SENIOR MANAGER, METHODOLOGIES AND PRACTICES, TECHNOLOGY RISK MANAGEMENT
Company: Capital One
Location: East Rutherford
Posted on: November 1, 2024
|
|
Job Description:
West Creek 3 (12073), United States of America, Richmond,
VirginiaSenior Manager, Methodologies and Practices, Technology
Risk Management Capital One is one of the fastest growing
organizations in the world today, powered by our passion for our
customers. We are serious about technology, we dream big, and we
execute: Capital One moved our entire enterprise to the public
cloud over the course of five years. Just as we prioritize driving
innovation through technology, we equally prioritize cybersecurity,
reliability, and managing technology risk. For years, the
cybersecurity community has debated whether the CISO should report
to the CIO or not. In regulated financial services, the answer is:
both. The first-line CISO has operational responsibilities and
reports to the CIO. The second-line Chief Tech Risk Officer (CTRO)
and the Technology Risk Management (TRM) organization have broader
responsibilities for cybersecurity but also reliability, software
quality, resilience, and other technology risks. The CTRO is
independent, reports to the Chief Risk Officer, and oversees the
work of the CISO and the CIO.Technology Risk Management (TRM) is a
small organization that packs a big punch. The -100 professionals
in TRM are trusted experts who oversee -14,000 developers at
Capital One. We raise the bar for excellence in cybersecurity,
reliability, and tech risk. We shape strategy and decisions,
challenge activities to ensure they meet our standards, and perform
independent tests of our security and technology risk.Our business
leaders must make technology decisions constantly. TRM makes sure
they have the tech risk information they need to make good
decisions. Associates within TRM are highly-skilled information
security, cybersecurity, site reliability engineering, technology,
and risk management professionals. They have a wealth of experience
and a demonstrated ability to add value with their advice and to
deliver high-impact results.This position - Senior Manager, Cyber
Risk and Analysis - will play a high impact role in enhancing the
methodology and practices for how the organization assesses
cybersecurity and technology risk. This includes leading
enhancements to the risk taxonomy, further developing and
socializing the assessment methodology, championing adoption of
risk quantification practices, and advocating for new practices
with our first and second line partners. It will be critical for
this role to provide expert guidance and mentorship across TRM,
foster strong working relationships with other 2nd Line groups,
identify areas for improvement and be able to influence the broader
enterprise risk frameworks to reflect technology/cyber risk
considerations.As a member of a growing organization, you are
expected to shape and further refine the risk program, and will
have the opportunity to operate with both autonomy and empowerment
from senior leadership. The successful candidate will be a seasoned
leader with strong practical knowledge of risk frameworks and risk
assessment methodologies applied to technology/cyber risk, who can
think strategically and make data-driven decisions, who is
intellectually curious, and who thrives driving change.Desired
Outcomes:Challenge and reinvent the methodology that the 1st and
2nd Lines of Defense will use to measure cybersecurity and
technology risk within the existing ERM framework, including
control efficacyResearch and develop data-driven assessment
practices that will facilitate deeper risk conversations and
surface insights in support of strategic decision-makingEvaluate
and standardize various risk scoring methods for tech/cyber domains
across the enterpriseStandardize the approach for TRM to prioritize
the assessment scope to best focus our team on the areas of the
greatest impact Evolve the existing risk, process, control
taxonomies to succinctly frame emerging threats and risksDistill
complex risk, process, and control relationships into simple
designs and solutionsIntroduce forward-looking risk
measuresDemonstrate tech/cyber risk measurement advocacy and
thought leadership, and train and mentor peers and executives
across the enterprise to enable adoption of more modern analysis
and assessment techniquesConstructively debate trade-offs between
different assessment approaches with other 2nd Line and 1st Line
partnersOrganize, develop content for and lead workshops to test
new ideas and to facilitate risk analysis and measurementMentor
peers to meet their professional development goalsBasic
Qualifications:Bachelor's degree or military experienceAt least 6
years of experience managing, consulting, or auditing in the fields
of risk management, information security or technologyAt least 5
years of experience developing and implementing industry risk
frameworks, quantitative analysis, tools, and methodologies (COSO
Framework, quantitative analysis, Factor Analysis Information Risk
(FAIR), Process, Risk & Control (PRC) library), or assessment
methodologies (Risk and Control Self Assessment (RCSA), scenario
analysis, new initiative risk assessments)Professional security
management certification (Open FAIR, Certified Information Systems
Security Professional (CISSP), Certified Informations Systems
Auditor (CISA), or Certified in Risk and Information Systems
Control (CRISC))Preferred Qualifications:Master's degreeCritical
analytical thinker, including the ability to express a point of
view supported by data (with both technical and non-technical
audiences)Excellent communication and teaching skills, proven
record teaching complex concepts to large audiences. Strong
influencing and persuasion skillsRaises concerns early and knows
when to escalate, including the ability to raise issues and
facilitate constructive problem-solving at all levels of the
organizationPassion and expertise in technology and cybersecurity
domains, with an ability to be confident, respectful, and
articulate when registering dissenting or unpopular
opinionsExperience implementing risk quantification
frameworksAbility to collaborate effectively with colleagues,
stakeholders, and leaders across multiple organizations to get
consensus, socialize strategy, and achieve objectivesAbility to
manage multiple parallel initiatives while maintaining superior
resultsExecution oriented and a self-motivatorPersonal resilience -
the ability to stay optimistic and keep people focused during
crises or times of changeExperience in a second-line or oversight
role at a financial institution or regulatory agencyKnowledge of
supervisory expectations expressed in the Federal Financial
Institutions Examination Council (FFIEC) IT Handbook, Federal
Reserve Supervisory Letters, Office of the Comptroller of the
Currency Bulletins, and/or Federal Deposit Insurance Corporation
Financial Institution LettersAt this time, Capital One will not
sponsor a new applicant for employment authorization for this
position.The minimum and maximum full-time annual salaries for this
role are listed below, by location. Please note that this salary
information is solely for candidates hired to perform work within
one of these locations, and refers to the amount Capital One is
willing to pay at the time of this posting. Salaries for part-time
roles will be prorated based upon the agreed upon number of hours
to be regularly worked.New York City (Hybrid On-Site): $199,100 -
$227,200 for Sr. Manager, Cyber Risk & AnalysisCandidates hired to
work in other locations will be subject to the pay range associated
with that location, and the actual annualized salary amount offered
to any candidate at the time of hire will be reflected solely in
the candidate's offer letter.This role is also eligible to earn
performance based incentive compensation, which may include cash
bonus(es) and/or long term incentives (LTI). Incentives could be
discretionary or non discretionary depending on the plan.Capital
One offers a comprehensive, competitive, and inclusive set of
health, financial and other benefits that support your total
well-being. Learn more at the Capital One Careers website.
Eligibility varies based on full or part-time status, exempt or
non-exempt status, and management level.This role is expected to
accept applications for a minimum of 5 business days.No agencies
please. Capital One is an equal opportunity employer committed to
diversity and inclusion in the workplace. All qualified applicants
will receive consideration for employment without regard to sex
(including pregnancy, childbirth or related medical conditions),
race, color, age, national origin, religion, disability, genetic
information, marital status, sexual orientation, gender identity,
gender reassignment, citizenship, immigration status, protected
veteran status, or any other basis prohibited under applicable
federal, state or local law. Capital One promotes a drug-free
workplace. Capital One will consider for employment qualified
applicants with a criminal history in a manner consistent with the
requirements of applicable laws regarding criminal background
inquiries, including, to the extent applicable, Article 23-A of the
New York Correction Law; San Francisco, California Police Code
Article 49, Sections 4901-4920; New York City's Fair Chance Act;
Philadelphia's Fair Criminal Records Screening Act; and other
applicable federal, state, and local laws and regulations regarding
criminal background inquiries.If you have visited our website in
search of information on employment opportunities or to apply for a
position, and you require an accommodation, please contact Capital
One Recruiting at 1-800-304-9102 or via email at
RecruitingAccommodation@capitalone.com. All information you provide
will be kept confidential and will be used only to the extent
required to provide needed reasonable accommodations.For technical
support or questions about Capital One's recruiting process, please
send an email to Careers@capitalone.comCapital One does not
provide, endorse nor guarantee and is not liable for third-party
products, services, educational tools or other information
available through this site.Capital One Financial is made up of
several different entities. Please note that any position posted in
Canada is for Capital One Canada, any position posted in the United
Kingdom is for Capital One Europe and any position posted in the
Philippines is for Capital One Philippines Service Corp.
(COPSSC).
Keywords: Capital One, West Orange , SENIOR MANAGER, METHODOLOGIES AND PRACTICES, TECHNOLOGY RISK MANAGEMENT, IT / Software / Systems , East Rutherford, New Jersey
Click
here to apply!
|