Senior Associate, Technology Controls Testing - Enterprise Services Risk

* Perform independent control testing activities and document results.
* Uses code to perform and/or automate analysis and repeatable tasks. Leverages tools [e.g. Python/SQL] to extract and analyze data. Visualize and create charts to support testing efforts.
* Maintains a broad understanding of relevant operating systems and their respective vulnerabilities in order to quickly identify the severity of potential issues [doesn't just know how the tools and reports work, but also how to recognize risk].
* Demonstrates a broad understanding of major categories of cyber threats, how those threats can occur in our environment, and the measures required to safeguard the enterprise.
* Leverages reporting & tools [doesn't build them] to perform analysis on different types of projects, efforts, or datasets & uses data to inform policies and drive change.
* Possesses an understanding of technology systems at an aggregate level, including networks, applications, cloud computing, and data.
* Quickly and accurately analyzes data, assesses risk, & prioritizes published vulnerabilities and potential risks to differentiate critical, high-risk, and low-risk issues, and escalate as appropriate.
* Researches, assembles, and/or evaluates information regarding industry practices or applicable regulatory changes affecting cyber security policies or programs; recommends sound, practical solutions to complex issues.
* Makes recommendations regarding changes to policy, procedures, and control programs to mitigate evolving risks.
* Effectively self-challenges cyber control programs as part of first line duties and escalates risks where appropriate.
* Demonstrates sound lifecycle program management to include documenting and communicating action plans, impediments and risks, and stakeholder engagement.
* Reports on vulnerability assessment to ensure proper functionality and alignment with Information Security Standards [able to understand and explain, but not required to resolve].
* High School Diploma, GED or Equivalent Certification
* At least 2 years of experience in Risk Management, Process Management, Project Management, or a combination of these
* At least 2 years of experience in technology or cyber security risk management
* At least 1 year of experience working with at least one scripting language
* Bachelor's Degree or Military Experience
* 2+ years of experience testing Technology controls
* Risk Certifications (CRISC, CISM, CRCM, CIPP, CISA, CISSP, ABA Risk Mgmt Certification)
* 3+ years of Risk Management experience in Cyber or Information Security
* Project Management experience leading cross functional projects in Risk
* Experience with AWS, GCP, or Azure cloud technologies
* Strong communication and presentation skills
* Experience with security operations, data loss prevention, or access management
* Scripting experience in Python or SQL Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.
#J-18808-Ljbffr