Risk Remediation Assessor

Risk Remediation Assessor

Nottingham Trent House, United Kingdom, Nottingham.

Capital One has a team of Information Security specialists who focus on security, relationship management, risk assessment, and resolution of complex information security issues related to Capital One’s third parties. The Cyber Third Party Risk Reduction (CTPRR) program defines the framework and conducts assessments that enable the business to protect sensitive information, physical assets, and confirm the Third Parties’ ability to provide continual services.

• Support kick‑off, planning and scoping activities for cyber‑focused risk assessments, working with cross‑functional resources to understand the operational and technical aspects of Third Party engagement.
• Analyze Third Party control environment data against Capital One security expectations; interpret information security requirements and apply them to specific situations.
• Review and support execution and delivery of reports including executive summaries and work papers detailing evidence reviewed and identified gaps.
• Maintain relationships with Third Party management and other Enterprise colleagues to manage expectations of assessments and remediation, including timing and deliverables.
• Ensure compliance with program processes and procedures.
• Maintain a thorough understanding of program controls, intent, and test procedures.
• Support third parties in managing and remediating risks identified through assessments.
• Travel 10‑25%, which may include off‑site locations, to perform multi‑day assessments.
• Identify and support initiatives to drive ongoing process improvements.

• Perform cyber‑focused assessments of Capital One third parties, identify risks and deliver high‑quality reports.
• Provide consultative services related to third party security while applying risk‑based judgment to information security issues.
• Drive risk remediation through advice and challenge.
• Ensure risk is appropriately managed and escalated.
• Assist Third Parties, Third Party Managers, or Accountable Executives with understanding risks identified.

• Experience in Information Security.
• Experience in Supply Chain Management.
• Experience in a Risk Management role related to Information Security, Business Continuity Management, or Supply Chain Management.
• Experience with risk assessments encompassing PCI DSS, NIST Framework, physical security controls, or IT operations management.
• Experience communicating and presenting to senior management.
• CISSP, CISA, or CRISC certification.

This is a permanent position based in our Nottingham office.

We have a hybrid working model that gives you flexibility to work from our offices and from home.

You’ll be based in our Nottingham office three days a week on Tuesdays, Wednesdays and Thursdays. Many of our associates have flexible working arrangements, and we’re open to discussing an arrangement that works for you.

• Contribution to the roadmap of an organisation committed to transformation.
• Strong and diverse career progression, with training programs through Capital One University and external providers.
• Immediate access to core benefits including pension scheme, bonus, generous holiday entitlement and private medical insurance – with flexible benefits such as season‑ticket loans, cycle‑to‑work scheme and enhanced parental leave.
• Open‑plan work spaces and accessible facilities designed to inspire and support you; the Nottingham head‑office has a fully‑serviced gym, subsidised restaurant, mindfulness and music rooms.

Capital One is committed to diversity in the workplace.