Senior Associate, Technology Controls Testing - Enterprise Services Risk

• Risk Certifications (CRISC, CISM, CRCM, CIPP, CISA, CISSP, ABA Risk Mgmt Certification)

The Enterprise Services Risk organization is expanding with a focus on attracting innovative, pioneering, collaborative, and highly skilled professionals. We operate at the forefront of risk management, providing support for novel and developing technologies, as well as critical business strategies. Diverse perspectives and experiences are valued as we work to redefine the financial sector.

As a Senior Associate in Capital One’s Enterprise Services (ES) Core Risk, you will apply your risk management skills to the company’s Technology organization. You will partner across Enterprise Services, Divisional CIO, and Information Security teams to develop and support best‑in‑class industry risk solutions in a manner that supports innovation and protects our customers, shareholders, and associates. As a member of the 1st line controls testing team, you will collaborate with other 1st, 2nd, and 3rd line teams to monitor and test processes and control environments, report results, and evaluate compliance with Cyber Security requirements and regulations for the Technology organization.

Your contributions will drive insight into risk and control performance, and organizational change through risk identification, measurement, analysis and reporting to enable better management of technology risks in an open and collaborative environment.

The Technology and SOX Automation team, within Enterprise Services Core Risk Controls Governance and Testing (CGT), is seeking an experienced, highly motivated Technology Controls Testing specialist, with strong interest in process maturity, cybersecurity, identity and access management (IAM), and cloud technologies. A clear understanding of requirements, controls, and testing methodologies is necessary for this role. The ideal candidate will design and execute test plans, identify process and control gaps, and compose clear and concise findings to document shortcomings.

The ability to clearly communicate results is imperative. This role requires multitasking and prioritizing assignments in a dynamic, fast‑paced environment, and offers the opportunity to learn new technologies, build relationships across technology divisions, and materially contribute to process enhancements to reduce risk.

• Perform independent control testing activities and document results.
• Use code to perform and/or automate analysis and repeatable tasks; leverage tools such as Python/SQL to extract and analyze data; visualize and create charts to support testing efforts.
• Maintain a broad understanding of relevant operating systems and their vulnerabilities to quickly identify the severity of potential issues.
• Demonstrate a broad understanding of major categories of cyber threats, how they can occur in our environment, and the measures required to safeguard the enterprise.
• Use reporting and tools (without building them) to perform analysis on different types of projects, efforts, or datasets, and use data to inform policies and drive change.
• Possess an understanding of technology systems at an aggregate level, including networks, applications, cloud computing, and data.
• Quickly and accurately analyze data, assess risk, and prioritize published vulnerabilities and potential risks to differentiate critical, high‑risk, and low‑risk issues, escalating as appropriate.
• Research, assemble, and evaluate information regarding industry practices or applicable regulatory changes affecting cyber security policies or programs; recommend sound, practical solutions to complex issues.
• Make recommendations regarding changes to policy, procedures, and control programs to mitigate evolving risks.
• Effectively self‑challenge cyber control programs as part of first line duties and escape risks where appropriate.
• Demonstrate sound lifecycle program management, including documenting and communicating action plans, impediments, risks, and stakeholder engagement.
• Report on vulnerability assessment to ensure proper functionality and alignment with Information Security Standards.

• High School Diploma, GED or Equivalent…