7900 Westpark Drive (12131), United States of America, Tysons, Virginia
Sr. Manager/Manager, IT Governance and Risk Management
We are looking for driven individuals with proven leadership experience to join our team of passionate engineers to create Capital One's next generation of services. Our team lives on the bleeding edge of technology, working directly with world-class engineers to operationalize new ways of working by innovating processes, data analytics, and automating tasks. This role will be responsible for managing potential areas of public cloud based infrastructure risk and continue to enhance the IT risk management process across Capital One. This role is responsible for the execution and oversight of assessments for public cloud engineering platforms, Software as a Service, Platform as a Service, business applications, and 3rd party vendors. You will create and track risk treatment plans or policy exceptions where risks have been identified. You will monitor industry best practices to ensure the company maintains a risk-based approach to its infrastructure practices. The Sr. Manager/Manager of IT Governance and Risk Management will be responsible for presenting identified risks and their control plans to the Capital One leadership team.
The Sr. Manager/Manager of IT Governance and Risk Management must be comfortable in communicating across a global business and amongst all management levels and have worked in a lead security role with a particular focus on risk analysis.
- Identify and manage existing and potential information security risks that can affect Capital One.
- Provide direction on the continued development and maintenance of the Control Framework within the Enterprise Compliance management system including policies, standards, risks, issues, controls, and procedures.
- Work closely with key divisions responsible for federated control management in the development and maintenance of such compliance items while ensuring compliance with all company, regulatory and legal requirements.
- Recommend enhancements and changes to existing policies, controls, and standards based upon the evolving operating and threat landscape.
- Assist in security due diligence and integration for Capital One 3rd parties, acquisitions and partnerships.
- Work with Application & Infrastructure Security personal to conduct regular risk assessments, and advise on acceptable levels of risk.
- Assist in the creation and tracking of risk treatment plans, including the creation of policy exceptions where necessary.
- Communicate risk posture and metrics to senior management and business units as required.
- Bachelor’s degree or military experience
- At least 4 years experience in an IT Risk Management, IT Governance, Information Security, or Compliance role
- At least 2 years experience with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS) solutions
- At least 2 years experience with traditional on-premises computing platforms (operating systems, databases, storage/backup devices, or virtualization)
- At least 2 years experience with industry-recognized risk management frameworks and regulatory standards (NIST, ISO2700x, PCI, or SSAE16)
- At least 2 years experience with infrastructure security tools, designs, and best practices
- Industry-recognized certifications in security, risk management, and/or governance (i.e. CISSP, CISM, CRISC, CGEIT, SANS GIAC)
- 2+ years experience in an Agile and DevOps environment.
- 2+ years experience with RSA Archer eGRC Platform service tools or good expertise in similar IT GRC platforms.
- 2+ years experience with technical management of 3rd party vendor relationships
- 2+ years experience in a financial institution or technology company
At this time, Capital One will not sponsor a new applicant for employment authorization for this position.