Principal Associate, Technology Change Oversight

Capital One
Richmond, Virginia
Jun 17, 2021
Jul 14, 2021
Full Time
West Creek 3 (12073), United States of America, Richmond, Virginia

Principal Associate, Technology Change Oversight

Technology Risk Management (TRM) is a growing organization focused on providing expert advice, credible challenge, and effective oversight of information security and technology activities to identify, assess, control, and manage cyber and technology risk throughout the company. This organization plays a critical role in helping to ensure that the company's risk-taking entities are aware of the risks inherent in their activities and decisions, the impact of their actions on the company at an enterprise level, and opportunities to reduce, mitigate, or avoid risks altogether. Associates within the Technology Risk Management organization are highly-skilled information security, cyber, technology, or risk management professionals who have a wealth of experience and a demonstrated ability to provide value-added recommendations and deliver high-impact results in their areas of expertise.

This position - Principal Associate, Technology Risk Oversight - will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes and including but not limited to configuration changes, cloud policy changes, enterprise technology initiatives, cloud services, architectural patterns and capabilities, as well as other areas of high risk technology changes. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities.

As part of the second line of defense, you will work closely with associates in Cyber, Technology, the Lines of Business, and other risk management offices to perform and support evaluations of the firm's risk posture and offer independent advice and recommendations regarding ways to reduce risks.

As a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the firm. The position affords opportunities for substantial growth. The demands and high-visibility nature of this position require an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately.

Essential Functions (Responsibilities) :
  • Serve as primary for TRM in participating in enterprise change advisory board to advise on high risk changes to the technology environment
  • Play a lead role in identifying areas of Technology Change risk to provide oversight, analysis, effective challenge, and risk-informed recommendations and expertise
  • Independently drive the organization's participation in assessing Technology Changes by reviewing all aspects of changes (e.g. testing plans, threat scenarios, applicable controls, risk mitigating, scope, rollout plans, etc..) focusing on Technology Risks related to technical implementation, controls, testing, and architecture concepts
  • Review and credibly challenge high risk production changes by partnering with Technology teams for risk identification / mitigation
  • Provide technical assessments of Capital One's Technology Changes and Change Management Processes to identify identify, assess, and communicate Technology and Cyber risk
  • Review and credibly challenge high risk production changes by partnering with Technology teams for risk identification / mitigation
  • Draft assessments for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as needed
  • Stay current on emerging technology & cyber trends and potential implications to the firm
  • Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives

Basic Qualifications:
  • A bachelor's degree or military experience
  • At least 5 years of experience consulting, auditing, or working in the fields of information security or information technology
  • At least 1 years experience with Public Cloud implementations
  • At least 1 year of experience drafting reports or analytic assessments for senior management

Preferred Qualifications:
  • Professional security management certifications; e.g. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC)
  • A master's degree
  • Hands on experience in a Technology Operations role (e.g. Infrastructure, Networking, Software)
  • Experience in a second-line or oversight role at a financial institution or regulatory agency
  • Knowledge of supervisory expectations expressed in the FFIEC IT Handbook, Federal Reserve Supervisory Letters, Office of the Comptroller of the Currency Bulletins, and/or Federal Deposit Insurance Corporation Financial Institution Letters
  • Familiarity with controls and control frameworks (e.g. NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT, etc.)
  • Excellent verbal and written communication skills
  • Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate
  • Passion and expertise in cybersecurity, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions
  • Ability to manage multiple projects while maintaining superior results
  • Ability to work cross-functionally, individually, and to lead work among a team
  • Execution oriented and a self-motivator

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.