Information Security Office (ISO) Product Security Risk Manager - Principal Associate
Company: Capital One
Location: Fredericksburg
Posted on: November 12, 2024
Job Description:
Center 3 (19075), United States of America, McLean,
VirginiaInformation Security Office (ISO) Product Security Risk
Manager - Principal AssociateCapital One is one of the fastest
growing organizations in the world today. The growth of the
business is being accelerated by leveraging innovative and emerging
technologies. We are serious about technology, we dream big, and we
execute: Capital One moved our entire enterprise to the public
cloud over the course of five years, fully exiting our data
centers. Just as we prioritize driving innovation through
technology, we equally prioritize cybersecurity and managing
technology risk. -Cybersecurity Risk professionals at Capital One
are trusted expert advisers who shape decisions, challenge
activities to ensure they meet our standards, and generally oversee
technology, -cybersecurity, and information security risk across
the business and the central technology organization.Cybersecurity
risk and analysis plays a critical role in ensuring that the
company's risk-taking entities are aware of the risks inherent in
their activities and decisions, the impact of their actions on the
company at an enterprise level, and opportunities to reduce,
mitigate, or avoid the risks altogether. Associates are
highly-skilled and have a wealth of experience and a demonstrated
ability to provide value added recommendations and deliver
high-impact results in the cybersecurity domain areas.As an
associate in Capital One's Cyber Information Security Office, you
will work with top talent in an entrepreneurial environment to
solve problems and drive solutions to help the company reduce cyber
risk. You will work with smart and passionate people to deliver
results that have a direct impact on the company's cyber risk
portfolio. You will be challenged to excel alongside the brightest
talent in the industry and be rewarded for your achievements. The
demands and high-visibility nature of this position require an
expert with a proven ability to work independently in a fast-paced
environment and who can begin contributing immediately.Job
Responsibilities:
- Analyze and interpret industry standards, regulations, and best
practices to develop risk management tooling to identify cyber risk
trends, gap analysis, or maturity opportunities
- Normalize and translate cyber risks at the organizational level
to support a fully integrated, prioritized, enterprise-wide view of
organizational risks to drive strategic and business decisions
- Using risk profiles and dynamic reporting mechanisms,
cybersecurity risk information is incorporated into the
organization's enterprise risk management program and utilized to
provide a fully integrated, prioritized, enterprise-wide view of
organizational risks to drive strategic and business decisions
- Help to enhance cyber risk management processes across Capital
One by providing thought leadership, oversight, and coordination
with other risk management activities across the company
- Aggregate and evaluate risks, develop and maintain a risk
register, perform risk analysis and quantification to enumerate top
risks and provide risk reporting
- Perform operational cyber risk assessments, identifying
inherent risks, determining control suite effectiveness, and
residual risk
- Analyze information to proactively identify risks, trends, and
process improvements; supporting reporting on risk topics to
management
- Assist and drive project and program delivery, including
project and process management, reporting, engagement in senior
leadership meetings, drafting and reviewing materials for senior
management and the Board of directors, and other governance
activities
- Build successful relationships with Tech, Cyber, and Enterprise
Risk to understand the impact of cyber risk on business
processes
- Participate in risk and other management forums and contribute
to continuous improvement of risk and project or program management
practicesCandidates for this role will have:
- Deep understanding of risk management principles, expertise in
assessing cybersecurity controls, and a strong technical
background
- Experience in risk evaluation or assessment methodologies, risk
analysis, and risk reporting
- Self prioritize and effectively plan your own work activities
managing multiple priorities and tasks across the team to deliver
quality results. Proactively take on additional work to support the
team when possible
- Establish and maintain good working relationships during
engagement. Effectively communicate information and project process
to team and other stakeholders involved
- Advanced skill presenting findings, conclusions, alternatives,
and information clearly and conciselyBasic Qualifications:
- High School Diploma, GED, or equivalent certification
- At least 3 years of experience in project management leading
cross functional projects in Risk
- At least 3 years of experience with Risk Management Frameworks
(RMF)
- At least 3 years of experience in cybersecurity, risk, or
technology industry standards (ISO 27001, NIST CSF and 800 series,
MITRE ATTACK, MITRE DEFEND, FFIEC, COBIT, PCI-DSS, or FAIR)
- At least 3 years of experience developing, evaluating, or
implementing cybersecurity, information technology, or risk
assessment activitiesPreferred Qualifications:
- Bachelor's Degree
- 1+ years of experience with cloud risk, governance, control,
and security
- CISA, CISM, CRISC, or CISSP CertificationAt this time, Capital
One will not sponsor a new applicant for employment authorization,
or offer any immigration related support for this position (i.e.
H1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN, or another type of
work authorization).Capital One offers a comprehensive,
competitive, and inclusive set of health, financial and other
benefits that support your total well-being. Learn more at the -.
Eligibility varies based on full or part-time status, exempt or
non-exempt status, and management level.This role is expected to
accept applications for a minimum of 5 business days.No agencies
please. Capital One is an equal opportunity employer committed to
diversity and inclusion in the workplace. All qualified applicants
will receive consideration for employment without regard to sex
(including pregnancy, childbirth or related medical conditions),
race, color, age, national origin, religion, disability, genetic
information, marital status, sexual orientation, gender identity,
gender reassignment, citizenship, immigration status, protected
veteran status, or any other basis prohibited under applicable
federal, state or local law. Capital One promotes a drug-free
workplace. Capital One will consider for employment qualified
applicants with a criminal history in a manner consistent with the
requirements of applicable laws regarding criminal background
inquiries, including, to the extent applicable, Article 23-A of the
New York Correction Law; San Francisco, California Police Code
Article 49, Sections 4901-4920; New York City's Fair Chance Act;
Philadelphia's Fair Criminal Records Screening Act; and other
applicable federal, state, and local laws and regulations regarding
criminal background inquiries.If you have visited our website in
search of information on employment opportunities or to apply for a
position, and you require an accommodation, please contact Capital
One Recruiting at 1-800-304-9102 or via email at . All information
you provide will be kept confidential and will be used only to the
extent required to provide needed reasonable accommodations.For
technical support or questions about Capital One's recruiting
process, please send an email to Capital One does not provide,
endorse nor guarantee and is not liable for third-party products,
services, educational tools or other information available through
this site.Capital One Financial is made up of several different
entities. Please note that any position posted in Canada is for
Capital One Canada, any position posted in the United Kingdom is
for Capital One Europe and any position posted in the Philippines
is for Capital One Philippines Service Corp. (COPSSC).
Keywords: Capital One, Washington DC , Information Security Office (ISO) Product Security Risk Manager - Principal Associate, Education / Teaching , Fredericksburg, DC
Didn't find what you're looking for? Search again!
Loading more jobs...