Senior Director of Cyber Risk, Remediation & Governance
West Creek 5 (12075), United States of America, Richmond, VirginiaSenior Director of Cyber Risk, Remediation & GovernanceSecurity is essential to what we do at Capital One, from protecting our customers to our associates. As the Senior Director of Cyber Risk, Remediation & Governance - ISO for a line of business, you are a demonstrated leader and passionate about security and risk management. You see security as an enabler and differentiator to enable the business through innovation. You work with the business to understand their goals and objectives and help them meet those goals and objectives in a secure manner with a heavy forward lean on utilization of Public Cloud Services and engineering modern software. At Capital One, you will consult on initiatives, programs, and projects to raise their game in Information Security and Risk Management. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other security groups within Capital One to push the envelope. You will lead a team of dynamic and talented Information Security specialists who want to learn from your experience and skills. Responsibilities: Be a leader at a technology and financial services company Build your team to provide top-notch information security and risk management expertise and guidance Lead a team of Enterprise Risk experts to include the following divisional functions: Cyber Risk Management, Governance & Reporting, Cyber Program Management and Cyber Remediation Liaise with risk partners across various division and enterprise functions including Technology Risk Management and Business Risk Office to advise & report on Cyber Risk posture. Serve as the command center leader for the Financial Services - Information Security Office providing guidance, coordination, risk monitoring, process improvements and ensuring cyber functions are well managed. Serve as a key strategic contributor in all areas of cyber risk management & governance Provide security expertise on prioritizing and managing information security risks and initiatives Provide regular updates to executive leadership on the overall information security health and risk environment Influence customers to help them understand and adequately mitigate cyber risks Effectively communicate, manage and escalate cyber security risk based on robust metrics. Experience implementing CRISC, NIST CSF, RIMS, ISO 31000 or other risk management frameworks About You: You have a desire to work in a very fast moving, forward leaning, modern computing environment You are a Cyber Subject Matter Expert with a solid command of multiple cyber functions with the ability to manage technical security risks. You have a deep passion for prioritizing and managing information security risks and initiatives You have experience in a regulated industry environment and meeting compliance objectives You have a solid understanding of KRI's, KPI's, cyber metrics development & operationalization You have a good understanding of developing & managing lean processes You have a strong desire to continually learn about new technologies & continuous improvement You possess strong critical & conceptual thinking, problem solving skills You are proactive and innovative in your thought process Proven ability to effectively assess & discern important elements amongst large & diverse sets of information Proven ability to effectively present complex information in a impactful & meaningful way that drives effective action & decision making You have strong written & verbal communication skills with effective executive presence. You are driven to build an effective team and communicate your strategic vision You are a demonstrated leader with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including upper management, IT leaders, auditors, and technology vendors You maintain calmness and clarity of thought under pressure and ability to maintain confidentiality You have a deep understanding of strategic business objectives and the ability to drive results toward those objectives You have the ability to describe the risks of a security exposure or vulnerability in business-impact terms Basic Qualifications: Bachelor's degree At least 9 years experience in information technology At least 5 years experience in information security At least 7 years of people leadership experience Preferred Qualifications: 5+ years of experience with IT audits, control implementation, and testing in a Cloud environment (AWS, GCP, Azure) 2+ years experience in the financial services industry 2+ years of experience with Agile methodologies Certified Information Systems Security Professional Certification At this time, Capital One will not sponsor a new applicant for employment authorization for this position.