|
Senior Manager, Cyber Risk and Analysis - Boston Massachusetts
Company: Capital One Location: Boston, Massachusetts
Posted On: 04/26/2024
West Creek 1 (12071), United States of America, Richmond, VirginiaSenior Manager, Cyber Risk and AnalysisAt Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other teams within Capital One to push the envelope. The associate in this role will provide leadership, risk management, and controls expertise to the Card Technology top of house organization from a Cyber and Technology lens. In part, this position will lead first line quality assurance control execution, evaluation of control design and operating effectiveness, and help propel the Card organization toward preventive and automated controls management. - Additionally, you will collaborate closely with associates in our cyber and broader technology organization, as well as enterprise risk management to evaluate Card's compliance in the effectiveness of the company's technology controls infrastructure, and offer independent advice and recommendations regarding ways to further mature the division's technology risk management capabilities. You will challenge and innovate within the Divisional teams and with our Enterprise Cyber & Risk partners to drive process improvements, automation, and to elevate controls program efficiency. Security is essential to what we do here, from protecting our customers to our associates. - -Responsibilities: - Design a risk management framework enabling line of sight and governance to both processes and platforms
- Serve as a liaison, interfacing with business partners, Tech, and other assurance functions, such as risk management and cyber to drive meaningful reductions in risk
- Synthesize data and reporting; perform analysis and bring valuable insights through evaluation of data provided by team analysts
- Proactively identify information security risk and partner with key stakeholders to reduce or eliminate risk
- Impeccable written and oral communication credentials, coupled with strategic influencing skills -
- Assess and rationalize control appropriateness, and glean insights from issues and events across tech
- Provide technical assessments of technology control design and effectiveness by advising on/performing independent testing when necessary
- Participate in management of the overall technology control inventory which defines the scope of the controls review program
- Collaborate internally and with our risk community (e.g. risk managers, risk leads, IRM groups, business risk offices, front line process owners) to mature our risk event practice methodologies and advance learning -About You:
- You have a desire to work in a very fast moving, forward leaning, and modern computing environment
- You are a thoughtful leader with focus on people development
- You have a strong desire to continually learn about new technologies
- You possess strong conceptual thinking and communication skills
- You are able to work well under minimal supervision
- You are a demonstrated team-oriented professional with interpersonal skills and the ability to interface effectively with a broad range of people and roles, including upper management, IT leaders, and external third parties
- You maintain calmness and clarity of thought under pressure and ability to maintain confidentiality
- You demonstrate strong ability to analyze information and data
- You demonstrate strong subject matter expertise and sound judgment when analyzing third party risk
- You operate in a collaborative manner to effectively assess risk while maintaining business relationships
- You develop and communicate quality recommendations to key stakeholders
- You communicate technical issues to non-technical people
- You demonstrate collaborative partnership skills for working with various points of contacts
- You demonstrate capacity to think broadly but go deep into subject matter when needed
- You have a deep understanding of strategic business objectives and the ability to drive results toward those objectivesBasic Qualifications:
- High School Diploma, GED, or equivalent certification
- At least 8 years of experience with technology or cyber security risk management frameworks
- At least 5 years of experience developing, evaluating, or implementing cybersecurity, technology, or risk assessment activitiesPreferred Qualifications:
|
|