Risk Remediation Assessor

About the Role

Capital One has a team of Information Security specialists who focus on security and risk assessment for third parties. The Cyber Third Party Risk Reduction (CTPRR) program defines the framework and conducts assessments that enable the business to protect sensitive information, physical assets, and confirm the Third Parties’ ability to provide continuous services. This role partners with internal and external stakeholders to deliver thorough third‑party due diligence, evaluate security environments, and produce quality assessment reports.

• Support kick‑off, planning and scoping activities for cyber‑focused risk assessments.
• Work with cross‑functional resources to understand operational and technical aspects of Third‑Party engagement.
• Analyze Third‑Party control environment data against Capital One security expectations and interpret requirements.
• Review and support execution and delivery of reports, including executive summaries and work papers detailing evidence, gaps, and remediation.
• Maintain relationships with Third‑Party management and other Enterprise colleagues to manage expectations and timelines.
• Ensure compliance with program processes and procedures.
• Maintain understanding of program controls, intent, and test procedures.
• Support Third‑parties in managing and remediating risks identified through assessments.
• Travel 10‑25% for multi‑day assessments, possibly off‑site.
• Identify and support initiatives to drive ongoing process improvements.

• Perform cyber‑focused assessments, identify risks, and deliver high‑quality reports.
• Provide consultative services related to Third‑Party security while applying risk‑based judgment.
• Drive risk remediation through advice and challenge.
• Ensure risks are managed and escalated appropriately.
• Assist Third Parties, Managers, or Executives with understanding identified risks.

• Experience in Information Security.
• Experience in Supply Chain Management.
• Experience in a risk management role related to information security, business continuity, or supply chain.
• Experience with risk assessments covering PCI DSS, NIST Framework, physical security controls, or IT operations.
• Strong communication and presentation skills to senior management.
• CISSP, CISA, or CRISC certification preferred.

Permanent position based in Nottingham with a hybrid model. Work from the Nottingham office on Tuesdays, Wednesdays, and Thursdays; remainder teleworking allowed.

• Pension scheme, bonus, generous holiday entitlement, and private medical insurance.
• Flexible benefits including season‑ticket loans and cycle‑to‑work scheme.
• Enhanced parental leave.
• On‑site gym, subsidised restaurant, mindfulness and music rooms.