Information Security Office (ISO) Product Security Risk Manager
Company: Capital One
Location: Fredericksburg
Posted on: November 12, 2024
Job Description:
Center 3 (19075), United States of America, McLean,
VirginiaInformation Security Office (ISO) Product Security Risk
ManagerCapital One is one of the fastest growing organizations in
the world today. The growth of the business is being accelerated by
leveraging innovative and emerging technologies. We are serious
about technology, we dream big, and we execute: Capital One moved
our entire enterprise to the public cloud over the course of five
years, fully exiting our data centers. Just as we prioritize
driving innovation through technology, we equally prioritize
cybersecurity and managing technology risk. -Cybersecurity Risk
professionals at Capital One are trusted expert advisers who shape
decisions, challenge activities to ensure they meet our standards,
and generally oversee technology, -cybersecurity, and information
security risk across the business and the central technology
organization.Cybersecurity risk and analysis plays a critical role
in ensuring that the company's risk-taking entities are aware of
the risks inherent in their activities and decisions, the impact of
their actions on the company at an enterprise level, and
opportunities to reduce, mitigate, or avoid the risks altogether.
Associates are highly-skilled and have a wealth of experience and a
demonstrated ability to provide value added recommendations and
deliver high-impact results in the cybersecurity domain areas.As an
associate in Capital One's Cyber Information Security Office, you
will work with top talent in an entrepreneurial environment to
solve problems and drive solutions to help the company reduce cyber
risk. You will work with smart and passionate people to deliver
results that have a direct impact on the company's cyber risk
portfolio. You will be challenged to excel alongside the brightest
talent in the industry and be rewarded for your achievements. The
demands and high-visibility nature of this position require an
expert with a proven ability to work independently in a fast-paced
environment and who can begin contributing immediately.Job
Responsibilities:
- Analyze and interpret industry standards, regulations, and best
practices to develop risk management tooling to identify cyber risk
trends, gap analysis, or maturity opportunities
- Normalize and translate cyber risks at the organizational level
to support a fully integrated, prioritized, enterprise-wide view of
organizational risks to drive strategic and business decisions
- Using risk profiles and dynamic reporting mechanisms,
cybersecurity risk information is incorporated into the
organization's enterprise risk management program and utilized to
provide a fully integrated, prioritized, enterprise-wide view of
organizational risks to drive strategic and business decisions
- Help to enhance cyber risk management processes across Capital
One by providing thought leadership, oversight, and coordination
with other risk management activities across the company
- Aggregate and evaluate risks, develop and maintain a risk
register, perform risk analysis and quantification to enumerate top
risks and provide risk reporting
- Perform operational cyber risk assessments, identifying
inherent risks, determining control suite effectiveness, and
residual risk
- Analyze information to proactively identify risks, trends, and
process improvements; supporting reporting on risk topics to
management
- Assist and drive project and program delivery, including
project and process management, reporting, engagement in senior
leadership meetings, drafting and reviewing materials for senior
management and the Board of directors, and other governance
activities
- Build successful relationships with Tech, Cyber, and Enterprise
Risk to understand the impact of cyber risk on business
processes
- Participate in risk and other management forums and contribute
to continuous improvement of risk and project or program management
practicesCandidates for this role will have:
- Deep understanding of risk management principles, expertise in
assessing cybersecurity controls, and a strong technical
background
- Experience in risk evaluation or assessment methodologies, risk
analysis, and risk reporting
- Self prioritize and effectively plan your own work activities
managing multiple priorities and tasks across the team to deliver
quality results. Proactively take on additional work to support the
team when possible
- Establish and maintain good working relationships during
engagement. Effectively communicate information and project process
to team and other stakeholders involved
- Advanced skill presenting findings, conclusions, alternatives,
and information clearly and conciselyBasic Qualifications:
- High School Diploma, GED, or equivalent certification
- At least 4 years of experience in project management leading
cross functional projects in Risk
- At least 4 years of experience with Risk Management Frameworks
(RMF)
- At least 4 years of experience in cybersecurity, risk, or
technology industry standards (ISO 27001, NIST CSF and 800 series,
MITRE ATTACK, MITRE DEFEND, FFIEC, COBIT, PCI-DSS, or FAIR)
- At least 4 years of experience developing, evaluating, or
implementing cybersecurity, information technology, or risk
assessment activitiesPreferred Qualifications:
- Bachelor's Degree
- 2+ years of experience with cloud risk, governance, control,
and security
- CISA, CISM, CRISC, or CISSP CertificationAt this time, Capital
One will not sponsor a new applicant for employment authorization,
or offer any immigration related support for this position (i.e.
H1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN, or another type of
work authorization).Capital One offers a comprehensive,
competitive, and inclusive set of health, financial and other
benefits that support your total well-being. Learn more at the -.
Eligibility varies based on full or part-time status, exempt or
non-exempt status, and management level.This role is expected to
accept applications for a minimum of 5 business days.No agencies
please. Capital One is an equal opportunity employer committed to
diversity and inclusion in the workplace. All qualified applicants
will receive consideration for employment without regard to sex
(including pregnancy, childbirth or related medical conditions),
race, color, age, national origin, religion, disability, genetic
information, marital status, sexual orientation, gender identity,
gender reassignment, citizenship, immigration status, protected
veteran status, or any other basis prohibited under applicable
federal, state or local law. Capital One promotes a drug-free
workplace. Capital One will consider for employment qualified
applicants with a criminal history in a manner consistent with the
requirements of applicable laws regarding criminal background
inquiries, including, to the extent applicable, Article 23-A of the
New York Correction Law; San Francisco, California Police Code
Article 49, Sections 4901-4920; New York City's Fair Chance Act;
Philadelphia's Fair Criminal Records Screening Act; and other
applicable federal, state, and local laws and regulations regarding
criminal background inquiries.If you have visited our website in
search of information on employment opportunities or to apply for a
position, and you require an accommodation, please contact Capital
One Recruiting at 1-800-304-9102 or via email at . All information
you provide will be kept confidential and will be used only to the
extent required to provide needed reasonable accommodations.For
technical support or questions about Capital One's recruiting
process, please send an email to Capital One does not provide,
endorse nor guarantee and is not liable for third-party products,
services, educational tools or other information available through
this site.Capital One Financial is made up of several different
entities. Please note that any position posted in Canada is for
Capital One Canada, any position posted in the United Kingdom is
for Capital One Europe and any position posted in the Philippines
is for Capital One Philippines Service Corp. (COPSSC).
Keywords: Capital One, Wheaton-Glenmont , Information Security Office (ISO) Product Security Risk Manager, Executive , Fredericksburg, Maryland
Didn't find what you're looking for? Search again!
Loading more jobs...