Tech Risk Advisor, Technology Risk Manager
Company: Capital One
Location: Hartford
Posted on: September 21, 2023
Job Description:
Center 3 (19075), United States of America, McLean, VirginiaTech
Risk Advisor, Technology Risk Manager -Capital One is one of the
fastest growing organizations in the world today. The growth of the
business is being accelerated by leveraging innovative and emerging
technologies. We are serious about technology, we dream big, and we
execute: Capital One moved our entire enterprise to the public
cloud over the course of five years, fully exiting our data
centers. Just as we prioritize driving innovation through
technology, we equally prioritize cybersecurity and managing
technology risk. -Technology Risk Management (TRM) is a small
organization that packs a big punch. TRM is a second line
organization, which means it is independent and reports up through
the Chief Risk Officer. The roughly ninety professionals in TRM are
trusted expert advisers who shape decisions, challenge activities
to ensure they meet our standards, and generally oversee technology
and information security risk across the business and the central
technology organization. TRM plays a critical role in helping to
ensure the company's risk-taking entities are aware of the risks
inherent in their activities and decisions, the impact of their
actions at an enterprise level, and opportunities to reduce,
mitigate, or avoid the risks altogether. - -This position - Tech
Risk Advisor, Technology Risk Manager - which sits under
Governance, Risk Identification, and Testing (GRIT) tower within
TRM - will play a key role in the organization's second line of
defense risk identification program by providing expertise in
assessing and enhancing the organization's cybersecurity and
technology risk posture and supporting the identification and
assessment of enterprise-level technology and cybersecurity risks.
As part of the second line of defense, you will collaborate closely
with associates in cybersecurity, technology, the lines of
business, and other risk management offices in the various lines of
business, to perform and support evaluations of the firm's risk
posture and offer independent advice and value-add recommendations
regarding ways to reduce risks. Having the ability to understand
and translate data-driven analysis, business drivers, initiatives
and priorities into technology and cybersecurity risks is critical
to ensure proper advising to business stakeholders. While a strong
foundation of technology, cybersecurity, and risk management
expertise is required to support core assessment responsibilities,
being able to engage as a trusted business risk advisor to deliver
high-impact results in their area(s) of expertise is a core
expectation for the role. -A strong candidate is passionate and
proficient in technology/cyber risk, industry, and regulatory
trends, who is intellectually curious and stays current on emerging
cyber threats, technologies, and potential implications for the
company. This candidate has a team-first attitude and is
comfortable building relationships and collaborating with the team
and other partners and stakeholders to get the work done. This
candidate is execution oriented, a self-motivator in an ambiguous
environment, can manage multiple projects while maintaining
superior results, can successfully work in a fast-paced
environment, and is able to quickly come up to speed with the
business and technology environments with which they will be
working. This candidate also will have excellent verbal and written
communication skills (tailored to the audience) and can concisely
and logically explain complex/technical topics.Essential Functions
(Responsibilities): -
- Core Assessment Responsibilities -
- Perform the review and effective challenge of technology and
cybersecurity risks through first-line assessment activities (i.e.,
Division and Business Unit risk and control self assessment
activities, - Process Level Assessments), to include providing
expertise and advice on risk themes and mitigating activities
-
- Perform the review and effective challenge of technology and
cybersecurity risks through first-line change-drive assessment
activities (i.e., new, expanded, or modified products and
services)
- Perform review and effective challenge of the completeness of
the first-line annual critical business process (CBP) inventory
-
- Monitor, report, and escalate first-line's cybersecurity and
technology metric performance, identify changes or trends in the
risk profile, draft relevant commentary, and brief senior
management
- Develop reports to support assessment results and present these
results to the team, business executives, and other stakeholders
- Advisory/Team Responsibilities -
- Be a trusted advisor and guide/drive effective and relevant
Tech and Cyber risk conversations with Line of Business leadership
and their teams (e.g., aligning to or providing insights in support
of strategic priorities or objectives for the business, increasing
risk accountability, etc.)
- Support and contribute in discussions to enable the
identification, assessment, management, and reporting of key
technology and security risks and control related issues
- Communicate in a compelling manner, with a strong point of
view, to any audience, including internal and external stakeholders
-
- Navigate regulatory and compliance requirements as an
approachable and effective partner to develop solutions in response
to Line of Business focus areas
- Collaborate effectively and build trusted relationships with
colleagues, stakeholders, and leaders across multiple organizations
to achieve objectives. - -
- Coordinate project-related activities and deliverables to
ensure effective collaboration, teamwork, and influence with and
beyond the immediate team and across stakeholder groups.
- Operate a continuous improvement approach by reviewing and
challenging the design and operation of processes -
- Support assessments for senior management and other
stakeholders, to include regulatory agencies and the Board of
Directors, as needed.Basic Qualifications:
- Bachelor's degree or military experience
- At least 5 years of experience managing, or consulting, or
auditing
- At least 5 years of experience working in the fields of
information security, or technology, or risk management
- At least 5 years of experience with cybersecurity or technology
risk assessments
- Professional Security Certification or Professional Risk
Management Certification (Certified Information Systems Security
Professional (CISSP), or Certified Informations Systems Auditor
(CISA), or Certified Information Security Manager (CISM), or
Certified in Risk and Information Systems Control (CRISC), or Open
FAIR Certified)Preferred Qualifications:
- Master's degree
- At least 5 years of experience in a second-line or oversight
role at a financial institution or regulatory agency
- Knowledge of supervisory expectations expressed in the Federal
Financial Institutions Examination Council (FFIEC) IT Handbook, or
Federal Reserve Supervisory Letters, or Office of the Comptroller
of the Currency Bulletins, or Federal Deposit Insurance Corporation
Financial Institution Letters
- Knowledge of, or experience working with agile methodology and
tools (Jira, or Confluence) -At this time, Capital One will not
sponsor a new applicant for employment authorization for this
position. -The minimum and maximum full-time annual salaries for
this role are listed below, by location. Please note that this
salary information is solely for candidates hired to perform work
within one of these locations, and refers to the amount Capital One
is willing to pay at the time of this posting. Salaries for
part-time roles will be prorated based upon the agreed upon number
of hours to be regularly worked.New York City (Hybrid On-Site):
$160,200 - $182,800 for Manager, Cyber Risk & AnalysisCandidates
hired to work in other locations will be subject to the pay range
associated with that location, and the actual annualized salary
amount offered to any candidate at the time of hire will be
reflected solely in the candidate's offer letter.This role is also
eligible to earn performance based incentive compensation, which
may include cash bonus(es) and/or long term incentives (LTI).
Incentives could be discretionary or non discretionary depending on
the plan.Capital One offers a comprehensive, competitive, and
inclusive set of health, financial and other benefits that support
your total well-being. Learn more at the -. Eligibility varies
based on full or part-time status, exempt or non-exempt status, and
management level.No agencies please. Capital One is an Equal
Opportunity Employer committed to diversity and inclusion in the
workplace. All qualified applicants will receive consideration for
employment without regard to sex, race, color, age, national
origin, religion, physical and mental disability, genetic
information, marital status, sexual orientation, gender
identity/assignment, citizenship, pregnancy or maternity, protected
veteran status, or any other status prohibited by applicable
national, federal, state or local law. Capital One promotes a
drug-free workplace. Capital One will consider for employment
qualified applicants with a criminal history in a manner consistent
with the requirements of applicable laws regarding criminal
background inquiries, including, to the extent applicable, Article
23-A of the New York Correction Law; San Francisco, California
Police Code Article 49, Sections 4901-4920; New York City's Fair
Chance Act; Philadelphia's Fair Criminal Records Screening Act; and
other applicable federal, state, and local laws and regulations
regarding criminal background inquiries.If you have visited our
website in search of information on employment opportunities or to
apply for a position, and you require an accommodation, please
contact Capital One Recruiting at 1-800-304-9102 or via email at
RecruitingAccommodation@capitalone.com. All information you provide
will be kept confidential and will be used only to the extent
required to provide needed reasonable accommodations.For technical
support or questions about Capital One's recruiting process, please
send an email to Careers@capitalone.comCapital One does not
provide, endorse nor guarantee and is not liable for third-party
products, services, educational tools or other information
available through this site.Capital One Financial is made up of
several different entities. Please note that any position posted in
Canada is for Capital One Canada, any position posted in the United
Kingdom is for Capital One Europe and any position posted in the
Philippines is for Capital One Philippines Service Corp.
(COPSSC).
Keywords: Capital One, Hartford , Tech Risk Advisor, Technology Risk Manager, IT / Software / Systems , Hartford, Connecticut
Didn't find what you're looking for? Search again!
Loading more jobs...