 08, 2021
Closes
May 08, 2021
Ref
R109854
Function
Finance
Hours
Full Time
West Creek 4 (12074), United States of America, Richmond, Virginia

Director, Technology Risk Controls Program - Enterprise Service Risk

As a Director in the Technology Risk Controls Program in Capital One's Enterprise Services Risk team you will be responsible for working with technology, cyber, and other teams in both the first and second lines of defense to identify and consult on potential risks to Capital One, applying your risk or process management and analytical skills to help Enterprise Services continue to drive well-managed risk activities. If you are curious and eager to learn new things, love problem solving, have a deep reverence for risk and process management and love to have fun at work, this may be the role for you!

Risk Management Directors at Capital One are highly motivated risk and process management professionals with excellent analytical, organizational, and communication skills. These skills allow the Director to gain insights, and act as a change agent to influence their business partners. As Capital One evolves to meet the ever-changing technology landscape, so do our risk managers. A successful risk and process manager operates from a foundation of knowledge about the Line of Business with whom they are working, laws, regulations, processes and associated controls, and good risk management practices. They are forward thinking, quick to adapt, and technologically adept.

Directors have a high level of exposure across lines of business and have the opportunity to work with executives to create and implement innovative solutions to appropriately manage risks within Enterprise Services.

The ideal candidate will be a highly-motivated risk or process management professional with excellent process improvement and communication skills. The candidate will be detail-oriented and results focused, and will have a proven record of problem solving and collaborating with others, including direct and indirect leadership positions.

Responsibilities:
  • Leads a blended team of internal and external risk professionals as they perform IT General Controls testing across a broad range of technology functions, including:
    • Software Development Life Cycle (SDLC)
    • Identity & Access Management
    • IT Asset Management
    • Network & Perimeter Security
    • Cloud & Infrastructure Security
    • Vulnerability Management
    • Data Loss Prevention

  • Analyze control testing results identified by testing teams, ensuring testing documentation is sufficient to support control conclusions, meets enterprise testing standards, and is recorded properly in the team's testing repository.
  • Evaluate control deficiencies by performing root cause analysis, develop short- and long-term remediation plans, and provide guidance to control owners on best practices to ensure remediation implementation mitigates the risks identified in testing.

  • Participate in Technology Control test planning exercises, in order to align testing commitments with staffing availability, team skills, development opportunities, and in line with regulatory commitments on timing and quality.

  • Respond to inquiries from 2nd Line of Defense and Internal Audit on methodology, approach, and conclusions reached during testing in a manner that is defensible, credible, and consistent with industry standards and regulatory expectations.

  • Helps to enhance technology and cybersecurity risk identification and assessment processes across Capital One by providing thought leadership, oversight, and coordination with other risk management activities across the company.

  • Supports development of content in response to Internal Audit and Regulatory agencies related to controls testing results, trends, and thematic analysis.

  • Analyzes testing information to proactively identify risks, trends, and process improvements; supports reporting on risk topics to management

  • Assists and drives project and program delivery, including project and process management, reporting, facilitation of senior leadership meetings, drafting and reviewing materials for senior management and the Board of directors, and other governance activities.


Basic Qualifications:
  • Bachelor's Degree or Military experience
  • At least 7 years of risk management, compliance, regulatory, audit, or legal experience
  • At least 7 years of process or project management experience
  • At least 7 years of information technology or cybersecurity experience


Preferred Qualifications:
  • A8 years of experience in information technology or cybersecurity
  • 8 years of experience in responding to and interacting with internal audit or regulatory agencies
  • People leadership experience
  • Experience in controls development, controls management, and reporting activities
  • Certified in Risk & Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA), or Certified Information Security Manager (CISM)


At this time, Capital One will not sponsor a new applicant for employment authorization for this position.